diff --git a/config/installbundle/release-manifests/autopilot/kustomization.yaml b/config/installbundle/release-manifests/autopilot/kustomization.yaml index 74b265f890..28592c8acb 100644 --- a/config/installbundle/release-manifests/autopilot/kustomization.yaml +++ b/config/installbundle/release-manifests/autopilot/kustomization.yaml @@ -16,7 +16,7 @@ namespace: configconnector-operator-system commonLabels: cnrm.cloud.google.com/operator-system: "true" commonAnnotations: - cnrm.cloud.google.com/operator-version: "1.124.0-rc.1" + cnrm.cloud.google.com/operator-version: "1.126.0-rc.1" resources: - crds.yaml - rbac.yaml diff --git a/config/installbundle/release-manifests/standard/kustomization.yaml b/config/installbundle/release-manifests/standard/kustomization.yaml index 74b265f890..28592c8acb 100644 --- a/config/installbundle/release-manifests/standard/kustomization.yaml +++ b/config/installbundle/release-manifests/standard/kustomization.yaml @@ -16,7 +16,7 @@ namespace: configconnector-operator-system commonLabels: cnrm.cloud.google.com/operator-system: "true" commonAnnotations: - cnrm.cloud.google.com/operator-version: "1.124.0-rc.1" + cnrm.cloud.google.com/operator-version: "1.126.0-rc.1" resources: - crds.yaml - rbac.yaml diff --git a/operator/autopilot-channels/packages/configconnector/1.126.0-rc.1/cluster/gcp-identity/0-cnrm-system.yaml b/operator/autopilot-channels/packages/configconnector/1.126.0-rc.1/cluster/gcp-identity/0-cnrm-system.yaml new file mode 100644 index 0000000000..7b2e39e43e --- /dev/null +++ b/operator/autopilot-channels/packages/configconnector/1.126.0-rc.1/cluster/gcp-identity/0-cnrm-system.yaml @@ -0,0 +1,2827 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-controller-manager + namespace: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-resource-stats-recorder + namespace: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-manager + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-cnrm-system-role + namespace: cnrm-system +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-cnrm-system-role + namespace: cnrm-system +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/system: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + name: cnrm-admin +rules: +- apiGroups: + - accesscontextmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - alloydb.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apigateway.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apigee.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apikeys.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - appengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - artifactregistry.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - beyondcorp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigquery.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigqueryanalyticshub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigqueryconnection.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigquerydatapolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigquerydatatransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigqueryreservation.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigtable.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - billingbudgets.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - binaryauthorization.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - certificatemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudasset.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudbuild.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudfunctions.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudfunctions2.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudidentity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudids.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudiot.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudscheduler.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudtasks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - compute.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - configcontroller.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - container.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - containeranalysis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - containerattached.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - datacatalog.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dataflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dataform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - datafusion.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dataproc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - datastore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - datastream.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - deploymentmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dialogflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dialogflowcx.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - discoveryengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dlp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dns.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - documentai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - edgecontainer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - edgenetwork.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - essentialcontacts.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - eventarc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - filestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firebase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firebasedatabase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firebasehosting.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firebasestorage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - gkebackup.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - gkehub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - healthcare.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - iam.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - iap.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - identityplatform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - kms.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - logging.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - memcache.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - memorystore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - mlengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - monitoring.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networkconnectivity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networkmanagement.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networksecurity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networkservices.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - notebooks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - orgpolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - osconfig.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - oslogin.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - privateca.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - privilegedaccessmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - pubsub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - pubsublite.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - recaptchaenterprise.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - redis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - resourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - run.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - secretmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - securesourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - securitycenter.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - servicedirectory.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - servicenetworking.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - serviceusage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - sourcerepo.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - spanner.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - sql.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - storage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - storagetransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tags.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tpu.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - vertexai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - vpcaccess.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - workflows.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - workstations.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-cluster-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - servicemappings + verbs: + - get + - list + - watch +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-ns-role +rules: +- apiGroups: + - "" + resources: + - events + - configmaps + - secrets + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-recorder-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/system: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: cnrm-viewer +rules: +- apiGroups: + - accesscontextmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - alloydb.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apigateway.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apigee.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apikeys.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - appengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - artifactregistry.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - beyondcorp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquery.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryanalyticshub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryconnection.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquerydatapolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquerydatatransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryreservation.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigtable.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - billingbudgets.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - binaryauthorization.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - certificatemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudasset.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudbuild.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudfunctions.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudfunctions2.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudidentity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudids.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudiot.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudscheduler.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudtasks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - compute.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - configcontroller.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - container.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - containeranalysis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - containerattached.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datacatalog.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dataflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dataform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datafusion.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dataproc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datastore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datastream.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - deploymentmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dialogflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dialogflowcx.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - discoveryengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dlp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dns.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - documentai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - edgecontainer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - edgenetwork.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - essentialcontacts.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - eventarc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - filestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasedatabase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasehosting.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasestorage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - gkebackup.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - gkehub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - healthcare.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - iam.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - iap.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - identityplatform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - kms.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - logging.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - memcache.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - memorystore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - mlengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - monitoring.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networkconnectivity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networkmanagement.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networksecurity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networkservices.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - notebooks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - orgpolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - osconfig.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - oslogin.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - privateca.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - privilegedaccessmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - pubsub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - pubsublite.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - recaptchaenterprise.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - redis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - resourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - run.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - secretmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - securesourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - securitycenter.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - servicedirectory.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - servicenetworking.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - serviceusage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - sourcerepo.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - spanner.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - sql.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - storage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - storagetransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - tags.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - tpu.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - vertexai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - vpcaccess.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - workflows.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - workstations.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-role +rules: +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - servicemappings + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-role-binding + namespace: cnrm-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cnrm-deletiondefender-cnrm-system-role +subjects: +- kind: ServiceAccount + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-role-binding + namespace: cnrm-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cnrm-webhook-cnrm-system-role +subjects: +- kind: ServiceAccount + name: cnrm-webhook-manager + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-admin-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-admin +subjects: +- kind: ServiceAccount + name: cnrm-controller-manager + namespace: cnrm-system +- kind: ServiceAccount + name: cnrm-resource-stats-recorder + namespace: cnrm-system +- kind: ServiceAccount + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-deletiondefender-role +subjects: +- kind: ServiceAccount + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-manager-cluster-role +subjects: +- kind: ServiceAccount + name: cnrm-controller-manager + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-watcher-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-manager-ns-role +subjects: +- kind: ServiceAccount + name: cnrm-controller-manager + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-recorder-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-recorder-role +subjects: +- kind: ServiceAccount + name: cnrm-resource-stats-recorder + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-webhook-role +subjects: +- kind: ServiceAccount + name: cnrm-webhook-manager + namespace: cnrm-system +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender + namespace: cnrm-system +spec: + ports: + - name: deletiondefender + port: 443 + selector: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + prometheus.io/port: "8888" + prometheus.io/scrape: "true" + labels: + cnrm.cloud.google.com/monitored: "true" + cnrm.cloud.google.com/system: "true" + name: cnrm-manager + namespace: cnrm-system +spec: + ports: + - name: controller-manager + port: 443 + - name: metrics + port: 8888 + selector: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/system: "true" +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + prometheus.io/port: "48797" + prometheus.io/scrape: "true" + labels: + cnrm.cloud.google.com/monitored: "true" + cnrm.cloud.google.com/system: "true" + name: cnrm-resource-stats-recorder-service + namespace: cnrm-system +spec: + ports: + - name: metrics + port: 8888 + targetPort: 48797 + selector: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" + name: cnrm-resource-stats-recorder + namespace: cnrm-system +spec: + replicas: 1 + revisionHistoryLimit: 1 + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" + strategy: + type: Recreate + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" + spec: + containers: + - args: + - --prometheus-scrape-endpoint=:48797 + - --metric-interval=60 + command: + - /configconnector/recorder + env: + - name: CONFIG_CONNECTOR_VERSION + value: 1.126.0-rc.1 + image: gcr.io/gke-release/cnrm/recorder:1.126.0-rc.1 + imagePullPolicy: Always + name: recorder + ports: + - containerPort: 48797 + protocol: TCP + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 64Mi + requests: + cpu: 20m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + hostNetwork: false + serviceAccountName: cnrm-resource-stats-recorder + terminationGracePeriodSeconds: 10 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-webhook-manager + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-manager + namespace: cnrm-system +spec: + revisionHistoryLimit: 1 + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-webhook-manager + cnrm.cloud.google.com/system: "true" + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-webhook-manager + cnrm.cloud.google.com/system: "true" + spec: + containers: + - command: + - /configconnector/webhook + env: + - name: GOMEMLIMIT + value: 110MiB + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/gke-release/cnrm/webhook:1.126.0-rc.1 + imagePullPolicy: Always + name: webhook + ports: + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 128Mi + requests: + cpu: 250m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + serviceAccountName: cnrm-webhook-manager + terminationGracePeriodSeconds: 10 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/system: "true" + name: cnrm-controller-manager + namespace: cnrm-system +spec: + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/system: "true" + serviceName: cnrm-manager + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/system: "true" + spec: + containers: + - args: + - --prometheus-scrape-endpoint=:8888 + command: + - /configconnector/manager + env: + - name: GOOGLE_APPLICATION_CREDENTIALS + value: /var/secrets/google/key.json + image: gcr.io/gke-release/cnrm/controller:1.126.0-rc.1 + imagePullPolicy: Always + name: manager + ports: + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /var/secrets/google + name: gcp-service-account + enableServiceLinks: false + serviceAccountName: cnrm-controller-manager + terminationGracePeriodSeconds: 10 + volumes: + - name: gcp-service-account + secret: + secretName: gcp-key +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender + namespace: cnrm-system +spec: + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" + serviceName: cnrm-deletiondefender + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" + spec: + containers: + - command: + - /configconnector/deletiondefender + image: gcr.io/gke-release/cnrm/deletiondefender:1.126.0-rc.1 + imagePullPolicy: Always + name: deletiondefender + ports: + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 1Gi + requests: + cpu: 250m + memory: 1Gi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + serviceAccountName: cnrm-deletiondefender + terminationGracePeriodSeconds: 10 +--- +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + annotations: + autoscaling.alpha.kubernetes.io/metrics: '[{"type":"Resource","resource":{"name":"memory","targetAverageUtilization":70}}]' + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook + namespace: cnrm-system +spec: + maxReplicas: 20 + minReplicas: 2 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: cnrm-webhook-manager + targetCPUUtilizationPercentage: 70 diff --git a/operator/autopilot-channels/packages/configconnector/1.126.0-rc.1/cluster/workload-identity/0-cnrm-system.yaml b/operator/autopilot-channels/packages/configconnector/1.126.0-rc.1/cluster/workload-identity/0-cnrm-system.yaml new file mode 100644 index 0000000000..dbd9fda312 --- /dev/null +++ b/operator/autopilot-channels/packages/configconnector/1.126.0-rc.1/cluster/workload-identity/0-cnrm-system.yaml @@ -0,0 +1,2818 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + iam.gke.io/gcp-service-account: cnrm-system@${PROJECT_ID?}.iam.gserviceaccount.com + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-controller-manager + namespace: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-resource-stats-recorder + namespace: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-manager + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-cnrm-system-role + namespace: cnrm-system +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-cnrm-system-role + namespace: cnrm-system +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/system: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + name: cnrm-admin +rules: +- apiGroups: + - accesscontextmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - alloydb.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apigateway.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apigee.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apikeys.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - appengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - artifactregistry.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - beyondcorp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigquery.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigqueryanalyticshub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigqueryconnection.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigquerydatapolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigquerydatatransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigqueryreservation.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigtable.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - billingbudgets.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - binaryauthorization.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - certificatemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudasset.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudbuild.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudfunctions.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudfunctions2.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudidentity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudids.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudiot.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudscheduler.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudtasks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - compute.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - configcontroller.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - container.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - containeranalysis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - containerattached.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - datacatalog.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dataflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dataform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - datafusion.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dataproc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - datastore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - datastream.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - deploymentmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dialogflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dialogflowcx.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - discoveryengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dlp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dns.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - documentai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - edgecontainer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - edgenetwork.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - essentialcontacts.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - eventarc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - filestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firebase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firebasedatabase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firebasehosting.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firebasestorage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - gkebackup.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - gkehub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - healthcare.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - iam.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - iap.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - identityplatform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - kms.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - logging.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - memcache.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - memorystore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - mlengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - monitoring.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networkconnectivity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networkmanagement.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networksecurity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networkservices.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - notebooks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - orgpolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - osconfig.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - oslogin.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - privateca.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - privilegedaccessmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - pubsub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - pubsublite.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - recaptchaenterprise.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - redis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - resourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - run.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - secretmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - securesourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - securitycenter.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - servicedirectory.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - servicenetworking.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - serviceusage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - sourcerepo.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - spanner.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - sql.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - storage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - storagetransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tags.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tpu.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - vertexai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - vpcaccess.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - workflows.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - workstations.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-cluster-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - servicemappings + verbs: + - get + - list + - watch +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-ns-role +rules: +- apiGroups: + - "" + resources: + - events + - configmaps + - secrets + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-recorder-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/system: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: cnrm-viewer +rules: +- apiGroups: + - accesscontextmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - alloydb.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apigateway.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apigee.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apikeys.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - appengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - artifactregistry.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - beyondcorp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquery.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryanalyticshub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryconnection.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquerydatapolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquerydatatransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryreservation.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigtable.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - billingbudgets.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - binaryauthorization.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - certificatemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudasset.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudbuild.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudfunctions.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudfunctions2.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudidentity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudids.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudiot.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudscheduler.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudtasks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - compute.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - configcontroller.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - container.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - containeranalysis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - containerattached.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datacatalog.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dataflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dataform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datafusion.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dataproc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datastore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datastream.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - deploymentmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dialogflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dialogflowcx.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - discoveryengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dlp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dns.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - documentai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - edgecontainer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - edgenetwork.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - essentialcontacts.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - eventarc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - filestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasedatabase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasehosting.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasestorage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - gkebackup.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - gkehub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - healthcare.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - iam.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - iap.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - identityplatform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - kms.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - logging.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - memcache.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - memorystore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - mlengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - monitoring.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networkconnectivity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networkmanagement.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networksecurity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networkservices.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - notebooks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - orgpolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - osconfig.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - oslogin.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - privateca.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - privilegedaccessmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - pubsub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - pubsublite.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - recaptchaenterprise.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - redis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - resourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - run.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - secretmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - securesourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - securitycenter.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - servicedirectory.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - servicenetworking.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - serviceusage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - sourcerepo.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - spanner.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - sql.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - storage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - storagetransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - tags.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - tpu.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - vertexai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - vpcaccess.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - workflows.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - workstations.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-role +rules: +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - servicemappings + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-role-binding + namespace: cnrm-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cnrm-deletiondefender-cnrm-system-role +subjects: +- kind: ServiceAccount + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-role-binding + namespace: cnrm-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cnrm-webhook-cnrm-system-role +subjects: +- kind: ServiceAccount + name: cnrm-webhook-manager + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-admin-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-admin +subjects: +- kind: ServiceAccount + name: cnrm-controller-manager + namespace: cnrm-system +- kind: ServiceAccount + name: cnrm-resource-stats-recorder + namespace: cnrm-system +- kind: ServiceAccount + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-deletiondefender-role +subjects: +- kind: ServiceAccount + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-manager-cluster-role +subjects: +- kind: ServiceAccount + name: cnrm-controller-manager + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-watcher-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-manager-ns-role +subjects: +- kind: ServiceAccount + name: cnrm-controller-manager + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-recorder-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-recorder-role +subjects: +- kind: ServiceAccount + name: cnrm-resource-stats-recorder + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-webhook-role +subjects: +- kind: ServiceAccount + name: cnrm-webhook-manager + namespace: cnrm-system +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender + namespace: cnrm-system +spec: + ports: + - name: deletiondefender + port: 443 + selector: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + prometheus.io/port: "8888" + prometheus.io/scrape: "true" + labels: + cnrm.cloud.google.com/monitored: "true" + cnrm.cloud.google.com/system: "true" + name: cnrm-manager + namespace: cnrm-system +spec: + ports: + - name: controller-manager + port: 443 + - name: metrics + port: 8888 + selector: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/system: "true" +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + prometheus.io/port: "48797" + prometheus.io/scrape: "true" + labels: + cnrm.cloud.google.com/monitored: "true" + cnrm.cloud.google.com/system: "true" + name: cnrm-resource-stats-recorder-service + namespace: cnrm-system +spec: + ports: + - name: metrics + port: 8888 + targetPort: 48797 + selector: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" + name: cnrm-resource-stats-recorder + namespace: cnrm-system +spec: + replicas: 1 + revisionHistoryLimit: 1 + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" + strategy: + type: Recreate + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" + spec: + containers: + - args: + - --prometheus-scrape-endpoint=:48797 + - --metric-interval=60 + command: + - /configconnector/recorder + env: + - name: CONFIG_CONNECTOR_VERSION + value: 1.126.0-rc.1 + image: gcr.io/gke-release/cnrm/recorder:1.126.0-rc.1 + imagePullPolicy: Always + name: recorder + ports: + - containerPort: 48797 + protocol: TCP + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 64Mi + requests: + cpu: 20m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + hostNetwork: false + serviceAccountName: cnrm-resource-stats-recorder + terminationGracePeriodSeconds: 10 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-webhook-manager + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-manager + namespace: cnrm-system +spec: + revisionHistoryLimit: 1 + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-webhook-manager + cnrm.cloud.google.com/system: "true" + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-webhook-manager + cnrm.cloud.google.com/system: "true" + spec: + containers: + - command: + - /configconnector/webhook + env: + - name: GOMEMLIMIT + value: 110MiB + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/gke-release/cnrm/webhook:1.126.0-rc.1 + imagePullPolicy: Always + name: webhook + ports: + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 128Mi + requests: + cpu: 250m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + serviceAccountName: cnrm-webhook-manager + terminationGracePeriodSeconds: 10 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/system: "true" + name: cnrm-controller-manager + namespace: cnrm-system +spec: + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/system: "true" + serviceName: cnrm-manager + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/system: "true" + spec: + containers: + - args: + - --prometheus-scrape-endpoint=:8888 + command: + - /configconnector/manager + image: gcr.io/gke-release/cnrm/controller:1.126.0-rc.1 + imagePullPolicy: Always + name: manager + ports: + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + serviceAccountName: cnrm-controller-manager + terminationGracePeriodSeconds: 10 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender + namespace: cnrm-system +spec: + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" + serviceName: cnrm-deletiondefender + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" + spec: + containers: + - command: + - /configconnector/deletiondefender + image: gcr.io/gke-release/cnrm/deletiondefender:1.126.0-rc.1 + imagePullPolicy: Always + name: deletiondefender + ports: + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 1Gi + requests: + cpu: 250m + memory: 1Gi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + serviceAccountName: cnrm-deletiondefender + terminationGracePeriodSeconds: 10 +--- +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + annotations: + autoscaling.alpha.kubernetes.io/metrics: '[{"type":"Resource","resource":{"name":"memory","targetAverageUtilization":70}}]' + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook + namespace: cnrm-system +spec: + maxReplicas: 20 + minReplicas: 2 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: cnrm-webhook-manager + targetCPUUtilizationPercentage: 70 diff --git a/operator/autopilot-channels/packages/configconnector/1.126.0-rc.1/crds.yaml b/operator/autopilot-channels/packages/configconnector/1.126.0-rc.1/crds.yaml new file mode 100644 index 0000000000..5bfadc9ac1 --- /dev/null +++ b/operator/autopilot-channels/packages/configconnector/1.126.0-rc.1/crds.yaml @@ -0,0 +1,134485 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanageraccesslevelconditions.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerAccessLevelCondition + plural: accesscontextmanageraccesslevelconditions + shortNames: + - gcpaccesscontextmanageraccesslevelcondition + - gcpaccesscontextmanageraccesslevelconditions + singular: accesscontextmanageraccesslevelcondition + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + accessLevelRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AccessContextManagerAccessLevel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + devicePolicy: + description: |- + Immutable. Device specific restrictions, all restrictions must hold for + the Condition to be true. If not specified, all devices are + allowed. + properties: + allowedDeviceManagementLevels: + description: |- + Immutable. A list of allowed device management levels. + An empty list allows all management levels. Possible values: ["MANAGEMENT_UNSPECIFIED", "NONE", "BASIC", "COMPLETE"]. + items: + type: string + type: array + allowedEncryptionStatuses: + description: |- + Immutable. A list of allowed encryptions statuses. + An empty list allows all statuses. Possible values: ["ENCRYPTION_UNSPECIFIED", "ENCRYPTION_UNSUPPORTED", "UNENCRYPTED", "ENCRYPTED"]. + items: + type: string + type: array + osConstraints: + description: |- + Immutable. A list of allowed OS versions. + An empty list allows all types and all versions. + items: + properties: + minimumVersion: + description: |- + Immutable. The minimum allowed OS version. If not set, any version + of this OS satisfies the constraint. + Format: "major.minor.patch" such as "10.5.301", "9.2.1". + type: string + osType: + description: 'Immutable. The operating system type of the + device. Possible values: ["OS_UNSPECIFIED", "DESKTOP_MAC", + "DESKTOP_WINDOWS", "DESKTOP_LINUX", "DESKTOP_CHROME_OS", + "ANDROID", "IOS"].' + type: string + required: + - osType + type: object + type: array + requireAdminApproval: + description: Immutable. Whether the device needs to be approved + by the customer admin. + type: boolean + requireCorpOwned: + description: Immutable. Whether the device needs to be corp owned. + type: boolean + requireScreenLock: + description: |- + Immutable. Whether or not screenlock is required for the DevicePolicy + to be true. Defaults to false. + type: boolean + type: object + ipSubnetworks: + description: |- + Immutable. A list of CIDR block IP subnetwork specification. May be IPv4 + or IPv6. + Note that for a CIDR IP address block, the specified IP address + portion must be properly truncated (i.e. all the host bits must + be zero) or the input is considered malformed. For example, + "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, + for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" + is not. The originating IP of a request must be in one of the + listed subnets in order for this Condition to be true. + If empty, all IP addresses are allowed. + items: + type: string + type: array + members: + description: |- + Immutable. An allowed list of members (users, service accounts). + Using groups is not supported yet. + + The signed-in user originating the request must be a part of one + of the provided members. If not specified, a request may come + from any user (logged in/not logged in, not present in any + groups, etc.). + Formats: 'user:{emailid}', 'serviceAccount:{emailid}'. + items: + type: string + type: array + negate: + description: |- + Immutable. Whether to negate the Condition. If true, the Condition becomes + a NAND over its non-empty fields, each field must be false for + the Condition overall to be satisfied. Defaults to false. + type: boolean + regions: + description: |- + Immutable. The request must originate from one of the provided + countries/regions. + Format: A valid ISO 3166-1 alpha-2 code. + items: + type: string + type: array + requiredAccessLevels: + description: |- + Immutable. A list of other access levels defined in the same Policy, + referenced by resource name. Referencing an AccessLevel which + does not exist is an error. All access levels listed must be + granted for the Condition to be true. + Format: accessPolicies/{policy_id}/accessLevels/{short_name}. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The accessLevel of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanageraccesslevels.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerAccessLevel + plural: accesscontextmanageraccesslevels + shortNames: + - gcpaccesscontextmanageraccesslevel + - gcpaccesscontextmanageraccesslevels + singular: accesscontextmanageraccesslevel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + accessPolicyRef: + description: |- + The AccessContextManagerAccessPolicy this + AccessContextManagerAccessLevel lives in. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `accessPolicies/{{value}}`, + where {{value}} is the `name` field of an `AccessContextManagerAccessPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + basic: + description: A set of predefined conditions for the access level and + a combining function. + properties: + combiningFunction: + description: |- + How the conditions list should be combined to determine if a request + is granted this AccessLevel. If AND is used, each Condition in + conditions must be satisfied for the AccessLevel to be applied. If + OR is used, at least one Condition in conditions must be satisfied + for the AccessLevel to be applied. Default value: "AND" Possible values: ["AND", "OR"]. + type: string + conditions: + description: A set of requirements for the AccessLevel to be granted. + items: + properties: + devicePolicy: + description: |- + Device specific restrictions, all restrictions must hold for + the Condition to be true. If not specified, all devices are + allowed. + properties: + allowedDeviceManagementLevels: + description: |- + A list of allowed device management levels. + An empty list allows all management levels. Possible values: ["MANAGEMENT_UNSPECIFIED", "NONE", "BASIC", "COMPLETE"]. + items: + type: string + type: array + allowedEncryptionStatuses: + description: |- + A list of allowed encryptions statuses. + An empty list allows all statuses. Possible values: ["ENCRYPTION_UNSPECIFIED", "ENCRYPTION_UNSUPPORTED", "UNENCRYPTED", "ENCRYPTED"]. + items: + type: string + type: array + osConstraints: + description: |- + A list of allowed OS versions. + An empty list allows all types and all versions. + items: + properties: + minimumVersion: + description: |- + The minimum allowed OS version. If not set, any version + of this OS satisfies the constraint. + Format: "major.minor.patch" such as "10.5.301", "9.2.1". + type: string + osType: + description: 'The operating system type of the + device. Possible values: ["OS_UNSPECIFIED", + "DESKTOP_MAC", "DESKTOP_WINDOWS", "DESKTOP_LINUX", + "DESKTOP_CHROME_OS", "ANDROID", "IOS"].' + type: string + requireVerifiedChromeOs: + description: If you specify DESKTOP_CHROME_OS + for osType, you can optionally include requireVerifiedChromeOs + to require Chrome Verified Access. + type: boolean + required: + - osType + type: object + type: array + requireAdminApproval: + description: Whether the device needs to be approved + by the customer admin. + type: boolean + requireCorpOwned: + description: Whether the device needs to be corp owned. + type: boolean + requireScreenLock: + description: |- + Whether or not screenlock is required for the DevicePolicy + to be true. Defaults to false. + type: boolean + type: object + ipSubnetworks: + description: |- + A list of CIDR block IP subnetwork specification. May be IPv4 + or IPv6. + Note that for a CIDR IP address block, the specified IP address + portion must be properly truncated (i.e. all the host bits must + be zero) or the input is considered malformed. For example, + "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, + for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" + is not. The originating IP of a request must be in one of the + listed subnets in order for this Condition to be true. + If empty, all IP addresses are allowed. + items: + type: string + type: array + members: + items: + description: |- + An allowed list of members (users, service accounts). + Using groups is not supported. + + The signed-in user originating the request must be a part of one + of the provided members. If not specified, a request may come + from any user (logged in/not logged in, not present in any + groups, etc.). + oneOf: + - required: + - serviceAccountRef + - required: + - user + properties: + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format + `serviceAccount:{{value}}`, where {{value}} + is the `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + user: + type: string + type: object + type: array + negate: + description: |- + Whether to negate the Condition. If true, the Condition becomes + a NAND over its non-empty fields, each field must be false for + the Condition overall to be satisfied. Defaults to false. + type: boolean + regions: + description: |- + The request must originate from one of the provided + countries/regions. + Format: A valid ISO 3166-1 alpha-2 code. + items: + type: string + type: array + requiredAccessLevels: + items: + description: |- + A list of other access levels defined in the same policy. + Referencing an AccessContextManagerAccessLevel which does not exist + is an error. All access levels listed must be granted for the + condition to be true. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an + `AccessContextManagerAccessLevel` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + type: array + required: + - conditions + type: object + custom: + description: |- + Custom access level conditions are set using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request. + See CEL spec at: https://github.com/google/cel-spec. + properties: + expr: + description: |- + Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. + This page details the objects and attributes that are used to the build the CEL expressions for + custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. + properties: + description: + description: Description of the expression. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: String indicating the location of the expression + for error reporting, e.g. a file name and a position in + the file. + type: string + title: + description: Title for the expression, i.e. a short string + describing its purpose. + type: string + required: + - expression + type: object + required: + - expr + type: object + description: + description: Description of the AccessLevel and its use. Does not + affect behavior. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + title: + description: Human readable title. Must be unique within the Policy. + type: string + required: + - accessPolicyRef + - title + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanageraccesspolicies.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerAccessPolicy + plural: accesscontextmanageraccesspolicies + shortNames: + - gcpaccesscontextmanageraccesspolicy + - gcpaccesscontextmanageraccesspolicies + singular: accesscontextmanageraccesspolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + title: + description: Human readable title. Does not affect behavior. + type: string + required: + - title + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time the AccessPolicy was created in UTC. + type: string + name: + description: 'Resource name of the AccessPolicy. Format: {policy_id}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Time the AccessPolicy was updated in UTC. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanagergcpuseraccessbindings.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerGCPUserAccessBinding + plural: accesscontextmanagergcpuseraccessbindings + shortNames: + - gcpaccesscontextmanagergcpuseraccessbinding + - gcpaccesscontextmanagergcpuseraccessbindings + singular: accesscontextmanagergcpuseraccessbinding + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + accessLevels: + description: 'Required. Access level that a user must have to be granted + access. Only one access level is supported, not multiple. This repeated + field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted".' + items: + type: string + type: array + groupKey: + description: 'Immutable. Required. Immutable. Google Group id whose + members are subject to this binding''s restrictions. See "id" in + the G Suite Directory API''s Groups resource. If a group''s email + address/alias is changed, this resource will continue to point at + the changed group. This field does not accept group email addresses + or aliases. Example: "01d520gv4vjcrht".' + type: string + organizationRef: + description: The organization that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - accessLevels + - groupKey + - organizationRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'Immutable. Assigned by the server during creation. The + last segment has an arbitrary length and has only URI unreserved + characters (as defined by RFC 3986 Section 2.3). Should not be specified + by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N".' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanagerserviceperimeterresources.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerServicePerimeterResource + plural: accesscontextmanagerserviceperimeterresources + shortNames: + - gcpaccesscontextmanagerserviceperimeterresource + - gcpaccesscontextmanagerserviceperimeterresources + singular: accesscontextmanagerserviceperimeterresource + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + perimeterNameRef: + description: "Only the `external` field is supported to configure + the reference.\n\nThe name of the Service Perimeter to add this + resource to. \nReferencing a resource name leads to recursive reference + and Config Connector does not support the feature for now." + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AccessContextManagerServicePerimeter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceRef: + description: A GCP resource that is inside of the service perimeter. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{value}}`, + where {{value}} is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - perimeterNameRef + - resourceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + perimeterNameRef: + description: "Only the `external` field is supported to configure + the reference.\n\nThe name of the Service Perimeter to add this + resource to. \nReferencing a resource name leads to recursive reference + and Config Connector does not support the feature for now." + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AccessContextManagerServicePerimeter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceRef: + description: A GCP resource that is inside of the service perimeter. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{value}}`, + where {{value}} is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - perimeterNameRef + - resourceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanagerserviceperimeters.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerServicePerimeter + plural: accesscontextmanagerserviceperimeters + shortNames: + - gcpaccesscontextmanagerserviceperimeter + - gcpaccesscontextmanagerserviceperimeters + singular: accesscontextmanagerserviceperimeter + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + accessPolicyRef: + description: |- + The AccessContextManagerAccessPolicy this + AccessContextManagerServicePerimeter lives in. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `accessPolicies/{{value}}`, + where {{value}} is the `name` field of an `AccessContextManagerAccessPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: |- + Description of the ServicePerimeter and its use. Does not affect + behavior. + type: string + perimeterType: + description: |- + Immutable. Specifies the type of the Perimeter. There are two types: regular and + bridge. Regular Service Perimeter contains resources, access levels, + and restricted services. Every resource can be in at most + ONE regular Service Perimeter. + + In addition to being in a regular service perimeter, a resource can also + be in zero or more perimeter bridges. A perimeter bridge only contains + resources. Cross project operations are permitted if all effected + resources share some perimeter (whether bridge or regular). Perimeter + Bridge does not contain access levels or services: those are governed + entirely by the regular perimeter that resource is in. + + Perimeter Bridges are typically useful when building more complex + topologies with many independent perimeters that need to share some data + with a common perimeter, but should not be able to share data among + themselves. Default value: "PERIMETER_TYPE_REGULAR" Possible values: ["PERIMETER_TYPE_REGULAR", "PERIMETER_TYPE_BRIDGE"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + spec: + description: |- + Proposed (or dry run) ServicePerimeter configuration. + This configuration allows to specify and test ServicePerimeter configuration + without enforcing actual access restrictions. Only allowed to be set when + the 'useExplicitDryRunSpec' flag is set. + properties: + accessLevels: + items: + description: |- + (Optional) A list of AccessLevel resource names that allow resources within + the ServicePerimeter to be accessed from the internet. AccessLevels listed + must be in the same policy as this ServicePerimeter. + Referencing a nonexistent AccessLevel is a syntax error. If no + AccessLevel names are listed, resources within the perimeter can + only be accessed via GCP calls with request origins within the + perimeter. For Service Perimeter Bridge, must be empty. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `{{parent}}/accessLevels/{{value}}`, + where {{value}} is the `name` field of an `AccessContextManagerAccessLevel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + egressPolicies: + description: |- + List of EgressPolicies to apply to the perimeter. A perimeter may + have multiple EgressPolicies, each of which is evaluated separately. + Access is granted if any EgressPolicy grants it. Must be empty for + a perimeter bridge. + items: + properties: + egressFrom: + description: Defines conditions on the source of a request + causing this 'EgressPolicy' to apply. + properties: + identities: + items: + description: |- + (Optional) A list of identities that are allowed access through this + EgressPolicy. Should be in the format of email address. The email + address should represent individual user or service account only. + oneOf: + - required: + - serviceAccountRef + - required: + - user + properties: + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `serviceAccount:{{value}}`, where + {{value}} is the `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + user: + type: string + type: object + type: array + identityType: + description: |- + Specifies the type of identities that are allowed access to outside the + perimeter. If left unspecified, then members of 'identities' field will + be allowed access. Possible values: ["IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT"]. + type: string + type: object + egressTo: + description: |- + Defines the conditions on the 'ApiOperation' and destination resources that + cause this 'EgressPolicy' to apply. + properties: + externalResources: + description: |- + A list of external resources that are allowed to be accessed. A request + matches if it contains an external resource in this list (Example: + s3://bucket/path). Currently '*' is not allowed. + items: + type: string + type: array + operations: + description: |- + A list of 'ApiOperations' that this egress rule applies to. A request matches + if it contains an operation/service in this list. + items: + properties: + methodSelectors: + description: |- + API methods or permissions to allow. Method or permission must belong + to the service specified by 'serviceName' field. A single MethodSelector + entry with '*' specified for the 'method' field will allow all methods + AND permissions for the service specified in 'serviceName'. + items: + properties: + method: + description: |- + Value for 'method' should be a valid method name for the corresponding + 'serviceName' in 'ApiOperation'. If '*' used as value for method, + then ALL methods and permissions are allowed. + type: string + permission: + description: |- + Value for permission should be a valid Cloud IAM permission for the + corresponding 'serviceName' in 'ApiOperation'. + type: string + type: object + type: array + serviceName: + description: |- + The name of the API whose methods or permissions the 'IngressPolicy' or + 'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName + field set to '*' will allow all methods AND permissions for all services. + type: string + type: object + type: array + resources: + items: + description: |- + (Optional) A list of resources, currently only projects in the form + "projects/{project_number}". A request + matches if it contains a resource in this list. + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `projects/{{value}}`, where {{value}} + is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + type: object + type: array + ingressPolicies: + description: |- + List of 'IngressPolicies' to apply to the perimeter. A perimeter may + have multiple 'IngressPolicies', each of which is evaluated + separately. Access is granted if any 'Ingress Policy' grants it. + Must be empty for a perimeter bridge. + items: + properties: + ingressFrom: + description: |- + Defines the conditions on the source of a request causing this 'IngressPolicy' + to apply. + properties: + identities: + items: + description: |- + (Optional) A list of identities that are allowed access through this + ingress policy. Should be in the format of email address. The email + address should represent individual user or service account only. + oneOf: + - required: + - serviceAccountRef + - required: + - user + properties: + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `serviceAccount:{{value}}`, where + {{value}} is the `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + user: + type: string + type: object + type: array + identityType: + description: |- + Specifies the type of identities that are allowed access from outside the + perimeter. If left unspecified, then members of 'identities' field will be + allowed access. Possible values: ["IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT"]. + type: string + sources: + description: Sources that this 'IngressPolicy' authorizes + access from. + items: + properties: + accessLevelRef: + description: |- + An AccessLevel resource name that allow resources within the + ServicePerimeters to be accessed from the internet. AccessLevels + listed must be in the same policy as this ServicePerimeter. + Referencing a nonexistent AccessLevel will cause an error. If no + AccessLevel names are listed, resources within the perimeter can + only be accessed via Google Cloud calls with request origins within + the perimeter. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `{{parent}}/accessLevels/{{value}}`, + where {{value}} is the `name` field of an + `AccessContextManagerAccessLevel` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: |- + (Optional) A Google Cloud resource that is allowed to ingress the + perimeter. Requests from these resources will be allowed to access + perimeter data. Currently only projects are allowed. Format + "projects/{project_number}" The project may be in any Google Cloud + organization, not just the organization that the perimeter is defined in. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `projects/{{value}}`, where {{value}} + is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + ingressTo: + description: |- + Defines the conditions on the 'ApiOperation' and request destination that cause + this 'IngressPolicy' to apply. + properties: + operations: + description: |- + A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom' + are allowed to perform in this 'ServicePerimeter'. + items: + properties: + methodSelectors: + description: |- + API methods or permissions to allow. Method or permission must belong to + the service specified by serviceName field. A single 'MethodSelector' entry + with '*' specified for the method field will allow all methods AND + permissions for the service specified in 'serviceName'. + items: + properties: + method: + description: |- + Value for method should be a valid method name for the corresponding + serviceName in 'ApiOperation'. If '*' used as value for 'method', then + ALL methods and permissions are allowed. + type: string + permission: + description: |- + Value for permission should be a valid Cloud IAM permission for the + corresponding 'serviceName' in 'ApiOperation'. + type: string + type: object + type: array + serviceName: + description: |- + The name of the API whose methods or permissions the 'IngressPolicy' or + 'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName' + field set to '*' will allow all methods AND permissions for all services. + type: string + type: object + type: array + resources: + items: + description: |- + A list of resources, currently only projects in the form + "projects/{project_number}", protected by this ServicePerimeter + that are allowed to be accessed by sources defined in the + corresponding IngressFrom. A request matches if it contains a + resource in this list. + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `projects/{{value}}`, where {{value}} + is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + type: object + type: array + resources: + items: + description: |- + (Optional) A list of GCP resources that are inside of the service perimeter. + Currently only projects are allowed. + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{value}}`, + where {{value}} is the `number` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + restrictedServices: + description: |- + GCP services that are subject to the Service Perimeter + restrictions. Must contain a list of services. For example, if + 'storage.googleapis.com' is specified, access to the storage + buckets inside the perimeter must meet the perimeter's access + restrictions. + items: + type: string + type: array + vpcAccessibleServices: + description: |- + Specifies how APIs are allowed to communicate within the Service + Perimeter. + properties: + allowedServices: + description: |- + The list of APIs usable within the Service Perimeter. + Must be empty unless 'enableRestriction' is True. + items: + type: string + type: array + enableRestriction: + description: |- + Whether to restrict API calls within the Service Perimeter to the + list of APIs specified in 'allowedServices'. + type: boolean + type: object + type: object + status: + description: |- + ServicePerimeter configuration. Specifies sets of resources, + restricted services and access levels that determine + perimeter content and boundaries. + properties: + accessLevels: + items: + description: |- + (Optional) A list of AccessLevel resource names that allow resources within + the ServicePerimeter to be accessed from the internet. AccessLevels listed + must be in the same policy as this ServicePerimeter. + Referencing a nonexistent AccessLevel is a syntax error. If no + AccessLevel names are listed, resources within the perimeter can + only be accessed via GCP calls with request origins within the + perimeter. For Service Perimeter Bridge, must be empty. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `{{parent}}/accessLevels/{{value}}`, + where {{value}} is the `name` field of an `AccessContextManagerAccessLevel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + egressPolicies: + description: |- + List of EgressPolicies to apply to the perimeter. A perimeter may + have multiple EgressPolicies, each of which is evaluated separately. + Access is granted if any EgressPolicy grants it. Must be empty for + a perimeter bridge. + items: + properties: + egressFrom: + description: Defines conditions on the source of a request + causing this 'EgressPolicy' to apply. + properties: + identities: + items: + description: |- + (Optional) A list of identities that are allowed access through this + EgressPolicy. Should be in the format of email address. The email + address should represent individual user or service account only. + oneOf: + - required: + - serviceAccountRef + - required: + - user + properties: + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `serviceAccount:{{value}}`, where + {{value}} is the `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + user: + type: string + type: object + type: array + identityType: + description: |- + Specifies the type of identities that are allowed access to outside the + perimeter. If left unspecified, then members of 'identities' field will + be allowed access. Possible values: ["IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT"]. + type: string + type: object + egressTo: + description: |- + Defines the conditions on the 'ApiOperation' and destination resources that + cause this 'EgressPolicy' to apply. + properties: + externalResources: + description: |- + A list of external resources that are allowed to be accessed. A request + matches if it contains an external resource in this list (Example: + s3://bucket/path). Currently '*' is not allowed. + items: + type: string + type: array + operations: + description: |- + A list of 'ApiOperations' that this egress rule applies to. A request matches + if it contains an operation/service in this list. + items: + properties: + methodSelectors: + description: |- + API methods or permissions to allow. Method or permission must belong + to the service specified by 'serviceName' field. A single MethodSelector + entry with '*' specified for the 'method' field will allow all methods + AND permissions for the service specified in 'serviceName'. + items: + properties: + method: + description: |- + Value for 'method' should be a valid method name for the corresponding + 'serviceName' in 'ApiOperation'. If '*' used as value for method, + then ALL methods and permissions are allowed. + type: string + permission: + description: |- + Value for permission should be a valid Cloud IAM permission for the + corresponding 'serviceName' in 'ApiOperation'. + type: string + type: object + type: array + serviceName: + description: |- + The name of the API whose methods or permissions the 'IngressPolicy' or + 'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName + field set to '*' will allow all methods AND permissions for all services. + type: string + type: object + type: array + resources: + items: + description: |- + (Optional) A list of resources, currently only projects in the form + "projects/{project_number}". A request + matches if it contains a resource in this list. + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `projects/{{value}}`, where {{value}} + is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + type: object + type: array + ingressPolicies: + description: |- + List of 'IngressPolicies' to apply to the perimeter. A perimeter may + have multiple 'IngressPolicies', each of which is evaluated + separately. Access is granted if any 'Ingress Policy' grants it. + Must be empty for a perimeter bridge. + items: + properties: + ingressFrom: + description: |- + Defines the conditions on the source of a request causing this 'IngressPolicy' + to apply. + properties: + identities: + items: + description: |- + (Optional) A list of identities that are allowed access through this + EgressPolicy. Should be in the format of email address. The email + address should represent individual user or service account only. + oneOf: + - required: + - serviceAccountRef + - required: + - user + properties: + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `serviceAccount:{{value}}`, where + {{value}} is the `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + user: + type: string + type: object + type: array + identityType: + description: |- + Specifies the type of identities that are allowed access from outside the + perimeter. If left unspecified, then members of 'identities' field will be + allowed access. Possible values: ["IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT"]. + type: string + sources: + description: Sources that this 'IngressPolicy' authorizes + access from. + items: + properties: + accessLevelRef: + description: |- + An AccessLevel resource name that allow resources within the + ServicePerimeters to be accessed from the internet. AccessLevels + listed must be in the same policy as this ServicePerimeter. + Referencing a nonexistent AccessLevel will cause an error. If no + AccessLevel names are listed, resources within the perimeter can + only be accessed via Google Cloud calls with request origins within + the perimeter. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `{{parent}}/accessLevels/{{value}}`, + where {{value}} is the `name` field of an + `AccessContextManagerAccessLevel` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: |- + (Optional) A Google Cloud resource that is allowed to ingress the + perimeter. Requests from these resources will be allowed to access + perimeter data. Currently only projects are allowed. Format + "projects/{project_number}" The project may be in any Google Cloud + organization, not just the organization that the perimeter is defined in. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `projects/{{value}}`, where {{value}} + is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + ingressTo: + description: |- + Defines the conditions on the 'ApiOperation' and request destination that cause + this 'IngressPolicy' to apply. + properties: + operations: + description: |- + A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom' + are allowed to perform in this 'ServicePerimeter'. + items: + properties: + methodSelectors: + description: |- + API methods or permissions to allow. Method or permission must belong to + the service specified by serviceName field. A single 'MethodSelector' entry + with '*' specified for the method field will allow all methods AND + permissions for the service specified in 'serviceName'. + items: + properties: + method: + description: |- + Value for method should be a valid method name for the corresponding + serviceName in 'ApiOperation'. If '*' used as value for 'method', then + ALL methods and permissions are allowed. + type: string + permission: + description: |- + Value for permission should be a valid Cloud IAM permission for the + corresponding 'serviceName' in 'ApiOperation'. + type: string + type: object + type: array + serviceName: + description: |- + The name of the API whose methods or permissions the 'IngressPolicy' or + 'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName' + field set to '*' will allow all methods AND permissions for all services. + type: string + type: object + type: array + resources: + items: + description: |- + A list of resources, currently only projects in the form + "projects/{project_number}", protected by this ServicePerimeter + that are allowed to be accessed by sources defined in the + corresponding IngressFrom. A request matches if it contains a + resource in this list. + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `projects/{{value}}`, where {{value}} + is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + type: object + type: array + resources: + items: + description: |- + (Optional) A list of GCP resources that are inside of the service perimeter. + Currently only projects are allowed. + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{value}}`, + where {{value}} is the `number` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + restrictedServices: + description: |- + GCP services that are subject to the Service Perimeter + restrictions. Must contain a list of services. For example, if + 'storage.googleapis.com' is specified, access to the storage + buckets inside the perimeter must meet the perimeter's access + restrictions. + items: + type: string + type: array + vpcAccessibleServices: + description: |- + Specifies how APIs are allowed to communicate within the Service + Perimeter. + properties: + allowedServices: + description: |- + The list of APIs usable within the Service Perimeter. + Must be empty unless 'enableRestriction' is True. + items: + type: string + type: array + enableRestriction: + description: |- + Whether to restrict API calls within the Service Perimeter to the + list of APIs specified in 'allowedServices'. + type: boolean + type: object + type: object + title: + description: Human readable title. Must be unique within the Policy. + type: string + useExplicitDryRunSpec: + description: |- + Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists + for all Service Perimeters, and that spec is identical to the status for those + Service Perimeters. When this flag is set, it inhibits the generation of the + implicit spec, thereby allowing the user to explicitly provide a + configuration ("spec") to use in a dry-run version of the Service Perimeter. + This allows the user to test changes to the enforced config ("status") without + actually enforcing them. This testing is done through analyzing the differences + between currently enforced and suggested restrictions. useExplicitDryRunSpec must + bet set to True if any of the fields in the spec are set to non-default values. + type: boolean + required: + - accessPolicyRef + - title + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time the AccessPolicy was created in UTC. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Time the AccessPolicy was updated in UTC. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: alloydbbackups.alloydb.cnrm.cloud.google.com +spec: + group: alloydb.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AlloyDBBackup + plural: alloydbbackups + shortNames: + - gcpalloydbbackup + - gcpalloydbbackups + singular: alloydbbackup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clusterNameRef: + description: The full resource name of the backup source cluster (e.g., + projects/{project}/locations/{location}/clusters/{clusterId}). + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AlloyDBCluster` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. User-provided description of the backup. + type: string + encryptionConfig: + description: EncryptionConfig describes the encryption config of a + cluster or a backup that is encrypted with a CMEK (customer-managed + encryption key). + properties: + kmsKeyName: + description: 'Immutable. The fully-qualified resource name of + the KMS key. Each Cloud KMS key is regionalized and has the + following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].' + type: string + type: object + location: + description: Immutable. The location where the alloydb backup should + reside. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The backupId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - clusterNameRef + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time the Backup was created in UTC. + type: string + encryptionInfo: + description: EncryptionInfo describes the encryption information of + a cluster or a backup. + items: + properties: + encryptionType: + description: Output only. Type of encryption. + type: string + kmsKeyVersions: + description: Output only. Cloud KMS key versions that are being + used to protect the database or the backup. + items: + type: string + type: array + type: object + type: array + etag: + description: A hash of the resource. + type: string + name: + description: 'Output only. The name of the backup resource with the + format: * projects/{project}/locations/{region}/backups/{backupId}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + reconciling: + description: If true, indicates that the service is actively updating + the resource. This can happen due to user-triggered updates or system + actions like failover or maintenance. + type: boolean + state: + description: The current state of the backup. + type: string + uid: + description: Output only. The system-generated UID of the resource. + The UID is assigned when the resource is created, and it is retained + until it is deleted. + type: string + updateTime: + description: Time the Backup was updated in UTC. + type: string + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clusterNameRef: + description: The full resource name of the backup source cluster (e.g., + projects/{project}/locations/{location}/clusters/{clusterId}). + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AlloyDBCluster` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. User-provided description of the backup. + type: string + encryptionConfig: + description: EncryptionConfig describes the encryption config of a + cluster or a backup that is encrypted with a CMEK (customer-managed + encryption key). + properties: + kmsKeyName: + description: 'Immutable. The fully-qualified resource name of + the KMS key. Each Cloud KMS key is regionalized and has the + following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].' + type: string + type: object + location: + description: Immutable. The location where the alloydb backup should + reside. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The backupId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - clusterNameRef + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time the Backup was created in UTC. + type: string + encryptionInfo: + description: EncryptionInfo describes the encryption information of + a cluster or a backup. + items: + properties: + encryptionType: + description: Output only. Type of encryption. + type: string + kmsKeyVersions: + description: Output only. Cloud KMS key versions that are being + used to protect the database or the backup. + items: + type: string + type: array + type: object + type: array + etag: + description: A hash of the resource. + type: string + name: + description: 'Output only. The name of the backup resource with the + format: * projects/{project}/locations/{region}/backups/{backupId}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + reconciling: + description: If true, indicates that the service is actively updating + the resource. This can happen due to user-triggered updates or system + actions like failover or maintenance. + type: boolean + state: + description: The current state of the backup. + type: string + uid: + description: Output only. The system-generated UID of the resource. + The UID is assigned when the resource is created, and it is retained + until it is deleted. + type: string + updateTime: + description: Time the Backup was updated in UTC. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: alloydbclusters.alloydb.cnrm.cloud.google.com +spec: + group: alloydb.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AlloyDBCluster + plural: alloydbclusters + shortNames: + - gcpalloydbcluster + - gcpalloydbclusters + singular: alloydbcluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + automatedBackupPolicy: + description: The automated backup policy for this cluster. AutomatedBackupPolicy + is disabled by default. + properties: + backupWindow: + description: |- + The length of the time window during which a backup can be taken. If a backup does not succeed within this time window, it will be canceled and considered failed. + + The backup window must be at least 5 minutes long. There is no upper bound on the window. If not set, it will default to 1 hour. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + enabled: + description: Whether automated backups are enabled. + type: boolean + encryptionConfig: + description: EncryptionConfig describes the encryption config + of a cluster or a backup that is encrypted with a CMEK (customer-managed + encryption key). + properties: + kmsKeyNameRef: + description: '(Optional) The fully-qualified resource name + of the KMS key. Each Cloud KMS key is regionalized and has + the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + labels: + additionalProperties: + type: string + description: Labels to apply to backups created using this configuration. + type: object + location: + description: The location where the backup will be stored. Currently, + the only supported option is to store the backup in the same + region as the cluster. + type: string + quantityBasedRetention: + description: Quantity-based Backup retention policy to retain + recent backups. Conflicts with 'time_based_retention', both + can't be set together. + properties: + count: + description: The number of backups to retain. + type: integer + type: object + timeBasedRetention: + description: Time-based Backup retention policy. Conflicts with + 'quantity_based_retention', both can't be set together. + properties: + retentionPeriod: + description: |- + The retention period. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + type: object + weeklySchedule: + description: Weekly schedule for the Backup. + properties: + daysOfWeek: + description: 'The days of the week to perform a backup. At + least one day of the week must be provided. Possible values: + ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", + "SATURDAY", "SUNDAY"].' + items: + type: string + type: array + startTimes: + description: The times during the day to start a backup. At + least one start time must be provided. The start times are + assumed to be in UTC and to be an exact hour (e.g., 04:00:00). + items: + properties: + hours: + description: Hours of day in 24 hour format. Should + be from 0 to 23. An API may choose to allow the value + "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Minutes of hour of day. Currently, only + the value 0 is supported. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Currently, + only the value 0 is supported. + type: integer + seconds: + description: Seconds of minutes of the time. Currently, + only the value 0 is supported. + type: integer + type: object + type: array + required: + - startTimes + type: object + type: object + clusterType: + description: 'The type of cluster. If not set, defaults to PRIMARY. + Default value: "PRIMARY" Possible values: ["PRIMARY", "SECONDARY"].' + type: string + continuousBackupConfig: + description: |- + The continuous backup config for this cluster. + + If no policy is provided then the default policy will be used. The default policy takes one backup a day and retains backups for 14 days. + properties: + enabled: + description: Whether continuous backup recovery is enabled. If + not set, defaults to true. + type: boolean + encryptionConfig: + description: EncryptionConfig describes the encryption config + of a cluster or a backup that is encrypted with a CMEK (customer-managed + encryption key). + properties: + kmsKeyNameRef: + description: '(Optional) The fully-qualified resource name + of the KMS key. Each Cloud KMS key is regionalized and has + the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + recoveryWindowDays: + description: |- + The numbers of days that are eligible to restore from using PITR. To support the entire recovery window, backups and logs are retained for one day more than the recovery window. + + If not set, defaults to 14 days. + type: integer + type: object + deletionPolicy: + description: |- + Policy to determine if the cluster should be deleted forcefully. + Deleting a cluster forcefully, deletes the cluster and all its associated instances within the cluster. + Deleting a Secondary cluster with a secondary instance REQUIRES setting deletion_policy = "FORCE" otherwise an error is returned. This is needed as there is no support to delete just the secondary instance, and the only way to delete secondary instance is to delete the associated secondary cluster forcefully which also deletes the secondary instance. + type: string + displayName: + description: User-settable and human-readable display name for the + Cluster. + type: string + encryptionConfig: + description: EncryptionConfig describes the encryption config of a + cluster or a backup that is encrypted with a CMEK (customer-managed + encryption key). + properties: + kmsKeyNameRef: + description: '(Optional) The fully-qualified resource name of + the KMS key. Each Cloud KMS key is regionalized and has the + following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + initialUser: + description: Initial user to setup during cluster creation. + properties: + password: + description: The initial password for the user. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + user: + description: The database username. + type: string + required: + - password + type: object + location: + description: Immutable. The location where the alloydb cluster should + reside. + type: string + maintenanceUpdatePolicy: + description: MaintenanceUpdatePolicy defines the policy for system + updates. + properties: + maintenanceWindows: + description: Preferred windows to perform maintenance. Currently + limited to 1. + items: + properties: + day: + description: 'Preferred day of the week for maintenance, + e.g. MONDAY, TUESDAY, etc. Possible values: ["MONDAY", + "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", + "SUNDAY"].' + type: string + startTime: + description: Preferred time to start the maintenance operation + on the specified day. Maintenance will start within 1 + hour of this time. + properties: + hours: + description: Hours of day in 24 hour format. Should + be from 0 to 23. + type: integer + minutes: + description: Minutes of hour of day. Currently, only + the value 0 is supported. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Currently, + only the value 0 is supported. + type: integer + seconds: + description: Seconds of minutes of the time. Currently, + only the value 0 is supported. + type: integer + required: + - hours + type: object + required: + - day + - startTime + type: object + type: array + type: object + networkConfig: + description: Metadata related to network configuration. + properties: + allocatedIpRange: + description: |- + The name of the allocated IP range for the private IP AlloyDB cluster. For example: "google-managed-services-default". + If set, the instance IPs for this cluster will be created in the allocated range. + type: string + networkRef: + description: |- + (Required) The relative resource name of the VPC network on which + the instance can be accessed. It is specified in the following form: + projects/{project}/global/networks/{network_id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/global/networks/{{value}}`, + where {{value}} is the `name` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + networkRef: + description: |- + (Required) The relative resource name of the VPC network on which + the instance can be accessed. It is specified in the following form: + projects/{project}/global/networks/{network_id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/global/networks/{{value}}`, + where {{value}} is the `name` field of a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The clusterId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + restoreBackupSource: + description: Immutable. The source when restoring from a backup. Conflicts + with 'restore_continuous_backup_source', both can't be set together. + properties: + backupNameRef: + description: (Required) The name of the backup that this cluster + is restored from. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AlloyDBBackup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backupNameRef + type: object + restoreContinuousBackupSource: + description: Immutable. The source when restoring via point in time + recovery (PITR). Conflicts with 'restore_backup_source', both can't + be set together. + properties: + clusterRef: + description: (Required) The name of the source cluster that this + cluster is restored from. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AlloyDBCluster` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + pointInTime: + description: Immutable. The point in time that this cluster is + restored to, in RFC 3339 format. + type: string + required: + - clusterRef + - pointInTime + type: object + secondaryConfig: + description: Configuration of the secondary cluster for Cross Region + Replication. This should be set if and only if the cluster is of + type SECONDARY. + properties: + primaryClusterNameRef: + description: |- + Name of the primary cluster must be in the format + 'projects/{project}/locations/{location}/clusters/{cluster_id}' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AlloyDBCluster` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - primaryClusterNameRef + type: object + required: + - location + - projectRef + type: object + status: + properties: + backupSource: + description: Cluster created from backup. + items: + properties: + backupName: + description: The name of the backup resource. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + continuousBackupInfo: + description: ContinuousBackupInfo describes the continuous backup + properties of a cluster. + items: + properties: + earliestRestorableTime: + description: The earliest restorable time that can be restored + to. Output only field. + type: string + enabledTime: + description: When ContinuousBackup was most recently enabled. + Set to null if ContinuousBackup is not enabled. + type: string + encryptionInfo: + description: Output only. The encryption information for the + WALs and backups required for ContinuousBackup. + items: + properties: + encryptionType: + description: Output only. Type of encryption. + type: string + kmsKeyVersions: + description: Output only. Cloud KMS key versions that + are being used to protect the database or the backup. + items: + type: string + type: array + type: object + type: array + schedule: + description: Days of the week on which a continuous backup is + taken. Output only field. Ignored if passed into the request. + items: + type: string + type: array + type: object + type: array + databaseVersion: + description: The database engine major version. This is an output-only + field and it's populated at the Cluster creation time. This field + cannot be changed after cluster creation. + type: string + encryptionInfo: + description: EncryptionInfo describes the encryption information of + a cluster or a backup. + items: + properties: + encryptionType: + description: Output only. Type of encryption. + type: string + kmsKeyVersions: + description: Output only. Cloud KMS key versions that are being + used to protect the database or the backup. + items: + type: string + type: array + type: object + type: array + migrationSource: + description: Cluster created via DMS migration. + items: + properties: + hostPort: + description: The host and port of the on-premises instance in + host:port format. + type: string + referenceId: + description: Place holder for the external source identifier(e.g + DMS job name) that created the cluster. + type: string + sourceType: + description: Type of migration source. + type: string + type: object + type: array + name: + description: The name of the cluster resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + clusterType: + description: 'The type of cluster. If not set, defaults to PRIMARY. + Default value: "PRIMARY" Possible values: ["PRIMARY", "SECONDARY"].' + type: string + type: object + uid: + description: The system-generated UID of the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + automatedBackupPolicy: + description: The automated backup policy for this cluster. AutomatedBackupPolicy + is disabled by default. + properties: + backupWindow: + description: |- + The length of the time window during which a backup can be taken. If a backup does not succeed within this time window, it will be canceled and considered failed. + + The backup window must be at least 5 minutes long. There is no upper bound on the window. If not set, it will default to 1 hour. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + enabled: + description: Whether automated backups are enabled. + type: boolean + encryptionConfig: + description: EncryptionConfig describes the encryption config + of a cluster or a backup that is encrypted with a CMEK (customer-managed + encryption key). + properties: + kmsKeyNameRef: + description: '(Optional) The fully-qualified resource name + of the KMS key. Each Cloud KMS key is regionalized and has + the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + labels: + additionalProperties: + type: string + description: Labels to apply to backups created using this configuration. + type: object + location: + description: The location where the backup will be stored. Currently, + the only supported option is to store the backup in the same + region as the cluster. + type: string + quantityBasedRetention: + description: Quantity-based Backup retention policy to retain + recent backups. Conflicts with 'time_based_retention', both + can't be set together. + properties: + count: + description: The number of backups to retain. + type: integer + type: object + timeBasedRetention: + description: Time-based Backup retention policy. Conflicts with + 'quantity_based_retention', both can't be set together. + properties: + retentionPeriod: + description: |- + The retention period. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + type: object + weeklySchedule: + description: Weekly schedule for the Backup. + properties: + daysOfWeek: + description: 'The days of the week to perform a backup. At + least one day of the week must be provided. Possible values: + ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", + "SATURDAY", "SUNDAY"].' + items: + type: string + type: array + startTimes: + description: The times during the day to start a backup. At + least one start time must be provided. The start times are + assumed to be in UTC and to be an exact hour (e.g., 04:00:00). + items: + properties: + hours: + description: Hours of day in 24 hour format. Should + be from 0 to 23. An API may choose to allow the value + "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Minutes of hour of day. Currently, only + the value 0 is supported. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Currently, + only the value 0 is supported. + type: integer + seconds: + description: Seconds of minutes of the time. Currently, + only the value 0 is supported. + type: integer + type: object + type: array + required: + - startTimes + type: object + type: object + clusterType: + description: 'The type of cluster. If not set, defaults to PRIMARY. + Default value: "PRIMARY" Possible values: ["PRIMARY", "SECONDARY"].' + type: string + continuousBackupConfig: + description: |- + The continuous backup config for this cluster. + + If no policy is provided then the default policy will be used. The default policy takes one backup a day and retains backups for 14 days. + properties: + enabled: + description: Whether continuous backup recovery is enabled. If + not set, defaults to true. + type: boolean + encryptionConfig: + description: EncryptionConfig describes the encryption config + of a cluster or a backup that is encrypted with a CMEK (customer-managed + encryption key). + properties: + kmsKeyNameRef: + description: '(Optional) The fully-qualified resource name + of the KMS key. Each Cloud KMS key is regionalized and has + the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + recoveryWindowDays: + description: |- + The numbers of days that are eligible to restore from using PITR. To support the entire recovery window, backups and logs are retained for one day more than the recovery window. + + If not set, defaults to 14 days. + type: integer + type: object + deletionPolicy: + description: |- + Policy to determine if the cluster should be deleted forcefully. + Deleting a cluster forcefully, deletes the cluster and all its associated instances within the cluster. + Deleting a Secondary cluster with a secondary instance REQUIRES setting deletion_policy = "FORCE" otherwise an error is returned. This is needed as there is no support to delete just the secondary instance, and the only way to delete secondary instance is to delete the associated secondary cluster forcefully which also deletes the secondary instance. + type: string + displayName: + description: User-settable and human-readable display name for the + Cluster. + type: string + encryptionConfig: + description: EncryptionConfig describes the encryption config of a + cluster or a backup that is encrypted with a CMEK (customer-managed + encryption key). + properties: + kmsKeyNameRef: + description: '(Optional) The fully-qualified resource name of + the KMS key. Each Cloud KMS key is regionalized and has the + following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + initialUser: + description: Initial user to setup during cluster creation. + properties: + password: + description: The initial password for the user. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + user: + description: The database username. + type: string + required: + - password + type: object + location: + description: Immutable. The location where the alloydb cluster should + reside. + type: string + maintenanceUpdatePolicy: + description: MaintenanceUpdatePolicy defines the policy for system + updates. + properties: + maintenanceWindows: + description: Preferred windows to perform maintenance. Currently + limited to 1. + items: + properties: + day: + description: 'Preferred day of the week for maintenance, + e.g. MONDAY, TUESDAY, etc. Possible values: ["MONDAY", + "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", + "SUNDAY"].' + type: string + startTime: + description: Preferred time to start the maintenance operation + on the specified day. Maintenance will start within 1 + hour of this time. + properties: + hours: + description: Hours of day in 24 hour format. Should + be from 0 to 23. + type: integer + minutes: + description: Minutes of hour of day. Currently, only + the value 0 is supported. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Currently, + only the value 0 is supported. + type: integer + seconds: + description: Seconds of minutes of the time. Currently, + only the value 0 is supported. + type: integer + required: + - hours + type: object + required: + - day + - startTime + type: object + type: array + type: object + networkConfig: + description: Metadata related to network configuration. + properties: + allocatedIpRange: + description: |- + The name of the allocated IP range for the private IP AlloyDB cluster. For example: "google-managed-services-default". + If set, the instance IPs for this cluster will be created in the allocated range. + type: string + networkRef: + description: |- + (Required) The relative resource name of the VPC network on which + the instance can be accessed. It is specified in the following form: + projects/{project}/global/networks/{network_id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/global/networks/{{value}}`, + where {{value}} is the `name` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + networkRef: + description: |- + (Required) The relative resource name of the VPC network on which + the instance can be accessed. It is specified in the following form: + projects/{project}/global/networks/{network_id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/global/networks/{{value}}`, + where {{value}} is the `name` field of a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The clusterId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + restoreBackupSource: + description: Immutable. The source when restoring from a backup. Conflicts + with 'restore_continuous_backup_source', both can't be set together. + properties: + backupNameRef: + description: (Required) The name of the backup that this cluster + is restored from. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AlloyDBBackup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backupNameRef + type: object + restoreContinuousBackupSource: + description: Immutable. The source when restoring via point in time + recovery (PITR). Conflicts with 'restore_backup_source', both can't + be set together. + properties: + clusterRef: + description: (Required) The name of the source cluster that this + cluster is restored from. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AlloyDBCluster` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + pointInTime: + description: Immutable. The point in time that this cluster is + restored to, in RFC 3339 format. + type: string + required: + - clusterRef + - pointInTime + type: object + secondaryConfig: + description: Configuration of the secondary cluster for Cross Region + Replication. This should be set if and only if the cluster is of + type SECONDARY. + properties: + primaryClusterNameRef: + description: |- + Name of the primary cluster must be in the format + 'projects/{project}/locations/{location}/clusters/{cluster_id}' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AlloyDBCluster` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - primaryClusterNameRef + type: object + required: + - location + - projectRef + type: object + status: + properties: + backupSource: + description: Cluster created from backup. + items: + properties: + backupName: + description: The name of the backup resource. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + continuousBackupInfo: + description: ContinuousBackupInfo describes the continuous backup + properties of a cluster. + items: + properties: + earliestRestorableTime: + description: The earliest restorable time that can be restored + to. Output only field. + type: string + enabledTime: + description: When ContinuousBackup was most recently enabled. + Set to null if ContinuousBackup is not enabled. + type: string + encryptionInfo: + description: Output only. The encryption information for the + WALs and backups required for ContinuousBackup. + items: + properties: + encryptionType: + description: Output only. Type of encryption. + type: string + kmsKeyVersions: + description: Output only. Cloud KMS key versions that + are being used to protect the database or the backup. + items: + type: string + type: array + type: object + type: array + schedule: + description: Days of the week on which a continuous backup is + taken. Output only field. Ignored if passed into the request. + items: + type: string + type: array + type: object + type: array + databaseVersion: + description: The database engine major version. This is an output-only + field and it's populated at the Cluster creation time. This field + cannot be changed after cluster creation. + type: string + encryptionInfo: + description: EncryptionInfo describes the encryption information of + a cluster or a backup. + items: + properties: + encryptionType: + description: Output only. Type of encryption. + type: string + kmsKeyVersions: + description: Output only. Cloud KMS key versions that are being + used to protect the database or the backup. + items: + type: string + type: array + type: object + type: array + migrationSource: + description: Cluster created via DMS migration. + items: + properties: + hostPort: + description: The host and port of the on-premises instance in + host:port format. + type: string + referenceId: + description: Place holder for the external source identifier(e.g + DMS job name) that created the cluster. + type: string + sourceType: + description: Type of migration source. + type: string + type: object + type: array + name: + description: The name of the cluster resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + clusterType: + description: 'The type of cluster. If not set, defaults to PRIMARY. + Default value: "PRIMARY" Possible values: ["PRIMARY", "SECONDARY"].' + type: string + type: object + uid: + description: The system-generated UID of the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: alloydbinstances.alloydb.cnrm.cloud.google.com +spec: + group: alloydb.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AlloyDBInstance + plural: alloydbinstances + shortNames: + - gcpalloydbinstance + - gcpalloydbinstances + singular: alloydbinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - instanceType + - required: + - instanceTypeRef + properties: + annotations: + additionalProperties: + type: string + description: Annotations to allow client tools to store small amount + of arbitrary data. This is distinct from labels. + type: object + availabilityType: + description: |- + 'Availability type of an Instance. Defaults to REGIONAL for both primary and read instances. + Note that primary and read instances can have different availability types. + Only READ_POOL instance supports ZONAL type. Users can't specify the zone for READ_POOL instance. + Zone is automatically chosen from the list of zones in the region specified. + Read pool of size 1 can only have zonal availability. Read pools with node count of 2 or more + can have regional availability (nodes are present in 2 or more zones in a region).' Possible values: ["AVAILABILITY_TYPE_UNSPECIFIED", "ZONAL", "REGIONAL"]. + type: string + clusterRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AlloyDBCluster` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + databaseFlags: + additionalProperties: + type: string + description: Database flags. Set at instance level. * They are copied + from primary instance on read instance creation. * Read instances + can set new or override existing flags that are relevant for reads, + e.g. for enabling columnar cache on a read instance. Flags set on + read instance may or may not be present on primary. + type: object + displayName: + description: User-settable and human-readable display name for the + Instance. + type: string + gceZone: + description: The Compute Engine zone that the instance should serve + from, per https://cloud.google.com/compute/docs/regions-zones This + can ONLY be specified for ZONAL instances. If present for a REGIONAL + instance, an error will be thrown. If this is absent for a ZONAL + instance, instance is created in a random zone with available capacity. + type: string + instanceType: + description: |- + We recommend that you use `instanceTypeRef` instead. + The type of the instance. Possible values: [PRIMARY, READ_POOL, SECONDARY] + type: string + instanceTypeRef: + description: |- + The type of instance. + Possible values: ["PRIMARY", "READ_POOL", "SECONDARY"] + For PRIMARY and SECONDARY instances, set the value to refer to the name of the associated cluster. + This is recommended because the instance type of primary and secondary instances is tied to the cluster type of the associated cluster. + If the secondary cluster is promoted to primary cluster, then the associated secondary instance also becomes primary instance. + Example: + instanceTypeRef: + name: clusterName + For instances of type READ_POOL, set the value using external keyword. + Example: + instanceTypeRef: + external: READ_POOL + If the instance type is SECONDARY, the delete instance operation does not delete the secondary instance but abandons it instead. + Use deletionPolicy = "FORCE" in the associated secondary cluster and delete the cluster forcefully to delete the secondary cluster as well its associated secondary instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `clusterType` field of an `AlloyDBCluster` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineConfig: + description: Configurations for the machines that host the underlying + database engine. + properties: + cpuCount: + description: The number of CPU's in the VM instance. + type: integer + type: object + networkConfig: + description: Instance level network configuration. + properties: + authorizedExternalNetworks: + description: A list of external networks authorized to access + this instance. This field is only allowed to be set when 'enable_public_ip' + is set to true. + items: + properties: + cidrRange: + description: CIDR range for one authorized network of the + instance. + type: string + type: object + type: array + enableOutboundPublicIp: + description: Enabling outbound public ip for the instance. + type: boolean + enablePublicIp: + description: Enabling public ip for the instance. If a user wishes + to disable this, please also clear the list of the authorized + external networks set on the same instance. + type: boolean + type: object + readPoolConfig: + description: Read pool specific config. If the instance type is READ_POOL, + this configuration must be provided. + properties: + nodeCount: + description: Read capacity, i.e. number of nodes in a read pool + instance. + type: integer + type: object + resourceID: + description: Immutable. Optional. The instanceId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - clusterRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time the Instance was created in UTC. + type: string + ipAddress: + description: The IP address for the Instance. This is the connection + endpoint for an end-user application. + type: string + name: + description: The name of the instance resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + outboundPublicIpAddresses: + description: |- + The outbound public IP addresses for the instance. This is available ONLY when + networkConfig.enableOutboundPublicIp is set to true. These IP addresses are used + for outbound connections. + items: + type: string + type: array + publicIpAddress: + description: The public IP addresses for the Instance. This is available + ONLY when networkConfig.enablePublicIp is set to true. This is the + connection endpoint for an end-user application. + type: string + reconciling: + description: Set to true if the current state of Instance does not + match the user's intended state, and the service is actively updating + the resource to reconcile them. This can happen due to user-triggered + updates or system actions like failover or maintenance. + type: boolean + state: + description: The current state of the alloydb instance. + type: string + uid: + description: The system-generated UID of the resource. + type: string + updateTime: + description: Time the Instance was updated in UTC. + type: string + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - instanceType + - required: + - instanceTypeRef + properties: + annotations: + additionalProperties: + type: string + description: Annotations to allow client tools to store small amount + of arbitrary data. This is distinct from labels. + type: object + availabilityType: + description: |- + 'Availability type of an Instance. Defaults to REGIONAL for both primary and read instances. + Note that primary and read instances can have different availability types. + Only READ_POOL instance supports ZONAL type. Users can't specify the zone for READ_POOL instance. + Zone is automatically chosen from the list of zones in the region specified. + Read pool of size 1 can only have zonal availability. Read pools with node count of 2 or more + can have regional availability (nodes are present in 2 or more zones in a region).' Possible values: ["AVAILABILITY_TYPE_UNSPECIFIED", "ZONAL", "REGIONAL"]. + type: string + clusterRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AlloyDBCluster` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + databaseFlags: + additionalProperties: + type: string + description: Database flags. Set at instance level. * They are copied + from primary instance on read instance creation. * Read instances + can set new or override existing flags that are relevant for reads, + e.g. for enabling columnar cache on a read instance. Flags set on + read instance may or may not be present on primary. + type: object + displayName: + description: User-settable and human-readable display name for the + Instance. + type: string + gceZone: + description: The Compute Engine zone that the instance should serve + from, per https://cloud.google.com/compute/docs/regions-zones This + can ONLY be specified for ZONAL instances. If present for a REGIONAL + instance, an error will be thrown. If this is absent for a ZONAL + instance, instance is created in a random zone with available capacity. + type: string + instanceType: + description: |- + We recommend that you use `instanceTypeRef` instead. + The type of the instance. Possible values: [PRIMARY, READ_POOL, SECONDARY] + type: string + instanceTypeRef: + description: |- + The type of instance. + Possible values: ["PRIMARY", "READ_POOL", "SECONDARY"] + For PRIMARY and SECONDARY instances, set the value to refer to the name of the associated cluster. + This is recommended because the instance type of primary and secondary instances is tied to the cluster type of the associated cluster. + If the secondary cluster is promoted to primary cluster, then the associated secondary instance also becomes primary instance. + Example: + instanceTypeRef: + name: clusterName + For instances of type READ_POOL, set the value using external keyword. + Example: + instanceTypeRef: + external: READ_POOL + If the instance type is SECONDARY, the delete instance operation does not delete the secondary instance but abandons it instead. + Use deletionPolicy = "FORCE" in the associated secondary cluster and delete the cluster forcefully to delete the secondary cluster as well its associated secondary instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `clusterType` field of an `AlloyDBCluster` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineConfig: + description: Configurations for the machines that host the underlying + database engine. + properties: + cpuCount: + description: The number of CPU's in the VM instance. + type: integer + type: object + networkConfig: + description: Instance level network configuration. + properties: + authorizedExternalNetworks: + description: A list of external networks authorized to access + this instance. This field is only allowed to be set when 'enable_public_ip' + is set to true. + items: + properties: + cidrRange: + description: CIDR range for one authorized network of the + instance. + type: string + type: object + type: array + enableOutboundPublicIp: + description: Enabling outbound public ip for the instance. + type: boolean + enablePublicIp: + description: Enabling public ip for the instance. If a user wishes + to disable this, please also clear the list of the authorized + external networks set on the same instance. + type: boolean + type: object + readPoolConfig: + description: Read pool specific config. If the instance type is READ_POOL, + this configuration must be provided. + properties: + nodeCount: + description: Read capacity, i.e. number of nodes in a read pool + instance. + type: integer + type: object + resourceID: + description: Immutable. Optional. The instanceId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - clusterRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time the Instance was created in UTC. + type: string + ipAddress: + description: The IP address for the Instance. This is the connection + endpoint for an end-user application. + type: string + name: + description: The name of the instance resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + outboundPublicIpAddresses: + description: |- + The outbound public IP addresses for the instance. This is available ONLY when + networkConfig.enableOutboundPublicIp is set to true. These IP addresses are used + for outbound connections. + items: + type: string + type: array + publicIpAddress: + description: The public IP addresses for the Instance. This is available + ONLY when networkConfig.enablePublicIp is set to true. This is the + connection endpoint for an end-user application. + type: string + reconciling: + description: Set to true if the current state of Instance does not + match the user's intended state, and the service is actively updating + the resource to reconcile them. This can happen due to user-triggered + updates or system actions like failover or maintenance. + type: boolean + state: + description: The current state of the alloydb instance. + type: string + uid: + description: The system-generated UID of the resource. + type: string + updateTime: + description: Time the Instance was updated in UTC. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: alloydbusers.alloydb.cnrm.cloud.google.com +spec: + group: alloydb.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AlloyDBUser + plural: alloydbusers + shortNames: + - gcpalloydbuser + - gcpalloydbusers + singular: alloydbuser + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clusterRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AlloyDBCluster` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + databaseRoles: + description: List of database roles this database user has. + items: + type: string + type: array + password: + description: Password for this database user. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + resourceID: + description: Immutable. Optional. The userId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + userType: + description: 'Immutable. The type of this user. Possible values: ["ALLOYDB_BUILT_IN", + "ALLOYDB_IAM_USER"].' + type: string + required: + - clusterRef + - userType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: Name of the resource in the form of projects/{project}/locations/{location}/clusters/{cluster}/users/{user}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigatewayapiconfigs.apigateway.cnrm.cloud.google.com +spec: + group: apigateway.cnrm.cloud.google.com + names: + categories: + - gcp + kind: APIGatewayAPIConfig + plural: apigatewayapiconfigs + shortNames: + - gcpapigatewayapiconfig + - gcpapigatewayapiconfigs + singular: apigatewayapiconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + api: + description: Immutable. The API to attach the config to. + type: string + apiConfigIdPrefix: + description: Immutable. Creates a unique name beginning with the specified + prefix. If this and api_config_id are unspecified, a random value + is chosen for the name. + type: string + displayName: + description: A user-visible name for the API. + type: string + gatewayConfig: + description: |- + Immutable. Immutable. Gateway specific configuration. + If not specified, backend authentication will be set to use OIDC authentication using the default compute service account. + properties: + backendConfig: + description: Backend settings that are applied to all backends + of the Gateway. + properties: + googleServiceAccount: + description: |- + Immutable. Google Cloud IAM service account used to sign OIDC tokens for backends that have authentication configured + (https://cloud.google.com/service-infrastructure/docs/service-management/reference/rest/v1/services.configs#backend). + type: string + required: + - googleServiceAccount + type: object + required: + - backendConfig + type: object + grpcServices: + description: gRPC service definition files. If specified, openapiDocuments + must not be included. + items: + properties: + fileDescriptorSet: + description: |- + Immutable. Input only. File descriptor set, generated by protoc. + To generate, use protoc with imports and source info included. For an example test.proto file, the following command would put the value in a new file named out.pb. + + $ protoc --include_imports --include_source_info test.proto -o out.pb. + properties: + contents: + description: Immutable. Base64 encoded content of the file. + type: string + path: + description: Immutable. The file path (full or relative + path). This is typically the path of the file when it + is uploaded. + type: string + required: + - contents + - path + type: object + source: + description: Uncompiled proto files associated with the descriptor + set, used for display purposes (server-side compilation is + not supported). These should match the inputs to 'protoc' + command used to generate fileDescriptorSet. + items: + properties: + contents: + description: Immutable. Base64 encoded content of the + file. + type: string + path: + description: Immutable. The file path (full or relative + path). This is typically the path of the file when it + is uploaded. + type: string + required: + - contents + - path + type: object + type: array + required: + - fileDescriptorSet + type: object + type: array + managedServiceConfigs: + description: |- + Optional. Service Configuration files. At least one must be included when using gRPC service definitions. See https://cloud.google.com/endpoints/docs/grpc/grpc-service-config#service_configuration_overview for the expected file contents. + If multiple files are specified, the files are merged with the following rules: * All singular scalar fields are merged using "last one wins" semantics in the order of the files uploaded. * Repeated fields are concatenated. * Singular embedded messages are merged using these rules for nested fields. + items: + properties: + contents: + description: Immutable. Base64 encoded content of the file. + type: string + path: + description: Immutable. The file path (full or relative path). + This is typically the path of the file when it is uploaded. + type: string + required: + - contents + - path + type: object + type: array + openapiDocuments: + description: OpenAPI specification documents. If specified, grpcServices + and managedServiceConfigs must not be included. + items: + properties: + document: + description: The OpenAPI Specification document file. + properties: + contents: + description: Immutable. Base64 encoded content of the file. + type: string + path: + description: Immutable. The file path (full or relative + path). This is typically the path of the file when it + is uploaded. + type: string + required: + - contents + - path + type: object + required: + - document + type: object + type: array + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The apiConfigId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - api + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The resource name of the API Config. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + serviceConfigId: + description: The ID of the associated Service Config (https://cloud.google.com/service-infrastructure/docs/glossary#config). + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigatewayapis.apigateway.cnrm.cloud.google.com +spec: + group: apigateway.cnrm.cloud.google.com + names: + categories: + - gcp + kind: APIGatewayAPI + plural: apigatewayapis + shortNames: + - gcpapigatewayapi + - gcpapigatewayapis + singular: apigatewayapi + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: A user-visible name for the API. + type: string + managedService: + description: |- + Immutable. Immutable. The name of a Google Managed Service ( https://cloud.google.com/service-infrastructure/docs/glossary#managed). + If not specified, a new Service will automatically be created in the same project as this API. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The apiId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Creation timestamp in RFC3339 text format. + type: string + name: + description: The resource name of the API. Format 'projects/{{project}}/locations/global/apis/{{apiId}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigatewaygateways.apigateway.cnrm.cloud.google.com +spec: + group: apigateway.cnrm.cloud.google.com + names: + categories: + - gcp + kind: APIGatewayGateway + plural: apigatewaygateways + shortNames: + - gcpapigatewaygateway + - gcpapigatewaygateways + singular: apigatewaygateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + apiConfig: + description: |- + Resource name of the API Config for this Gateway. Format: projects/{project}/locations/global/apis/{api}/configs/{apiConfig}. + When changing api configs please ensure the new config is a new resource and the lifecycle rule 'create_before_destroy' is set. + type: string + displayName: + description: A user-visible name for the API. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the gateway for the API. + type: string + resourceID: + description: Immutable. Optional. The gatewayId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - apiConfig + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + defaultHostname: + description: The default API Gateway host name of the form {gatewayId}-{hash}.{region_code}.gateway.dev. + type: string + name: + description: 'Resource name of the Gateway. Format: projects/{project}/locations/{region}/gateways/{gateway}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeeaddonsconfigs.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeAddonsConfig + plural: apigeeaddonsconfigs + shortNames: + - gcpapigeeaddonsconfig + - gcpapigeeaddonsconfigs + singular: apigeeaddonsconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addonsConfig: + description: Addon configurations of the Apigee organization. + properties: + advancedApiOpsConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + type: object + apiSecurityConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + expiresAt: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: string + type: object + connectorsPlatformConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + expiresAt: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: string + type: object + integrationConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + type: object + monetizationConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + type: object + type: object + org: + description: Immutable. Name of the Apigee organization. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - org + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeeendpointattachments.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeEndpointAttachment + plural: apigeeendpointattachments + shortNames: + - gcpapigeeendpointattachment + - gcpapigeeendpointattachments + singular: apigeeendpointattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: + description: Immutable. Location of the endpoint attachment. + type: string + orgId: + description: |- + Immutable. The Apigee Organization associated with the Apigee instance, + in the format 'organizations/{{org_name}}'. + type: string + resourceID: + description: Immutable. Optional. The endpointAttachmentId of the + resource. Used for creation and acquisition. When unset, the value + of `metadata.name` is used as the default. + type: string + serviceAttachment: + description: 'Immutable. Format: projects/*/regions/*/serviceAttachments/*.' + type: string + required: + - location + - orgId + - serviceAttachment + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + connectionState: + description: State of the endpoint attachment connection to the service + attachment. + type: string + host: + description: Host that can be used in either HTTP Target Endpoint + directly, or as the host in Target Server. + type: string + name: + description: |- + Name of the Endpoint Attachment in the following format: + organizations/{organization}/endpointAttachments/{endpointAttachment}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeeenvgroupattachments.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeEnvgroupAttachment + plural: apigeeenvgroupattachments + shortNames: + - gcpapigeeenvgroupattachment + - gcpapigeeenvgroupattachments + singular: apigeeenvgroupattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + envgroupId: + description: |- + Immutable. The Apigee environment group associated with the Apigee environment, + in the format 'organizations/{{org_name}}/envgroups/{{envgroup_name}}'. + type: string + environment: + description: Immutable. The resource ID of the environment. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - envgroupId + - environment + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The name of the newly created attachment (output parameter). + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeeenvgroups.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeEnvgroup + plural: apigeeenvgroups + shortNames: + - gcpapigeeenvgroup + - gcpapigeeenvgroups + singular: apigeeenvgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + hostnames: + description: Hostnames of the environment group. + items: + type: string + type: array + orgId: + description: |- + Immutable. The Apigee Organization associated with the Apigee environment group, + in the format 'organizations/{{org_name}}'. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - orgId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: apigeeenvironments.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeEnvironment + plural: apigeeenvironments + shortNames: + - gcpapigeeenvironment + - gcpapigeeenvironments + singular: apigeeenvironment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + apigeeOrganizationRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The apigee organization for the resource + + Allowed value: The Google Cloud resource name of an `ApigeeOrganization` resource (format: `organizations/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Optional. Description of the environment. + type: string + displayName: + description: Optional. Display name for this environment. + type: string + properties: + additionalProperties: + type: string + description: Optional. Key-value pairs that may be used for customizing + the environment. + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - apigeeOrganizationRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createdAt: + description: Output only. Creation time of this environment as milliseconds + since epoch. + format: int64 + type: integer + lastModifiedAt: + description: Output only. Last modification time of this environment + as milliseconds since epoch. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. State of the environment. Values other + than ACTIVE means the resource is not ready to use. Possible values: + STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeeinstanceattachments.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeInstanceAttachment + plural: apigeeinstanceattachments + shortNames: + - gcpapigeeinstanceattachment + - gcpapigeeinstanceattachments + singular: apigeeinstanceattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + environment: + description: Immutable. The resource ID of the environment. + type: string + instanceId: + description: |- + Immutable. The Apigee instance associated with the Apigee environment, + in the format 'organizations/{{org_name}}/instances/{{instance_name}}'. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - environment + - instanceId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The name of the newly created attachment (output parameter). + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeeinstances.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeInstance + plural: apigeeinstances + shortNames: + - gcpapigeeinstance + - gcpapigeeinstances + singular: apigeeinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + consumerAcceptList: + description: |- + Immutable. Optional. Customer accept list represents the list of projects (id/number) on customer + side that can privately connect to the service attachment. It is an optional field + which the customers can provide during the instance creation. By default, the customer + project associated with the Apigee organization will be included to the list. + items: + type: string + type: array + description: + description: Immutable. Description of the instance. + type: string + diskEncryptionKeyName: + description: |- + Immutable. Customer Managed Encryption Key (CMEK) used for disk and volume encryption. Required for Apigee paid subscriptions only. + Use the following format: 'projects/([^/]+)/locations/([^/]+)/keyRings/([^/]+)/cryptoKeys/([^/]+)'. + type: string + displayName: + description: Immutable. Display name of the instance. + type: string + ipRange: + description: |- + Immutable. IP range represents the customer-provided CIDR block of length 22 that will be used for + the Apigee instance creation. This optional range, if provided, should be freely + available as part of larger named range the customer has allocated to the Service + Networking peering. If this is not provided, Apigee will automatically request for any + available /22 CIDR block from Service Networking. The customer should use this CIDR block + for configuring their firewall needs to allow traffic from Apigee. + Input format: "a.b.c.d/22". + type: string + location: + description: Immutable. Required. Compute Engine location where the + instance resides. + type: string + orgId: + description: |- + Immutable. The Apigee Organization associated with the Apigee instance, + in the format 'organizations/{{org_name}}'. + type: string + peeringCidrRange: + description: |- + Immutable. The size of the CIDR block range that will be reserved by the instance. For valid values, + see [CidrRange](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances#CidrRange) on the documentation. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - orgId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + host: + description: Output only. Hostname or IP address of the exposed Apigee + endpoint used by clients to connect to the service. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + port: + description: Output only. Port number of the exposed Apigee endpoint. + type: string + serviceAttachment: + description: |- + Output only. Resource name of the service attachment created for the instance in + the format: projects/*/regions/*/serviceAttachments/* Apigee customers can privately + forward traffic to this service attachment using the PSC endpoints. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeenataddresses.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeNATAddress + plural: apigeenataddresses + shortNames: + - gcpapigeenataddress + - gcpapigeenataddresses + singular: apigeenataddress + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + instanceId: + description: |- + Immutable. The Apigee instance associated with the Apigee environment, + in the format 'organizations/{{org_name}}/instances/{{instance_name}}'. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - instanceId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + ipAddress: + description: The allocated NAT IP address. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: State of the NAT IP address. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: apigeeorganizations.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeOrganization + plural: apigeeorganizations + shortNames: + - gcpapigeeorganization + - gcpapigeeorganizations + singular: apigeeorganization + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addonsConfig: + description: Addon configurations of the Apigee organization. + properties: + advancedApiOpsConfig: + description: Configuration for the Advanced API Ops add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + type: object + monetizationConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Monetization + add-on is enabled. + type: boolean + type: object + type: object + analyticsRegion: + description: Immutable. Required. Primary GCP region for analytics + data storage. For valid values, see (https://cloud.google.com/apigee/docs/api-platform/get-started/create-org). + type: string + authorizedNetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Compute Engine network used for Service Networking to be peered with Apigee runtime instances. See (https://cloud.google.com/vpc/docs/shared-vpc). To use a shared VPC network, use the following format: `projects/{host-project-id}/{region}/networks/{network-name}`. For example: `projects/my-sharedvpc-host/global/networks/mynetwork` **Note:** Not supported for Apigee hybrid. + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Description of the Apigee organization. + type: string + displayName: + description: Display name for the Apigee organization. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. Name of the GCP project in which to associate the Apigee organization. Pass the information as a query parameter using the following structure in your request: projects/ Authorization requires the following IAM permission on the specified resource parent: apigee.organizations.create + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + properties: + additionalProperties: + type: string + description: Properties defined in the Apigee organization profile. + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + runtimeDatabaseEncryptionKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances. Update is not allowed after the organization is created. Required when (#RuntimeType) is `TRIAL`, a Google-Managed encryption key will be used. For example: "projects/foo/locations/us/keyRings/bar/cryptoKeys/baz". **Note:** Not supported for Apigee hybrid. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + runtimeType: + description: 'Immutable. Required. Runtime type of the Apigee organization + based on the Apigee subscription purchased. Possible values: RUNTIME_TYPE_UNSPECIFIED, + CLOUD, HYBRID' + type: string + required: + - analyticsRegion + - projectRef + - runtimeType + type: object + status: + properties: + billingType: + description: 'Output only. Billing type of the Apigee organization. + See (https://cloud.google.com/apigee/pricing). Possible values: + BILLING_TYPE_UNSPECIFIED, SUBSCRIPTION, EVALUATION' + type: string + caCertificate: + description: Output only. Base64-encoded public certificate for the + root CA of the Apigee organization. Valid only when (#RuntimeType) + is `CLOUD`. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createdAt: + description: Output only. Time that the Apigee organization was created + in milliseconds since epoch. + format: int64 + type: integer + environments: + description: Output only. List of environments in the Apigee organization. + items: + type: string + type: array + expiresAt: + description: Output only. Time that the Apigee organization is scheduled + for deletion. + format: int64 + type: integer + lastModifiedAt: + description: Output only. Time that the Apigee organization was last + modified in milliseconds since epoch. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + projectId: + description: Output only. Project ID associated with the Apigee organization. + type: string + state: + description: 'Output only. State of the organization. Values other + than ACTIVE means the resource is not ready to use. Possible values: + SNAPSHOT_STATE_UNSPECIFIED, MISSING, OK_DOCSTORE, OK_SUBMITTED, + OK_EXTERNAL, DELETED' + type: string + subscriptionType: + description: 'Output only. DEPRECATED: This will eventually be replaced + by BillingType. Subscription type of the Apigee organization. Valid + values include trial (free, limited, and for evaluation purposes + only) or paid (full subscription has been purchased). See (https://cloud.google.com/apigee/pricing/). + Possible values: SUBSCRIPTION_TYPE_UNSPECIFIED, PAID, TRIAL' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeesyncauthorizations.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeSyncAuthorization + plural: apigeesyncauthorizations + shortNames: + - gcpapigeesyncauthorization + - gcpapigeesyncauthorizations + singular: apigeesyncauthorization + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + identities: + description: |- + Array of service accounts to grant access to control plane resources, each specified using the following format: 'serviceAccount:service-account-name'. + + The 'service-account-name' is formatted like an email address. For example: my-synchronizer-manager-serviceAccount@my_project_id.iam.gserviceaccount.com + + You might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one. + + The service accounts must have **Apigee Synchronizer Manager** role. See also [Create service accounts](https://cloud.google.com/apigee/docs/hybrid/v1.8/sa-about#create-the-service-accounts). + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - identities + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: |- + Entity tag (ETag) used for optimistic concurrency control as a way to help prevent simultaneous updates from overwriting each other. + Used internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apikeyskeys.apikeys.cnrm.cloud.google.com +spec: + group: apikeys.cnrm.cloud.google.com + names: + categories: + - gcp + kind: APIKeysKey + listKind: APIKeysKeyList + plural: apikeyskeys + shortNames: + - gcpapikeyskey + - gcpapikeyskeys + singular: apikeyskey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: APIKeysKey is the Schema for the APIKeys Key resource. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Human-readable display name of this key that you can + modify. The maximum length is 63 characters. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + restrictions: + description: Key restrictions. + properties: + androidKeyRestrictions: + description: The Android apps that are allowed to use the key. + properties: + allowedApplications: + description: A list of Android applications that are allowed + to make API calls with this key. + items: + properties: + packageName: + description: The package name of the application. + type: string + sha1Fingerprint: + description: 'The SHA1 fingerprint of the application. + For example, both sha1 formats are acceptable : DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09 + or DA39A3EE5E6B4B0D3255BFEF95601890AFD80709. Output + format is the latter.' + type: string + required: + - packageName + - sha1Fingerprint + type: object + type: array + required: + - allowedApplications + type: object + apiTargets: + description: A restriction for a specific service and optionally + one or more specific methods. Requests are allowed if they match + any of these restrictions. If no restrictions are specified, + all targets are allowed. + items: + properties: + methods: + description: 'Optional. List of one or more methods that + can be called. If empty, all methods for the service are + allowed. A wildcard (*) can be used as the last symbol. + Valid examples: `google.cloud.translate.v2.TranslateService.GetSupportedLanguage` + `TranslateText` `Get*` `translate.googleapis.com.Get*`' + items: + type: string + type: array + service: + description: 'The service for this restriction. It should + be the canonical service name, for example: `translate.googleapis.com`. + You can use [`gcloud services list`](/sdk/gcloud/reference/services/list) + to get a list of services that are enabled in the project.' + type: string + required: + - service + type: object + type: array + browserKeyRestrictions: + description: The HTTP referrers (websites) that are allowed to + use the key. + properties: + allowedReferrers: + description: A list of regular expressions for the referrer + URLs that are allowed to make API calls with this key. + items: + type: string + type: array + required: + - allowedReferrers + type: object + iosKeyRestrictions: + description: The iOS apps that are allowed to use the key. + properties: + allowedBundleIds: + description: A list of bundle IDs that are allowed when making + API calls with this key. + items: + type: string + type: array + required: + - allowedBundleIds + type: object + serverKeyRestrictions: + description: The IP addresses of callers that are allowed to use + the key. + properties: + allowedIps: + description: A list of the caller IP addresses that are allowed + to make API calls with this key. + items: + type: string + type: array + required: + - allowedIps + type: object + type: object + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + uid: + description: Output only. Unique id in UUID4 format. + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: appenginedomainmappings.appengine.cnrm.cloud.google.com +spec: + group: appengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AppEngineDomainMapping + plural: appenginedomainmappings + shortNames: + - gcpappenginedomainmapping + - gcpappenginedomainmappings + singular: appenginedomainmapping + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + overrideStrategy: + description: |- + Whether the domain creation should override any existing mappings for this domain. + By default, overrides are rejected. Default value: "STRICT" Possible values: ["STRICT", "OVERRIDE"]. + type: string + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The domainName of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslSettings: + description: SSL configuration for this domain. If unconfigured, this + domain will not serve with SSL. + properties: + certificateId: + description: |- + ID of the AuthorizedCertificate resource configuring SSL for the application. Clearing this field will + remove SSL support. + By default, a managed certificate is automatically created for every domain mapping. To omit SSL support + or to configure SSL manually, specify 'SslManagementType.MANUAL' on a 'CREATE' or 'UPDATE' request. You must be + authorized to administer the 'AuthorizedCertificate' resource to manually map it to a DomainMapping resource. + Example: 12345. + type: string + pendingManagedCertificateId: + description: |- + ID of the managed 'AuthorizedCertificate' resource currently being provisioned, if applicable. Until the new + managed certificate has been successfully provisioned, the previous SSL state will be preserved. Once the + provisioning process completes, the 'certificateId' field will reflect the new managed certificate and this + field will be left empty. To remove SSL support while there is still a pending managed certificate, clear the + 'certificateId' field with an update request. + type: string + sslManagementType: + description: |- + SSL management type for this domain. If 'AUTOMATIC', a managed certificate is automatically provisioned. + If 'MANUAL', 'certificateId' must be manually specified in order to configure SSL for this domain. Possible values: ["AUTOMATIC", "MANUAL"]. + type: string + required: + - sslManagementType + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'Full path to the DomainMapping resource in the API. + Example: apps/myapp/domainMapping/example.com.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + resourceRecords: + description: |- + The resource records required to configure this domain mapping. These records must be added to the domain's DNS + configuration in order to serve the application via this domain mapping. + items: + properties: + name: + description: 'Relative name of the object affected by this record. + Only applicable for CNAME records. Example: ''www''.' + type: string + rrdata: + description: Data for this record. Values vary by record type, + as defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1). + type: string + type: + description: 'Resource record type. Example: ''AAAA''. Possible + values: ["A", "AAAA", "CNAME"].' + type: string + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: appenginefirewallrules.appengine.cnrm.cloud.google.com +spec: + group: appengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AppEngineFirewallRule + plural: appenginefirewallrules + shortNames: + - gcpappenginefirewallrule + - gcpappenginefirewallrules + singular: appenginefirewallrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: 'The action to take if this rule matches. Possible values: + ["UNSPECIFIED_ACTION", "ALLOW", "DENY"].' + type: string + description: + description: An optional string description of this rule. + type: string + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The priority of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceRange: + description: IP address or range, defined using CIDR notation, of + requests that this rule applies to. + type: string + required: + - action + - sourceRange + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: appengineflexibleappversions.appengine.cnrm.cloud.google.com +spec: + group: appengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AppEngineFlexibleAppVersion + plural: appengineflexibleappversions + shortNames: + - gcpappengineflexibleappversion + - gcpappengineflexibleappversions + singular: appengineflexibleappversion + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + apiConfig: + description: Serving configuration for Google Cloud Endpoints. + properties: + authFailAction: + description: 'Action to take when users access resources that + require authentication. Default value: "AUTH_FAIL_ACTION_REDIRECT" + Possible values: ["AUTH_FAIL_ACTION_REDIRECT", "AUTH_FAIL_ACTION_UNAUTHORIZED"].' + type: string + login: + description: 'Level of login required to access this resource. + Default value: "LOGIN_OPTIONAL" Possible values: ["LOGIN_OPTIONAL", + "LOGIN_ADMIN", "LOGIN_REQUIRED"].' + type: string + script: + description: Path to the script from the application root directory. + type: string + securityLevel: + description: 'Security (HTTPS) enforcement for this URL. Possible + values: ["SECURE_DEFAULT", "SECURE_NEVER", "SECURE_OPTIONAL", + "SECURE_ALWAYS"].' + type: string + url: + description: URL to serve the endpoint at. + type: string + required: + - script + type: object + automaticScaling: + description: Automatic scaling is based on request rate, response + latencies, and other application metrics. + properties: + coolDownPeriod: + description: |- + The time period that the Autoscaler should wait before it starts collecting information from a new instance. + This prevents the autoscaler from collecting information when the instance is initializing, + during which the collected usage would not be reliable. Default: 120s. + type: string + cpuUtilization: + description: Target scaling by CPU usage. + properties: + aggregationWindowLength: + description: Period of time over which CPU utilization is + calculated. + type: string + targetUtilization: + description: Target CPU utilization ratio to maintain when + scaling. Must be between 0 and 1. + type: number + required: + - targetUtilization + type: object + diskUtilization: + description: Target scaling by disk usage. + properties: + targetReadBytesPerSecond: + description: Target bytes read per second. + type: integer + targetReadOpsPerSecond: + description: Target ops read per seconds. + type: integer + targetWriteBytesPerSecond: + description: Target bytes written per second. + type: integer + targetWriteOpsPerSecond: + description: Target ops written per second. + type: integer + type: object + maxConcurrentRequests: + description: |- + Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance. + + Defaults to a runtime-specific value. + type: integer + maxIdleInstances: + description: Maximum number of idle instances that should be maintained + for this version. + type: integer + maxPendingLatency: + description: Maximum amount of time that a request should wait + in the pending queue before starting a new instance to handle + it. + type: string + maxTotalInstances: + description: 'Maximum number of instances that should be started + to handle requests for this version. Default: 20.' + type: integer + minIdleInstances: + description: Minimum number of idle instances that should be maintained + for this version. Only applicable for the default version of + a service. + type: integer + minPendingLatency: + description: Minimum amount of time a request should wait in the + pending queue before starting a new instance to handle it. + type: string + minTotalInstances: + description: 'Minimum number of running instances that should + be maintained for this version. Default: 2.' + type: integer + networkUtilization: + description: Target scaling by network usage. + properties: + targetReceivedBytesPerSecond: + description: Target bytes received per second. + type: integer + targetReceivedPacketsPerSecond: + description: Target packets received per second. + type: integer + targetSentBytesPerSecond: + description: Target bytes sent per second. + type: integer + targetSentPacketsPerSecond: + description: Target packets sent per second. + type: integer + type: object + requestUtilization: + description: Target scaling by request utilization. + properties: + targetConcurrentRequests: + description: Target number of concurrent requests. + type: number + targetRequestCountPerSecond: + description: Target requests per second. + type: string + type: object + required: + - cpuUtilization + type: object + betaSettings: + additionalProperties: + type: string + description: Metadata settings that are supplied to this version to + enable beta runtime features. + type: object + defaultExpiration: + description: |- + Duration that static files should be cached by web proxies and browsers. + Only applicable if the corresponding StaticFilesHandler does not specify its own expiration time. + type: string + deleteServiceOnDestroy: + description: If set to 'true', the service will be deleted if it is + the last version. + type: boolean + deployment: + description: Code and application artifacts that make up this version. + properties: + cloudBuildOptions: + description: Options for the build operations performed as a part + of the version deployment. Only applicable when creating a version + using source code directly. + properties: + appYamlPath: + description: Path to the yaml file used in deployment, used + to determine runtime configuration details. + type: string + cloudBuildTimeout: + description: |- + The Cloud Build timeout used as part of any dependent builds performed by version creation. Defaults to 10 minutes. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + required: + - appYamlPath + type: object + container: + description: The Docker image for the container that runs the + version. + properties: + image: + description: |- + URI to the hosted container image in Google Container Registry. The URI must be fully qualified and include a tag or digest. + Examples: "gcr.io/my-project/image:tag" or "gcr.io/my-project/image@digest". + type: string + required: + - image + type: object + files: + description: |- + Manifest of the files stored in Google Cloud Storage that are included as part of this version. + All files must be readable using the credentials supplied with this call. + items: + properties: + name: + type: string + sha1Sum: + description: SHA1 checksum of the file. + type: string + sourceUrl: + description: Source URL. + type: string + required: + - name + - sourceUrl + type: object + type: array + zip: + description: Zip File. + properties: + filesCount: + description: files count. + type: integer + sourceUrl: + description: Source URL. + type: string + required: + - sourceUrl + type: object + type: object + endpointsApiService: + description: Code and application artifacts that make up this version. + properties: + configId: + description: |- + Endpoints service configuration ID as specified by the Service Management API. For example "2016-09-19r1". + + By default, the rollout strategy for Endpoints is "FIXED". This means that Endpoints starts up with a particular configuration ID. + When a new configuration is rolled out, Endpoints must be given the new configuration ID. The configId field is used to give the configuration ID + and is required in this case. + + Endpoints also has a rollout strategy called "MANAGED". When using this, Endpoints fetches the latest configuration and does not need + the configuration ID. In this case, configId must be omitted. + type: string + disableTraceSampling: + description: Enable or disable trace sampling. By default, this + is set to false for enabled. + type: boolean + name: + description: |- + Endpoints service name which is the name of the "service" resource in the Service Management API. + For example "myapi.endpoints.myproject.cloud.goog". + type: string + rolloutStrategy: + description: 'Endpoints rollout strategy. If FIXED, configId must + be specified. If MANAGED, configId must be omitted. Default + value: "FIXED" Possible values: ["FIXED", "MANAGED"].' + type: string + required: + - name + type: object + entrypoint: + description: The entrypoint for the application. + properties: + shell: + description: The format should be a shell command that can be + fed to bash -c. + type: string + required: + - shell + type: object + envVariables: + additionalProperties: + type: string + type: object + handlers: + description: |- + An ordered list of URL-matching patterns that should be applied to incoming requests. + The first matching URL handles the request and other request handlers are not attempted. + items: + properties: + authFailAction: + description: 'Actions to take when the user is not logged in. + Possible values: ["AUTH_FAIL_ACTION_REDIRECT", "AUTH_FAIL_ACTION_UNAUTHORIZED"].' + type: string + login: + description: 'Methods to restrict access to a URL based on login + status. Possible values: ["LOGIN_OPTIONAL", "LOGIN_ADMIN", + "LOGIN_REQUIRED"].' + type: string + redirectHttpResponseCode: + description: '30x code to use when performing redirects for + the secure field. Possible values: ["REDIRECT_HTTP_RESPONSE_CODE_301", + "REDIRECT_HTTP_RESPONSE_CODE_302", "REDIRECT_HTTP_RESPONSE_CODE_303", + "REDIRECT_HTTP_RESPONSE_CODE_307"].' + type: string + script: + description: |- + Executes a script to handle the requests that match this URL pattern. + Only the auto value is supported for Node.js in the App Engine standard environment, for example "script:" "auto". + properties: + scriptPath: + description: Path to the script from the application root + directory. + type: string + required: + - scriptPath + type: object + securityLevel: + description: 'Security (HTTPS) enforcement for this URL. Possible + values: ["SECURE_DEFAULT", "SECURE_NEVER", "SECURE_OPTIONAL", + "SECURE_ALWAYS"].' + type: string + staticFiles: + description: |- + Files served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files. + Static file handlers describe which files in the application directory are static files, and which URLs serve them. + properties: + applicationReadable: + description: |- + Whether files should also be uploaded as code data. By default, files declared in static file handlers are + uploaded as static data and are only served to end users; they cannot be read by the application. If enabled, + uploads are charged against both your code and static data storage resource quotas. + type: boolean + expiration: + description: |- + Time a static file served by this handler should be cached by web proxies and browsers. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example "3.5s". + Default is '0s'. + type: string + httpHeaders: + additionalProperties: + type: string + description: |- + HTTP headers to use for all responses from these URLs. + An object containing a list of "key:value" value pairs.". + type: object + mimeType: + description: |- + MIME type used to serve all files served by this handler. + Defaults to file-specific MIME types, which are derived from each file's filename extension. + type: string + path: + description: |- + Path to the static files matched by the URL pattern, from the application root directory. + The path can refer to text matched in groupings in the URL pattern. + type: string + requireMatchingFile: + description: Whether this handler should match the request + if the file referenced by the handler does not exist. + type: boolean + uploadPathRegex: + description: Regular expression that matches the file paths + for all files that should be referenced by this handler. + type: string + type: object + urlRegex: + description: |- + URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings. + All URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path. + type: string + type: object + type: array + inboundServices: + description: 'A list of the types of messages that this application + is able to receive. Possible values: ["INBOUND_SERVICE_MAIL", "INBOUND_SERVICE_MAIL_BOUNCE", + "INBOUND_SERVICE_XMPP_ERROR", "INBOUND_SERVICE_XMPP_MESSAGE", "INBOUND_SERVICE_XMPP_SUBSCRIBE", + "INBOUND_SERVICE_XMPP_PRESENCE", "INBOUND_SERVICE_CHANNEL_PRESENCE", + "INBOUND_SERVICE_WARMUP"].' + items: + type: string + type: array + instanceClass: + description: |- + Instance class that is used to run this version. Valid values are + AutomaticScaling: F1, F2, F4, F4_1G + ManualScaling: B1, B2, B4, B8, B4_1G + Defaults to F1 for AutomaticScaling and B1 for ManualScaling. + type: string + livenessCheck: + description: Health checking configuration for VM instances. Unhealthy + instances are killed and replaced with new instances. + properties: + checkInterval: + description: Interval between health checks. + type: string + failureThreshold: + description: 'Number of consecutive failed checks required before + considering the VM unhealthy. Default: 4.' + type: number + host: + description: 'Host header to send when performing a HTTP Readiness + check. Example: "myapp.appspot.com".' + type: string + initialDelay: + description: 'The initial delay before starting to execute the + checks. Default: "300s".' + type: string + path: + description: The request path. + type: string + successThreshold: + description: 'Number of consecutive successful checks required + before considering the VM healthy. Default: 2.' + type: number + timeout: + description: 'Time before the check is considered failed. Default: + "4s".' + type: string + required: + - path + type: object + manualScaling: + description: A service with manual scaling runs continuously, allowing + you to perform complex initialization and rely on the state of its + memory over time. + properties: + instances: + description: |- + Number of instances to assign to the service at the start. + + **Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2 + Modules API set_num_instances() you must use 'lifecycle.ignore_changes = ["manual_scaling"[0].instances]' to prevent drift detection. + type: integer + required: + - instances + type: object + network: + description: Extra network settings. + properties: + forwardedPorts: + description: List of ports, or port pairs, to forward from the + virtual machine to the application container. + items: + type: string + type: array + instanceTag: + description: Tag to apply to the instance during creation. + type: string + name: + description: Google Compute Engine network where the virtual machines + are created. Specify the short name, not the resource path. + type: string + sessionAffinity: + description: Enable session affinity. + type: boolean + subnetwork: + description: |- + Google Cloud Platform sub-network where the virtual machines are created. Specify the short name, not the resource path. + + If the network that the instance is being created in is a Legacy network, then the IP address is allocated from the IPv4Range. + If the network that the instance is being created in is an auto Subnet Mode Network, then only network name should be specified (not the subnetworkName) and the IP address is created from the IPCidrRange of the subnetwork that exists in that zone for that network. + If the network that the instance is being created in is a custom Subnet Mode Network, then the subnetworkName must be specified and the IP address is created from the IPCidrRange of the subnetwork. + If specified, the subnetwork must exist in the same region as the App Engine flexible environment application. + type: string + required: + - name + type: object + nobuildFilesRegex: + description: Files that match this pattern will not be built into + this version. Only applicable for Go runtimes. + type: string + noopOnDestroy: + description: If set to 'true', the application version will not be + deleted. + type: boolean + project: + description: Immutable. + type: string + readinessCheck: + description: Configures readiness health checking for instances. Unhealthy + instances are not put into the backend traffic rotation. + properties: + appStartTimeout: + description: |- + A maximum time limit on application initialization, measured from moment the application successfully + replies to a healthcheck until it is ready to serve traffic. Default: "300s". + type: string + checkInterval: + description: 'Interval between health checks. Default: "5s".' + type: string + failureThreshold: + description: 'Number of consecutive failed checks required before + removing traffic. Default: 2.' + type: number + host: + description: 'Host header to send when performing a HTTP Readiness + check. Example: "myapp.appspot.com".' + type: string + path: + description: The request path. + type: string + successThreshold: + description: 'Number of consecutive successful checks required + before receiving traffic. Default: 2.' + type: number + timeout: + description: 'Time before the check is considered failed. Default: + "4s".' + type: string + required: + - path + type: object + resourceID: + description: Immutable. Optional. The versionId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resources: + description: Machine resources for a version. + properties: + cpu: + description: Number of CPU cores needed. + type: integer + diskGb: + description: Disk size (GB) needed. + type: integer + memoryGb: + description: Memory (GB) needed. + type: number + volumes: + description: List of ports, or port pairs, to forward from the + virtual machine to the application container. + items: + properties: + name: + description: Unique name for the volume. + type: string + sizeGb: + description: Volume size in gigabytes. + type: integer + volumeType: + description: Underlying volume type, e.g. 'tmpfs'. + type: string + required: + - name + - sizeGb + - volumeType + type: object + type: array + type: object + runtime: + description: Desired runtime. Example python27. + type: string + runtimeApiVersion: + description: |- + The version of the API in the given runtime environment. + Please see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard//config/appref'\ + Substitute '' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'. + type: string + runtimeChannel: + description: The channel of the runtime to use. Only available for + some runtimes. + type: string + runtimeMainExecutablePath: + description: The path or name of the app's main executable. + type: string + serviceAccount: + description: |- + The identity that the deployed version will run as. Admin API will use the App Engine Appspot service account as + default if this field is neither provided in app.yaml file nor through CLI flag. + type: string + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AppEngineService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + servingStatus: + description: 'Current serving status of this version. Only the versions + with a SERVING status create instances and can be billed. Default + value: "SERVING" Possible values: ["SERVING", "STOPPED"].' + type: string + vpcAccessConnector: + description: Enables VPC connectivity for standard apps. + properties: + name: + description: Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1. + type: string + required: + - name + type: object + required: + - livenessCheck + - readinessCheck + - runtime + - serviceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: Full path to the Version resource in the API. Example, + "v1". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: appengineservicesplittraffics.appengine.cnrm.cloud.google.com +spec: + group: appengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AppEngineServiceSplitTraffic + plural: appengineservicesplittraffics + shortNames: + - gcpappengineservicesplittraffic + - gcpappengineservicesplittraffics + singular: appengineservicesplittraffic + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + migrateTraffic: + description: If set to true traffic will be migrated to this version. + type: boolean + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The service of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + split: + description: Mapping that defines fractional HTTP traffic diversion + to different versions within the service. + properties: + allocations: + additionalProperties: + type: string + description: Mapping from version IDs within the service to fractional + (0.000, 1] allocations of traffic for that version. Each version + can be specified only once, but some versions in the service + may not have any traffic allocation. Services that have traffic + allocated cannot be deleted until either the service is deleted + or their traffic allocation is removed. Allocations must sum + to 1. Up to two decimal place precision is supported for IP-based + splits and up to three decimal places is supported for cookie-based + splits. + type: object + shardBy: + description: 'Mechanism used to determine which version a request + is sent to. The traffic selection algorithm will be stable for + either type until allocations are changed. Possible values: + ["UNSPECIFIED", "COOKIE", "IP", "RANDOM"].' + type: string + required: + - allocations + type: object + required: + - split + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: appenginestandardappversions.appengine.cnrm.cloud.google.com +spec: + group: appengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AppEngineStandardAppVersion + plural: appenginestandardappversions + shortNames: + - gcpappenginestandardappversion + - gcpappenginestandardappversions + singular: appenginestandardappversion + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + appEngineApis: + description: Allows App Engine second generation runtimes to access + the legacy bundled services. + type: boolean + automaticScaling: + description: Automatic scaling is based on request rate, response + latencies, and other application metrics. + properties: + maxConcurrentRequests: + description: |- + Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance. + + Defaults to a runtime-specific value. + type: integer + maxIdleInstances: + description: Maximum number of idle instances that should be maintained + for this version. + type: integer + maxPendingLatency: + description: |- + Maximum amount of time that a request should wait in the pending queue before starting a new instance to handle it. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + minIdleInstances: + description: Minimum number of idle instances that should be maintained + for this version. Only applicable for the default version of + a service. + type: integer + minPendingLatency: + description: |- + Minimum amount of time a request should wait in the pending queue before starting a new instance to handle it. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + standardSchedulerSettings: + description: Scheduler settings for standard environment. + properties: + maxInstances: + description: Maximum number of instances to run for this version. + Set to zero to disable maxInstances configuration. + type: integer + minInstances: + description: Minimum number of instances to run for this version. + Set to zero to disable minInstances configuration. + type: integer + targetCpuUtilization: + description: Target CPU utilization ratio to maintain when + scaling. Should be a value in the range [0.50, 0.95], zero, + or a negative value. + type: number + targetThroughputUtilization: + description: Target throughput utilization ratio to maintain + when scaling. Should be a value in the range [0.50, 0.95], + zero, or a negative value. + type: number + type: object + type: object + basicScaling: + description: Basic scaling creates instances when your application + receives requests. Each instance will be shut down when the application + becomes idle. Basic scaling is ideal for work that is intermittent + or driven by user activity. + properties: + idleTimeout: + description: |- + Duration of time after the last request that an instance must wait before the instance is shut down. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. + type: string + maxInstances: + description: Maximum number of instances to create for this version. + Must be in the range [1.0, 200.0]. + type: integer + required: + - maxInstances + type: object + deleteServiceOnDestroy: + description: If set to 'true', the service will be deleted if it is + the last version. + type: boolean + deployment: + description: Code and application artifacts that make up this version. + properties: + files: + description: |- + Manifest of the files stored in Google Cloud Storage that are included as part of this version. + All files must be readable using the credentials supplied with this call. + items: + properties: + name: + type: string + sha1Sum: + description: SHA1 checksum of the file. + type: string + sourceUrl: + description: Source URL. + type: string + required: + - name + - sourceUrl + type: object + type: array + zip: + description: Zip File. + properties: + filesCount: + description: files count. + type: integer + sourceUrl: + description: Source URL. + type: string + required: + - sourceUrl + type: object + type: object + entrypoint: + description: The entrypoint for the application. + properties: + shell: + description: The format should be a shell command that can be + fed to bash -c. + type: string + required: + - shell + type: object + envVariables: + additionalProperties: + type: string + description: Environment variables available to the application. + type: object + handlers: + description: |- + An ordered list of URL-matching patterns that should be applied to incoming requests. + The first matching URL handles the request and other request handlers are not attempted. + items: + properties: + authFailAction: + description: 'Actions to take when the user is not logged in. + Possible values: ["AUTH_FAIL_ACTION_REDIRECT", "AUTH_FAIL_ACTION_UNAUTHORIZED"].' + type: string + login: + description: 'Methods to restrict access to a URL based on login + status. Possible values: ["LOGIN_OPTIONAL", "LOGIN_ADMIN", + "LOGIN_REQUIRED"].' + type: string + redirectHttpResponseCode: + description: '30x code to use when performing redirects for + the secure field. Possible values: ["REDIRECT_HTTP_RESPONSE_CODE_301", + "REDIRECT_HTTP_RESPONSE_CODE_302", "REDIRECT_HTTP_RESPONSE_CODE_303", + "REDIRECT_HTTP_RESPONSE_CODE_307"].' + type: string + script: + description: |- + Executes a script to handle the requests that match this URL pattern. + Only the auto value is supported for Node.js in the App Engine standard environment, for example "script:" "auto". + properties: + scriptPath: + description: Path to the script from the application root + directory. + type: string + required: + - scriptPath + type: object + securityLevel: + description: 'Security (HTTPS) enforcement for this URL. Possible + values: ["SECURE_DEFAULT", "SECURE_NEVER", "SECURE_OPTIONAL", + "SECURE_ALWAYS"].' + type: string + staticFiles: + description: Files served directly to the user for a given URL, + such as images, CSS stylesheets, or JavaScript source files. + Static file handlers describe which files in the application + directory are static files, and which URLs serve them. + properties: + applicationReadable: + description: |- + Whether files should also be uploaded as code data. By default, files declared in static file handlers are uploaded as + static data and are only served to end users; they cannot be read by the application. If enabled, uploads are charged + against both your code and static data storage resource quotas. + type: boolean + expiration: + description: |- + Time a static file served by this handler should be cached by web proxies and browsers. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example "3.5s". + type: string + httpHeaders: + additionalProperties: + type: string + description: |- + HTTP headers to use for all responses from these URLs. + An object containing a list of "key:value" value pairs.". + type: object + mimeType: + description: |- + MIME type used to serve all files served by this handler. + Defaults to file-specific MIME types, which are derived from each file's filename extension. + type: string + path: + description: Path to the static files matched by the URL + pattern, from the application root directory. The path + can refer to text matched in groupings in the URL pattern. + type: string + requireMatchingFile: + description: Whether this handler should match the request + if the file referenced by the handler does not exist. + type: boolean + uploadPathRegex: + description: Regular expression that matches the file paths + for all files that should be referenced by this handler. + type: string + type: object + urlRegex: + description: |- + URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings. + All URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path. + type: string + type: object + type: array + inboundServices: + description: 'A list of the types of messages that this application + is able to receive. Possible values: ["INBOUND_SERVICE_MAIL", "INBOUND_SERVICE_MAIL_BOUNCE", + "INBOUND_SERVICE_XMPP_ERROR", "INBOUND_SERVICE_XMPP_MESSAGE", "INBOUND_SERVICE_XMPP_SUBSCRIBE", + "INBOUND_SERVICE_XMPP_PRESENCE", "INBOUND_SERVICE_CHANNEL_PRESENCE", + "INBOUND_SERVICE_WARMUP"].' + items: + type: string + type: array + instanceClass: + description: |- + Instance class that is used to run this version. Valid values are + AutomaticScaling: F1, F2, F4, F4_1G + BasicScaling or ManualScaling: B1, B2, B4, B4_1G, B8 + Defaults to F1 for AutomaticScaling and B2 for ManualScaling and BasicScaling. If no scaling is specified, AutomaticScaling is chosen. + type: string + libraries: + description: Configuration for third-party Python runtime libraries + that are required by the application. + items: + properties: + name: + description: Name of the library. Example "django". + type: string + version: + description: Version of the library to select, or "latest". + type: string + type: object + type: array + manualScaling: + description: A service with manual scaling runs continuously, allowing + you to perform complex initialization and rely on the state of its + memory over time. + properties: + instances: + description: |- + Number of instances to assign to the service at the start. + + **Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2 + Modules API set_num_instances() you must use 'lifecycle.ignore_changes = ["manual_scaling"[0].instances]' to prevent drift detection. + type: integer + required: + - instances + type: object + noopOnDestroy: + description: If set to 'true', the application version will not be + deleted. + type: boolean + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The versionId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + runtime: + description: Desired runtime. Example python27. + type: string + runtimeApiVersion: + description: |- + The version of the API in the given runtime environment. + Please see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard//config/appref'\ + Substitute '' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'. + type: string + serviceAccount: + description: The identity that the deployed version will run as. Admin + API will use the App Engine Appspot service account as default if + this field is neither provided in app.yaml file nor through CLI + flag. + type: string + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AppEngineService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + threadsafe: + description: Whether multiple requests can be dispatched to this version + at once. + type: boolean + vpcAccessConnector: + description: Enables VPC connectivity for standard apps. + properties: + egressSetting: + description: The egress setting for the connector, controlling + what traffic is diverted through it. + type: string + name: + description: Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1. + type: string + required: + - name + type: object + required: + - deployment + - entrypoint + - runtime + - serviceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: Full path to the Version resource in the API. Example, + "v1". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: artifactregistryrepositories.artifactregistry.cnrm.cloud.google.com +spec: + group: artifactregistry.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ArtifactRegistryRepository + plural: artifactregistryrepositories + shortNames: + - gcpartifactregistryrepository + - gcpartifactregistryrepositories + singular: artifactregistryrepository + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cleanupPolicies: + description: |- + Cleanup policies for this repository. Cleanup policies indicate when + certain package versions can be automatically deleted. + Map keys are policy IDs supplied by users during policy creation. They must + unique within a repository and be under 128 characters in length. + items: + properties: + action: + description: 'Policy action. Possible values: ["DELETE", "KEEP"].' + type: string + condition: + description: Policy condition for matching versions. + properties: + newerThan: + description: Match versions newer than a duration. + type: string + olderThan: + description: Match versions older than a duration. + type: string + packageNamePrefixes: + description: Match versions by package prefix. Applied on + any prefix match. + items: + type: string + type: array + tagPrefixes: + description: Match versions by tag prefix. Applied on any + prefix match. + items: + type: string + type: array + tagState: + description: 'Match versions by tag status. Default value: + "ANY" Possible values: ["TAGGED", "UNTAGGED", "ANY"].' + type: string + versionNamePrefixes: + description: Match versions by version name prefix. Applied + on any prefix match. + items: + type: string + type: array + type: object + id: + type: string + mostRecentVersions: + description: |- + Policy condition for retaining a minimum number of versions. May only be + specified with a Keep action. + properties: + keepCount: + description: Minimum number of versions to keep. + type: integer + packageNamePrefixes: + description: Match versions by package prefix. Applied on + any prefix match. + items: + type: string + type: array + type: object + required: + - id + type: object + type: array + cleanupPolicyDryRun: + description: |- + If true, the cleanup pipeline is prevented from deleting versions in this + repository. + type: boolean + description: + description: The user-provided description of the repository. + type: string + dockerConfig: + description: Docker repository config contains repository level configuration + for the repositories of docker type. + properties: + immutableTags: + description: The repository which enabled this flag prevents all + tags from being modified, moved or deleted. This does not prevent + tags from being created. + type: boolean + type: object + format: + description: |- + Immutable. The format of packages that are stored in the repository. Supported formats + can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). + You can only create alpha formats if you are a member of the + [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). + type: string + kmsKeyRef: + description: |- + The customer managed encryption key that’s used to encrypt the + contents of the Repository. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Immutable. The name of the location this repository is + located in. + type: string + mavenConfig: + description: |- + MavenRepositoryConfig is maven related repository details. + Provides additional configuration details for repositories of the maven + format type. + properties: + allowSnapshotOverwrites: + description: |- + Immutable. The repository with this flag will allow publishing the same + snapshot versions. + type: boolean + versionPolicy: + description: 'Immutable. Version policy defines the versions that + the registry will accept. Default value: "VERSION_POLICY_UNSPECIFIED" + Possible values: ["VERSION_POLICY_UNSPECIFIED", "RELEASE", "SNAPSHOT"].' + type: string + type: object + mode: + description: 'Immutable. The mode configures the repository to serve + artifacts from different sources. Default value: "STANDARD_REPOSITORY" + Possible values: ["STANDARD_REPOSITORY", "VIRTUAL_REPOSITORY", "REMOTE_REPOSITORY"].' + type: string + remoteRepositoryConfig: + description: Immutable. Configuration specific for a Remote Repository. + properties: + description: + description: Immutable. The description of the remote source. + type: string + dockerRepository: + description: Immutable. Specific settings for a Docker remote + repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "DOCKER_HUB" Possible values: ["DOCKER_HUB"].' + type: string + type: object + mavenRepository: + description: Immutable. Specific settings for a Maven remote repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "MAVEN_CENTRAL" Possible values: ["MAVEN_CENTRAL"].' + type: string + type: object + npmRepository: + description: Immutable. Specific settings for an Npm remote repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "NPMJS" Possible values: ["NPMJS"].' + type: string + type: object + pythonRepository: + description: Immutable. Specific settings for a Python remote + repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "PYPI" Possible values: ["PYPI"].' + type: string + type: object + type: object + resourceID: + description: Immutable. Optional. The repositoryId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + virtualRepositoryConfig: + description: Configuration specific for a Virtual Repository. + properties: + upstreamPolicies: + description: |- + Policies that configure the upstream artifacts distributed by the Virtual + Repository. Upstream policies cannot be set on a standard repository. + items: + properties: + id: + description: The user-provided ID of the upstream policy. + type: string + priority: + description: Entries with a greater priority value take + precedence in the pull order. + type: integer + repositoryRef: + description: |- + A reference to the repository resource, for example: + "projects/p1/locations/us-central1/repositories/repo1". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/repositories/{{value}}`, + where {{value}} is the `name` field of an `ArtifactRegistryRepository` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + required: + - format + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the repository was created. + type: string + name: + description: |- + The name of the repository, for example: + "repo1". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: The time when the repository was last updated. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: beyondcorpappconnections.beyondcorp.cnrm.cloud.google.com +spec: + group: beyondcorp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BeyondCorpAppConnection + plural: beyondcorpappconnections + shortNames: + - gcpbeyondcorpappconnection + - gcpbeyondcorpappconnections + singular: beyondcorpappconnection + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + applicationEndpoint: + description: Address of the remote application endpoint for the BeyondCorp + AppConnection. + properties: + host: + description: Hostname or IP address of the remote application + endpoint. + type: string + port: + description: Port of the remote application endpoint. + type: integer + required: + - host + - port + type: object + connectors: + description: List of AppConnectors that are authorised to be associated + with this AppConnection. + items: + type: string + type: array + displayName: + description: An arbitrary user-provided name for the AppConnection. + type: string + gateway: + description: Gateway used by the AppConnection. + properties: + appGateway: + description: 'AppGateway name in following format: projects/{project_id}/locations/{locationId}/appgateways/{gateway_id}.' + type: string + ingressPort: + description: Ingress port reserved on the gateways for this AppConnection, + if not specified or zero, the default port is 19443. + type: integer + type: + description: |- + The type of hosting used by the gateway. Refer to + https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#Type_1 + for a list of possible values. + type: string + uri: + description: Server-defined URI for this resource. + type: string + required: + - appGateway + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the AppConnection. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The type of network connectivity used by the AppConnection. Refer to + https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#type + for a list of possible values. + type: string + required: + - applicationEndpoint + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: beyondcorpappconnectors.beyondcorp.cnrm.cloud.google.com +spec: + group: beyondcorp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BeyondCorpAppConnector + plural: beyondcorpappconnectors + shortNames: + - gcpbeyondcorpappconnector + - gcpbeyondcorpappconnectors + singular: beyondcorpappconnector + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: An arbitrary user-provided name for the AppConnector. + type: string + principalInfo: + description: Principal information about the Identity of the AppConnector. + properties: + serviceAccount: + description: ServiceAccount represents a GCP service account. + properties: + email: + description: Email address of the service account. + type: string + required: + - email + type: object + required: + - serviceAccount + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the AppConnector. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - principalInfo + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: Represents the different states of a AppConnector. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: beyondcorpappgateways.beyondcorp.cnrm.cloud.google.com +spec: + group: beyondcorp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BeyondCorpAppGateway + plural: beyondcorpappgateways + shortNames: + - gcpbeyondcorpappgateway + - gcpbeyondcorpappgateways + singular: beyondcorpappgateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Immutable. An arbitrary user-provided name for the AppGateway. + type: string + hostType: + description: 'Immutable. The type of hosting used by the AppGateway. + Default value: "HOST_TYPE_UNSPECIFIED" Possible values: ["HOST_TYPE_UNSPECIFIED", + "GCP_REGIONAL_MIG"].' + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the AppGateway. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. The type of network connectivity used by + the AppGateway. Default value: "TYPE_UNSPECIFIED" Possible values: + ["TYPE_UNSPECIFIED", "TCP_PROXY"].' + type: string + required: + - projectRef + - region + type: object + status: + properties: + allocatedConnections: + description: A list of connections allocated for the Gateway. + items: + properties: + ingressPort: + description: The ingress port of an allocated connection. + type: integer + pscUri: + description: The PSC uri of an allocated connection. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: Represents the different states of a AppGateway. + type: string + uri: + description: Server-defined URI for this resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + name: bigqueryanalyticshubdataexchanges.bigqueryanalyticshub.cnrm.cloud.google.com +spec: + group: bigqueryanalyticshub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryAnalyticsHubDataExchange + listKind: BigQueryAnalyticsHubDataExchangeList + plural: bigqueryanalyticshubdataexchanges + shortNames: + - gcpbigqueryanalyticshubdataexchange + - gcpbigqueryanalyticshubdataexchanges + singular: bigqueryanalyticshubdataexchange + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: BigQueryAnalyticsHubDataExchange is the Schema for the BigQueryAnalyticsHubDataExchange + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BigQueryAnalyticsHubDataExchangeSpec defines the desired + state of BigQueryAnalyticsHubDataExchange + properties: + description: + description: 'Optional. Description of the data exchange. The description + must not contain Unicode non-characters as well as C0 and C1 control + codes except tabs (HT), new lines (LF), carriage returns (CR), and + page breaks (FF). Default value is an empty string. Max length: + 2000 bytes.' + type: string + discoveryType: + description: Optional. Type of discovery on the discovery page for + all the listings under this exchange. Updating this field also updates + (overwrites) the discovery_type field for all the listings under + this exchange. + type: string + displayName: + description: 'Required. Human-readable display name of the data exchange. + The display name must contain only Unicode letters, numbers (0-9), + underscores (_), dashes (-), spaces ( ), ampersands (&) and must + not start or end with spaces. Default value is an empty string. + Max length: 63 bytes.' + type: string + documentation: + description: Optional. Documentation describing the data exchange. + type: string + location: + description: Immutable. The name of the location this data exchange. + type: string + primaryContact: + description: 'Optional. Email or URL of the primary point of contact + of the data exchange. Max Length: 1000 bytes.' + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: Immutable. The BigQueryAnalyticsHubDataExchange name. + If not given, the metadata.name will be used. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + required: + - location + - projectRef + type: object + status: + description: BigQueryAnalyticsHubDataExchangeStatus defines the config + connector machine state of BigQueryAnalyticsHubDataExchange + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the BigQueryAnalyticsHubDataExchange + resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + listingCount: + description: Number of listings contained in the data exchange. + format: int64 + type: integer + type: object + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: BigQueryAnalyticsHubDataExchange is the Schema for the BigQueryAnalyticsHubDataExchange + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BigQueryAnalyticsHubDataExchangeSpec defines the desired + state of BigQueryAnalyticsHubDataExchange + properties: + description: + description: 'Optional. Description of the data exchange. The description + must not contain Unicode non-characters as well as C0 and C1 control + codes except tabs (HT), new lines (LF), carriage returns (CR), and + page breaks (FF). Default value is an empty string. Max length: + 2000 bytes.' + type: string + discoveryType: + description: Optional. Type of discovery on the discovery page for + all the listings under this exchange. Updating this field also updates + (overwrites) the discovery_type field for all the listings under + this exchange. + type: string + displayName: + description: 'Required. Human-readable display name of the data exchange. + The display name must contain only Unicode letters, numbers (0-9), + underscores (_), dashes (-), spaces ( ), ampersands (&) and must + not start or end with spaces. Default value is an empty string. + Max length: 63 bytes.' + type: string + documentation: + description: Optional. Documentation describing the data exchange. + type: string + location: + description: Immutable. The name of the location this data exchange. + type: string + primaryContact: + description: 'Optional. Email or URL of the primary point of contact + of the data exchange. Max Length: 1000 bytes.' + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: Immutable. The BigQueryAnalyticsHubDataExchange name. + If not given, the metadata.name will be used. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + required: + - location + - projectRef + type: object + status: + description: BigQueryAnalyticsHubDataExchangeStatus defines the config + connector machine state of BigQueryAnalyticsHubDataExchange + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the BigQueryAnalyticsHubDataExchange + resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + listingCount: + description: Number of listings contained in the data exchange. + format: int64 + type: integer + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: bigqueryanalyticshublistings.bigqueryanalyticshub.cnrm.cloud.google.com +spec: + group: bigqueryanalyticshub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryAnalyticsHubListing + listKind: BigQueryAnalyticsHubListingList + plural: bigqueryanalyticshublistings + singular: bigqueryanalyticshublisting + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: BigQueryAnalyticsHubListing is the Schema for the BigQueryAnalyticsHubListing + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BigQueryAnalyticsHubListingSpec defines the desired state + of BigQueryAnalyticsHubDataExchangeListing + properties: + categories: + description: Optional. Categories of the listing. Up to two categories + are allowed. + items: + type: string + type: array + dataExchangeRef: + description: BigQueryAnalyticsHubDataExchangeRef defines the resource + reference to BigQueryAnalyticsHubDataExchange, which "External" + field holds the GCP identifier for the KRM object. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed BigQueryAnalyticsHubDataExchange + resource. Should be in the format "projects//locations//dataexchanges/". + type: string + name: + description: The name of a BigQueryAnalyticsHubDataExchange resource. + type: string + namespace: + description: The namespace of a BigQueryAnalyticsHubDataExchange + resource. + type: string + type: object + dataProvider: + description: Optional. Details of the data provider who owns the source + data. + properties: + name: + description: Optional. Name of the data provider. + type: string + primaryContact: + description: 'Optional. Email or URL of the data provider. Max + Length: 1000 bytes.' + type: string + type: object + description: + description: 'Optional. Short description of the listing. The description + must contain only Unicode characters or tabs (HT), new lines (LF), + carriage returns (CR), and page breaks (FF). Default value is an + empty string. Max length: 2000 bytes.' + type: string + discoveryType: + description: Optional. Type of discovery of the listing on the discovery + page. + type: string + displayName: + description: 'Required. Human-readable display name of the listing. + The display name must contain only Unicode letters, numbers (0-9), + underscores (_), dashes (-), spaces ( ), ampersands (&) and can''t + start or end with spaces. Default value is an empty string. Max + length: 63 bytes.' + type: string + documentation: + description: Optional. Documentation describing the listing. + type: string + location: + description: Immutable. The name of the location this data exchange. + type: string + primaryContact: + description: 'Optional. Email or URL of the primary point of contact + of the listing. Max Length: 1000 bytes.' + type: string + projectRef: + description: The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + publisher: + description: Optional. Details of the publisher who owns the listing + and who can share the source data. + properties: + name: + description: Optional. Name of the listing publisher. + type: string + primaryContact: + description: 'Optional. Email or URL of the listing publisher. + Max Length: 1000 bytes.' + type: string + type: object + requestAccess: + description: 'Optional. Email or URL of the request access of the + listing. Subscribers can use this reference to request access. Max + Length: 1000 bytes.' + type: string + resourceID: + description: Immutable. The BigQueryAnalyticsHubDataExchangeListing + name. If not given, the metadata.name will be used. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + source: + properties: + bigQueryDatasetSource: + description: One of the following fields must be set. + properties: + datasetRef: + description: Resource name of the dataset source for this + listing. e.g. `projects/myproject/datasets/123` + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: If provided must be in the format `projects/[project_id]/datasets/[dataset_id]`. + type: string + name: + description: The `metadata.name` field of a `BigQueryDataset` + resource. + type: string + namespace: + description: The `metadata.namespace` field of a `BigQueryDataset` + resource. + type: string + type: object + restrictedExportPolicy: + description: Optional. If set, restricted export policy will + be propagated and enforced on the linked dataset. + properties: + enabled: + description: Optional. If true, enable restricted export. + type: boolean + restrictDirectTableAccess: + description: Optional. If true, restrict direct table + access (read api/tabledata.list) on linked table. + type: boolean + restrictQueryResult: + description: Optional. If true, restrict export of query + result derived from restricted linked dataset table. + type: boolean + type: object + selectedResources: + description: Optional. Resources in this dataset that are + selectively shared. If this field is empty, then the entire + dataset (all resources) are shared. This field is only valid + for data clean room exchanges. + items: + properties: + table: + description: 'Optional. A reference to a BigQueryTable. + Format: `projects/{projectId}/datasets/{datasetId}/tables/{tableId}` + Example:"projects/test_project/datasets/test_dataset/tables/test_table"' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: If provided must be in the format `projects/{projectId}/datasets/{datasetId}/tables/{tableId}`. + type: string + name: + description: The `metadata.name` field of a `BigQueryTable` + resource. + type: string + namespace: + description: The `metadata.namespace` field of a + `BigQueryTable` resource. + type: string + type: object + type: object + type: array + required: + - datasetRef + type: object + type: object + required: + - dataExchangeRef + - displayName + - location + - projectRef + - source + type: object + status: + description: BigQueryAnalyticsHubListingStatus defines the config connector + machine state of BigQueryAnalyticsHubDataExchangeListing + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the BigQueryAnalyticsHubDataExchangeListing + resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + state: + description: Output only. Current state of the listing. + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: bigqueryconnectionconnections.bigqueryconnection.cnrm.cloud.google.com +spec: + group: bigqueryconnection.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryConnectionConnection + listKind: BigQueryConnectionConnectionList + plural: bigqueryconnectionconnections + shortNames: + - gcpbigqueryconnectionconnection + - gcpbigqueryconnectionconnections + singular: bigqueryconnectionconnection + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: BigQueryConnectionConnection is the Schema for the BigQueryConnectionConnection + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BigQueryConnectionConnectionSpec defines the desired state + to connect BigQuery to external resources + properties: + aws: + description: Amazon Web Services (AWS) properties. + properties: + accessRole: + description: Authentication using Google owned service account + to assume into customer's AWS IAM Role. + properties: + iamRoleID: + description: The user’s AWS IAM Role that trusts the Google-owned + AWS IAM user Connection. + type: string + required: + - iamRoleID + type: object + required: + - accessRole + type: object + azure: + description: Azure properties. + properties: + customerTenantID: + description: The id of customer's directory that host the data. + type: string + federatedApplicationClientID: + description: The client ID of the user's Azure Active Directory + Application used for a federated connection. + type: string + required: + - customerTenantID + type: object + cloudResource: + description: Use Cloud Resource properties. + type: object + cloudSQL: + description: Cloud SQL properties. + properties: + credential: + description: Cloud SQL credential. + properties: + secretRef: + description: The Kubernetes Secret object that stores the + "username" and "password" information. The Secret type has + to be `kubernetes.io/basic-auth`. + properties: + name: + description: The `metadata.name` field of a Kubernetes + `Secret` + type: string + namespace: + description: The `metadata.namespace` field of a Kubernetes + `Secret`. + type: string + required: + - name + type: object + type: object + databaseRef: + description: Reference to the SQL Database. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The SQL Database name, when not managed by Config + Connector. + type: string + name: + description: The `name` field of a `SQLDatabase` resource. + type: string + namespace: + description: The `namespace` field of a `SQLDatabase` resource. + type: string + type: object + instanceRef: + description: Reference to the Cloud SQL instance ID. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The SQLInstance selfLink, when not managed by + Config Connector. + type: string + name: + description: The `name` field of a `SQLInstance` resource. + type: string + namespace: + description: The `namespace` field of a `SQLInstance` resource. + type: string + type: object + type: + description: Type of the Cloud SQL database. + type: string + required: + - credential + - databaseRef + - instanceRef + - type + type: object + cloudSpanner: + description: Cloud Spanner properties. + properties: + databaseRef: + description: Reference to a spanner database ID. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The Spanner Database selfLink, when not managed + by Config Connector. + type: string + name: + description: The `name` field of a `SpannerDatabase` resource. + type: string + namespace: + description: The `namespace` field of a `SpannerDatabase` + resource. + type: string + type: object + databaseRole: + description: |- + Optional. Cloud Spanner database role for fine-grained access control. + The Cloud Spanner admin should have provisioned the database role with + appropriate permissions, such as `SELECT` and `INSERT`. Other users should + only use roles provided by their Cloud Spanner admins. + + For more details, see [About fine-grained access control] + (https://cloud.google.com/spanner/docs/fgac-about). + + REQUIRES: The database role name must start with a letter, and can only + contain letters, numbers, and underscores. + type: string + maxParallelism: + description: |- + Allows setting max parallelism per query when executing on Spanner + independent compute resources. If unspecified, default values of + parallelism are chosen that are dependent on the Cloud Spanner instance + configuration. + + REQUIRES: `use_parallelism` must be set. + REQUIRES: Either `use_data_boost` or `use_serverless_analytics` must be + set. + format: int32 + type: integer + useDataBoost: + description: |- + If set, the request will be executed via Spanner independent compute + resources. + REQUIRES: `use_parallelism` must be set. + + NOTE: `use_serverless_analytics` will be deprecated. Prefer + `use_data_boost` over `use_serverless_analytics`. + type: boolean + useParallelism: + description: If parallelism should be used when reading from Cloud + Spanner + type: boolean + useServerlessAnalytics: + description: 'If the serverless analytics service should be used + to read data from Cloud Spanner. Note: `use_parallelism` must + be set when using serverless analytics.' + type: boolean + required: + - databaseRef + type: object + description: + description: User provided description. + type: string + friendlyName: + description: User provided display name for the connection. + type: string + location: + description: Immutable. + type: string + x-kubernetes-validations: + - message: Location field is immutable + rule: self == oldSelf + projectRef: + description: The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: 'Immutable. Optional. The BigQuery Connection ID used + for resource creation or acquisition. For creation: If specified, + this value is used as the connection ID. If not provided, a UUID + will be generated and assigned as the connection ID. For acquisition: + This field must be provided to identify the connection resource + to acquire.' + type: string + spark: + description: Spark properties. + properties: + metastoreService: + description: Optional. Dataproc Metastore Service configuration + for the connection. + properties: + metastoreServiceRef: + description: |- + Optional. Resource name of an existing Dataproc Metastore service. + + Example: + + * `projects/[project_id]/locations/[region]/services/[service_id]` + properties: + external: + description: The self-link of an existing Dataproc Metastore + service , when not managed by Config Connector. + type: string + required: + - external + type: object + type: object + sparkHistoryServer: + description: Optional. Spark History Server configuration for + the connection. + properties: + dataprocClusterRef: + description: |- + Optional. Resource name of an existing Dataproc Cluster to act as a Spark + History Server for the connection. + + Example: + + * `projects/[project_id]/regions/[region]/clusters/[cluster_name]` + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The self-link of an existing Dataproc Cluster + to act as a Spark History Server for the connection + , when not managed by Config Connector. + type: string + name: + description: The `name` field of a Dataproc Cluster. + type: string + namespace: + description: The `namespace` field of a Dataproc Cluster. + type: string + type: object + type: object + type: object + required: + - location + - projectRef + type: object + status: + description: BigQueryConnectionConnectionStatus defines the config connector + machine state of BigQueryConnectionConnection + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the BigQueryConnectionConnection + resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + aws: + properties: + accessRole: + properties: + identity: + description: A unique Google-owned and Google-generated + identity for the Connection. This identity will be used + to access the user's AWS IAM Role. + type: string + type: object + type: object + azure: + properties: + application: + description: The name of the Azure Active Directory Application. + type: string + clientID: + description: The client id of the Azure Active Directory Application. + type: string + identity: + description: A unique Google-owned and Google-generated identity + for the Connection. This identity will be used to access + the user's Azure Active Directory Application. + type: string + objectID: + description: The object id of the Azure Active Directory Application. + type: string + redirectUri: + description: The URL user will be redirected to after granting + consent during connection setup. + type: string + type: object + cloudResource: + properties: + serviceAccountID: + description: |2- + The account ID of the service created for the purpose of this + connection. + + The service account does not have any permissions associated with it + when it is created. After creation, customers delegate permissions + to the service account. When the connection is used in the context of an + operation in BigQuery, the service account will be used to connect to the + desired resources in GCP. + + The account ID is in the form of: + @gcp-sa-bigquery-cloudresource.iam.gserviceaccount.com + type: string + type: object + cloudSQL: + properties: + serviceAccountID: + description: |- + The account ID of the service used for the purpose of this connection. + + When the connection is used in the context of an operation in + BigQuery, this service account will serve as the identity being used for + connecting to the CloudSQL instance specified in this connection. + type: string + type: object + description: + description: The description for the connection. + type: string + friendlyName: + description: The display name for the connection. + type: string + hasCredential: + description: Output only. True, if credential is configured for + this connection. + type: boolean + spark: + properties: + serviceAccountID: + description: |2- + The account ID of the service created for the purpose of this + connection. + + The service account does not have any permissions associated with it when + it is created. After creation, customers delegate permissions to the + service account. When the connection is used in the context of a stored + procedure for Apache Spark in BigQuery, the service account is used to + connect to the desired resources in Google Cloud. + + The account ID is in the form of: + bqcx--@gcp-sa-bigquery-consp.iam.gserviceaccount.com + type: string + type: object + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: BigQueryConnectionConnection is the Schema for the BigQueryConnectionConnection + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BigQueryConnectionConnectionSpec defines the desired state + to connect BigQuery to external resources + properties: + aws: + description: Amazon Web Services (AWS) properties. + properties: + accessRole: + description: Authentication using Google owned service account + to assume into customer's AWS IAM Role. + properties: + iamRoleID: + description: The user’s AWS IAM Role that trusts the Google-owned + AWS IAM user Connection. + type: string + required: + - iamRoleID + type: object + required: + - accessRole + type: object + azure: + description: Azure properties. + properties: + customerTenantID: + description: The id of customer's directory that host the data. + type: string + federatedApplicationClientID: + description: The client ID of the user's Azure Active Directory + Application used for a federated connection. + type: string + required: + - customerTenantID + type: object + cloudResource: + description: Use Cloud Resource properties. + type: object + cloudSQL: + description: Cloud SQL properties. + properties: + credential: + description: Cloud SQL credential. + properties: + secretRef: + description: The Kubernetes Secret object that stores the + "username" and "password" information. The Secret type has + to be `kubernetes.io/basic-auth`. + properties: + name: + description: The `metadata.name` field of a Kubernetes + `Secret` + type: string + namespace: + description: The `metadata.namespace` field of a Kubernetes + `Secret`. + type: string + required: + - name + type: object + type: object + databaseRef: + description: Reference to the SQL Database. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The SQL Database name, when not managed by Config + Connector. + type: string + name: + description: The `name` field of a `SQLDatabase` resource. + type: string + namespace: + description: The `namespace` field of a `SQLDatabase` resource. + type: string + type: object + instanceRef: + description: Reference to the Cloud SQL instance ID. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The SQLInstance selfLink, when not managed by + Config Connector. + type: string + name: + description: The `name` field of a `SQLInstance` resource. + type: string + namespace: + description: The `namespace` field of a `SQLInstance` resource. + type: string + type: object + type: + description: Type of the Cloud SQL database. + type: string + required: + - credential + - databaseRef + - instanceRef + - type + type: object + cloudSpanner: + description: Cloud Spanner properties. + properties: + databaseRef: + description: Reference to a spanner database ID. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The Spanner Database selfLink, when not managed + by Config Connector. + type: string + name: + description: The `name` field of a `SpannerDatabase` resource. + type: string + namespace: + description: The `namespace` field of a `SpannerDatabase` + resource. + type: string + type: object + databaseRole: + description: |- + Optional. Cloud Spanner database role for fine-grained access control. + The Cloud Spanner admin should have provisioned the database role with + appropriate permissions, such as `SELECT` and `INSERT`. Other users should + only use roles provided by their Cloud Spanner admins. + + For more details, see [About fine-grained access control] + (https://cloud.google.com/spanner/docs/fgac-about). + + REQUIRES: The database role name must start with a letter, and can only + contain letters, numbers, and underscores. + type: string + maxParallelism: + description: |- + Allows setting max parallelism per query when executing on Spanner + independent compute resources. If unspecified, default values of + parallelism are chosen that are dependent on the Cloud Spanner instance + configuration. + + REQUIRES: `use_parallelism` must be set. + REQUIRES: Either `use_data_boost` or `use_serverless_analytics` must be + set. + format: int32 + type: integer + useDataBoost: + description: |- + If set, the request will be executed via Spanner independent compute + resources. + REQUIRES: `use_parallelism` must be set. + + NOTE: `use_serverless_analytics` will be deprecated. Prefer + `use_data_boost` over `use_serverless_analytics`. + type: boolean + useParallelism: + description: If parallelism should be used when reading from Cloud + Spanner + type: boolean + useServerlessAnalytics: + description: 'If the serverless analytics service should be used + to read data from Cloud Spanner. Note: `use_parallelism` must + be set when using serverless analytics.' + type: boolean + required: + - databaseRef + type: object + description: + description: User provided description. + type: string + friendlyName: + description: User provided display name for the connection. + type: string + location: + description: Immutable. + type: string + x-kubernetes-validations: + - message: Location field is immutable + rule: self == oldSelf + projectRef: + description: The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: 'Immutable. Optional. The BigQuery Connection ID used + for resource creation or acquisition. For creation: If specified, + this value is used as the connection ID. If not provided, a UUID + will be generated and assigned as the connection ID. For acquisition: + This field must be provided to identify the connection resource + to acquire.' + type: string + spark: + description: Spark properties. + properties: + metastoreService: + description: Optional. Dataproc Metastore Service configuration + for the connection. + properties: + metastoreServiceRef: + description: |- + Optional. Resource name of an existing Dataproc Metastore service. + + Example: + + * `projects/[project_id]/locations/[region]/services/[service_id]` + properties: + external: + description: The self-link of an existing Dataproc Metastore + service , when not managed by Config Connector. + type: string + required: + - external + type: object + type: object + sparkHistoryServer: + description: Optional. Spark History Server configuration for + the connection. + properties: + dataprocClusterRef: + description: |- + Optional. Resource name of an existing Dataproc Cluster to act as a Spark + History Server for the connection. + + Example: + + * `projects/[project_id]/regions/[region]/clusters/[cluster_name]` + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The self-link of an existing Dataproc Cluster + to act as a Spark History Server for the connection + , when not managed by Config Connector. + type: string + name: + description: The `name` field of a Dataproc Cluster. + type: string + namespace: + description: The `namespace` field of a Dataproc Cluster. + type: string + type: object + type: object + type: object + required: + - location + - projectRef + type: object + status: + description: BigQueryConnectionConnectionStatus defines the config connector + machine state of BigQueryConnectionConnection + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the BigQueryConnectionConnection + resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + aws: + properties: + accessRole: + properties: + identity: + description: A unique Google-owned and Google-generated + identity for the Connection. This identity will be used + to access the user's AWS IAM Role. + type: string + type: object + type: object + azure: + properties: + application: + description: The name of the Azure Active Directory Application. + type: string + clientID: + description: The client id of the Azure Active Directory Application. + type: string + identity: + description: A unique Google-owned and Google-generated identity + for the Connection. This identity will be used to access + the user's Azure Active Directory Application. + type: string + objectID: + description: The object id of the Azure Active Directory Application. + type: string + redirectUri: + description: The URL user will be redirected to after granting + consent during connection setup. + type: string + type: object + cloudResource: + properties: + serviceAccountID: + description: |2- + The account ID of the service created for the purpose of this + connection. + + The service account does not have any permissions associated with it + when it is created. After creation, customers delegate permissions + to the service account. When the connection is used in the context of an + operation in BigQuery, the service account will be used to connect to the + desired resources in GCP. + + The account ID is in the form of: + @gcp-sa-bigquery-cloudresource.iam.gserviceaccount.com + type: string + type: object + cloudSQL: + properties: + serviceAccountID: + description: |- + The account ID of the service used for the purpose of this connection. + + When the connection is used in the context of an operation in + BigQuery, this service account will serve as the identity being used for + connecting to the CloudSQL instance specified in this connection. + type: string + type: object + description: + description: The description for the connection. + type: string + friendlyName: + description: The display name for the connection. + type: string + hasCredential: + description: Output only. True, if credential is configured for + this connection. + type: boolean + spark: + properties: + serviceAccountID: + description: |2- + The account ID of the service created for the purpose of this + connection. + + The service account does not have any permissions associated with it when + it is created. After creation, customers delegate permissions to the + service account. When the connection is used in the context of a stored + procedure for Apache Spark in BigQuery, the service account is used to + connect to the desired resources in Google Cloud. + + The account ID is in the form of: + bqcx--@gcp-sa-bigquery-consp.iam.gserviceaccount.com + type: string + type: object + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigquerydatapolicydatapolicies.bigquerydatapolicy.cnrm.cloud.google.com +spec: + group: bigquerydatapolicy.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryDataPolicyDataPolicy + plural: bigquerydatapolicydatapolicies + shortNames: + - gcpbigquerydatapolicydatapolicy + - gcpbigquerydatapolicydatapolicies + singular: bigquerydatapolicydatapolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataMaskingPolicy: + description: The data masking policy that specifies the data masking + rule to use. + properties: + predefinedExpression: + description: 'The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options. + Possible values: ["SHA256", "ALWAYS_NULL", "DEFAULT_MASKING_VALUE", + "LAST_FOUR_CHARACTERS", "FIRST_FOUR_CHARACTERS", "EMAIL_MASK", + "DATE_YEAR_MASK"].' + type: string + required: + - predefinedExpression + type: object + dataPolicyType: + description: 'The enrollment level of the service. Possible values: + ["COLUMN_LEVEL_SECURITY_POLICY", "DATA_MASKING_POLICY"].' + type: string + location: + description: Immutable. The name of the location of the data policy. + type: string + policyTag: + description: Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The dataPolicyId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - dataPolicyType + - location + - policyTag + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: Resource name of this data policy, in the format of projects/{project_number}/locations/{locationId}/dataPolicies/{dataPolicyId}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigquerydatasetaccesses.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryDatasetAccess + plural: bigquerydatasetaccesses + shortNames: + - gcpbigquerydatasetaccess + - gcpbigquerydatasetaccesses + singular: bigquerydatasetaccess + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataset: + description: Immutable. Grants all resources of particular types in + a particular dataset read access to the current dataset. + properties: + dataset: + description: Immutable. The dataset this entry applies to. + properties: + datasetId: + description: Immutable. The ID of the dataset containing this + table. + type: string + projectId: + description: Immutable. The ID of the project containing this + table. + type: string + required: + - datasetId + - projectId + type: object + targetTypes: + description: |- + Immutable. Which resources in the dataset this entry applies to. Currently, only views are supported, + but additional target types may be added in the future. Possible values: VIEWS. + items: + type: string + type: array + required: + - dataset + - targetTypes + type: object + datasetId: + description: |- + Immutable. A unique ID for this dataset, without the project name. The ID + must contain only letters (a-z, A-Z), numbers (0-9), or + underscores (_). The maximum length is 1,024 characters. + type: string + domain: + description: |- + Immutable. A domain to grant access to. Any users signed in with the + domain specified will be granted the specified access. + type: string + groupByEmail: + description: Immutable. An email address of a Google Group to grant + access to. + type: string + iamMember: + description: |- + Immutable. Some other type of member that appears in the IAM Policy but isn't a user, + group, domain, or special group. For example: 'allUsers'. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The routine of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + role: + description: |- + Immutable. Describes the rights granted to the user specified by the other + member of the access object. Basic, predefined, and custom roles are + supported. Predefined roles that have equivalent basic roles are + swapped by the API to their basic counterparts, and will show a diff + post-create. See + [official docs](https://cloud.google.com/bigquery/docs/access-control). + type: string + specialGroup: + description: |- + Immutable. A special group to grant access to. Possible values include: + + + * 'projectOwners': Owners of the enclosing project. + + + * 'projectReaders': Readers of the enclosing project. + + + * 'projectWriters': Writers of the enclosing project. + + + * 'allAuthenticatedUsers': All authenticated BigQuery users. + type: string + userByEmail: + description: |- + Immutable. An email address of a user to grant access to. For example: + fred@example.com. + type: string + view: + description: |- + Immutable. A view from a different dataset to grant access to. Queries + executed against that view will have read access to tables in + this dataset. The role field is not required when this field is + set. If that view is updated by any user, access to the view + needs to be granted again via an update operation. + properties: + datasetId: + description: Immutable. The ID of the dataset containing this + table. + type: string + projectId: + description: Immutable. The ID of the project containing this + table. + type: string + tableId: + description: |- + Immutable. The ID of the table. The ID must contain only letters (a-z, + A-Z), numbers (0-9), or underscores (_). The maximum length + is 1,024 characters. + type: string + required: + - datasetId + - projectId + - tableId + type: object + required: + - datasetId + - projectRef + type: object + status: + properties: + apiUpdatedMember: + description: If true, represents that that the iam_member in the config + was translated to a different member type by the API, and is stored + in state as a different member type. + type: boolean + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigquerydatasets.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryDataset + listKind: BigQueryDatasetList + plural: bigquerydatasets + shortNames: + - gcpbigquerydataset + - gcpbigquerydatasets + singular: bigquerydataset + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: BigQueryDataset is the Schema for the BigQueryDataset API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BigQueryDatasetSpec defines the desired state of BigQueryDataset + properties: + access: + description: An array of objects that define dataset access for one + or more entities. + items: + properties: + dataset: + description: '[Pick one] A grant authorizing all resources of + a particular type in a particular dataset access to this dataset. + Only views are supported for now. The role field is not required + when this field is set. If that dataset is deleted and re-created, + its access needs to be granted again via an update operation.' + properties: + dataset: + description: The dataset this entry applies to. + properties: + datasetId: + description: A unique Id for this dataset, without the + project name. The Id must contain only letters (a-z, + A-Z), numbers (0-9), or underscores (_). The maximum + length is 1,024 characters. + type: string + projectId: + description: The ID of the project containing this dataset. + type: string + required: + - datasetId + - projectId + type: object + targetTypes: + description: Which resources in the dataset this entry applies + to. Currently, only views are supported, but additional + target types may be added in the future. + items: + type: string + type: array + required: + - dataset + - targetTypes + type: object + domain: + description: '[Pick one] A domain to grant access to. Any users + signed in with the domain specified will be granted the specified + access. Example: "example.com". Maps to IAM policy member + "domain:DOMAIN".' + type: string + groupByEmail: + description: '[Pick one] An email address of a Google Group + to grant access to. Maps to IAM policy member "group:GROUP".' + type: string + iamMember: + description: '[Pick one] Some other type of member that appears + in the IAM Policy but isn''t a user, group, domain, or special + group.' + type: string + role: + description: |- + An IAM role ID that should be granted to the user, group, + or domain specified in this access entry. + The following legacy mappings will be applied: + + * `OWNER`: `roles/bigquery.dataOwner` + * `WRITER`: `roles/bigquery.dataEditor` + * `READER`: `roles/bigquery.dataViewer` + + This field will accept any of the above formats, but will return only + the legacy format. For example, if you set this field to + "roles/bigquery.dataOwner", it will be returned back as "OWNER". + type: string + routine: + description: '[Pick one] A routine from a different dataset + to grant access to. Queries executed against that routine + will have read access to views/tables/routines in this dataset. + Only UDF is supported for now. The role field is not required + when this field is set. If that routine is updated by any + user, access to the routine needs to be granted again via + an update operation.' + properties: + datasetId: + description: The ID of the dataset containing this routine. + type: string + projectId: + description: The ID of the project containing this routine. + type: string + routineId: + description: The Id of the routine. The Id must contain + only letters (a-z, A-Z), numbers (0-9), or underscores + (_). The maximum length is 256 characters. + type: string + required: + - datasetId + - projectId + - routineId + type: object + specialGroup: + description: |- + [Pick one] A special group to grant access to. Possible values include: + + * projectOwners: Owners of the enclosing project. + * projectReaders: Readers of the enclosing project. + * projectWriters: Writers of the enclosing project. + * allAuthenticatedUsers: All authenticated BigQuery users. + + Maps to similarly-named IAM members. + type: string + userByEmail: + description: '[Pick one] An email address of a user to grant + access to. For example: fred@example.com. Maps to IAM policy + member "user:EMAIL" or "serviceAccount:EMAIL".' + type: string + view: + description: '[Pick one] A view from a different dataset to + grant access to. Queries executed against that view will have + read access to views/tables/routines in this dataset. The + role field is not required when this field is set. If that + view is updated by any user, access to the view needs to be + granted again via an update operation.' + properties: + datasetId: + description: The ID of the dataset containing this table. + type: string + projectId: + description: The ID of the project containing this table. + type: string + tableId: + description: The Id of the table. The Id can contain Unicode + characters in category L (letter), M (mark), N (number), + Pc (connector, including underscore), Pd (dash), and Zs + (space). For more information, see [General Category](https://wikipedia.org/wiki/Unicode_character_property#General_Category). + The maximum length is 1,024 characters. Certain operations + allow suffixing of the table Id with a partition decorator, + such as `sample_table$20190123`. + type: string + required: + - datasetId + - projectId + - tableId + type: object + type: object + type: array + defaultCollation: + description: |- + Optional. Defines the default collation specification of future tables + created in the dataset. If a table is created in this dataset without + table-level default collation, then the table inherits the dataset default + collation, which is applied to the string fields that do not have explicit + collation specified. A change to this field affects only tables created + afterwards, and does not alter the existing tables. + The following values are supported: + + * 'und:ci': undetermined locale, case-insensitive. + * '': empty string. Default to case-sensitive behavior. + type: string + defaultEncryptionConfiguration: + description: The default encryption key for all tables in the dataset. + After this property is set, the encryption key of all newly-created + tables in the dataset is set to this value unless the table creation + request or query explicitly overrides the key. + properties: + kmsKeyRef: + description: Optional. Describes the Cloud KMS encryption key + that will be used to protect destination BigQuery table. The + BigQuery Service Account associated with your project requires + access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed KMSCryptoKey. + Should be in the format `projects/[kms_project_id]/locations/[region]/keyRings/[key_ring_id]/cryptoKeys/[key]`. + type: string + name: + description: The `name` of a `KMSCryptoKey` resource. + type: string + namespace: + description: The `namespace` of a `KMSCryptoKey` resource. + type: string + type: object + type: object + defaultPartitionExpirationMs: + description: |- + This default partition expiration, expressed in milliseconds. + + When new time-partitioned tables are created in a dataset where this + property is set, the table will inherit this value, propagated as the + `TimePartitioning.expirationMs` property on the new table. If you set + `TimePartitioning.expirationMs` explicitly when creating a table, + the `defaultPartitionExpirationMs` of the containing dataset is ignored. + + When creating a partitioned table, if `defaultPartitionExpirationMs` + is set, the `defaultTableExpirationMs` value is ignored and the table + will not be inherit a table expiration deadline. + format: int64 + type: integer + defaultTableExpirationMs: + description: Optional. The default lifetime of all tables in the dataset, + in milliseconds. The minimum lifetime value is 3600000 milliseconds + (one hour). To clear an existing default expiration with a PATCH + request, set to 0. Once this property is set, all newly-created + tables in the dataset will have an expirationTime property set to + the creation time plus the value in this property, and changing + the value will only affect new tables, not existing ones. When the + expirationTime for a given table is reached, that table will be + deleted automatically. If a table's expirationTime is modified or + removed before the table expires, or if you provide an explicit + expirationTime when creating a table, that value takes precedence + over the default expiration time indicated by this property. + format: int64 + type: integer + description: + description: Optional. A user-friendly description of the dataset. + type: string + friendlyName: + description: Optional. A descriptive name for the dataset. + type: string + isCaseInsensitive: + description: Optional. TRUE if the dataset and its table names are + case-insensitive, otherwise FALSE. By default, this is FALSE, which + means the dataset and its table names are case-sensitive. This field + does not affect routine references. + type: boolean + location: + description: Optional. The geographic location where the dataset should + reside. See https://cloud.google.com/bigquery/docs/locations for + supported locations. + type: string + maxTimeTravelHours: + description: Optional. Defines the time travel window in hours. The + value can be from 48 to 168 hours (2 to 7 days). The default value + is 168 hours if this is not set. + type: string + projectRef: + description: ' Optional. The project that this resource belongs to.' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: The BigQueryDataset name. If not given, the metadata.name + will be used. + type: string + storageBillingModel: + description: Optional. Updates storage_billing_model for the dataset. + type: string + type: object + status: + description: BigQueryDatasetStatus defines the config connector machine + state of BigQueryDataset + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTime: + description: Output only. The time when this dataset was created, + in milliseconds since the epoch. + format: int64 + type: integer + etag: + description: Output only. A hash of the resource. + type: string + externalRef: + description: A unique specifier for the BigQueryAnalyticsHubDataExchangeListing + resource in GCP. + type: string + lastModifiedTime: + description: Output only. The date when this dataset was last modified, + in milliseconds since the epoch. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + location: + description: Optional. If the location is not specified in the + spec, the GCP server defaults to a location and will be captured + here. + type: string + type: object + selfLink: + description: Output only. A URL that can be used to access the resource + again. You can use this URL in Get or Update requests to the resource. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: bigquerydatatransferconfigs.bigquerydatatransfer.cnrm.cloud.google.com +spec: + group: bigquerydatatransfer.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryDataTransferConfig + listKind: BigQueryDataTransferConfigList + plural: bigquerydatatransferconfigs + singular: bigquerydatatransferconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: BigQueryDataTransferConfig is the Schema for the BigQueryDataTransferConfig + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BigQueryDataTransferConfigSpec defines the desired state + of BigQueryDataTransferConfig + properties: + dataRefreshWindowDays: + description: The number of days to look back to automatically refresh + the data. For example, if `data_refresh_window_days = 10`, then + every day BigQuery reingests data for [today-10, today-1], rather + than ingesting data for just [today-1]. Only valid if the data source + supports the feature. Set the value to 0 to use the default value. + format: int32 + type: integer + dataSourceID: + description: 'Immutable. Data source ID. This cannot be changed once + data transfer is created. The full list of available data source + IDs can be returned through an API call: https://cloud.google.com/bigquery-transfer/docs/reference/datatransfer/rest/v1/projects.locations.dataSources/list' + type: string + x-kubernetes-validations: + - message: DataSourceID field is immutable + rule: self == oldSelf + datasetRef: + description: The BigQuery target dataset id. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: If provided must be in the format `projects/[project_id]/datasets/[dataset_id]`. + type: string + name: + description: The `metadata.name` field of a `BigQueryDataset` + resource. + type: string + namespace: + description: The `metadata.namespace` field of a `BigQueryDataset` + resource. + type: string + type: object + disabled: + description: Is this config disabled. When set to true, no runs will + be scheduled for this transfer config. + type: boolean + displayName: + description: User specified display name for the data transfer. + type: string + emailPreferences: + description: Email notifications will be sent according to these preferences + to the email address of the user who owns this transfer config. + properties: + enableFailureEmail: + description: If true, email notifications will be sent on transfer + run failures. + type: boolean + type: object + encryptionConfiguration: + description: The encryption configuration part. Currently, it is only + used for the optional KMS key name. The BigQuery service account + of your project must be granted permissions to use the key. Read + methods will return the key name applied in effect. Write methods + will apply the key if it is present, or otherwise try to apply project + default keys if it is absent. + properties: + kmsKeyRef: + description: The KMS key used for encrypting BigQuery data. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed KMSCryptoKey. + Should be in the format `projects/[kms_project_id]/locations/[region]/keyRings/[key_ring_id]/cryptoKeys/[key]`. + type: string + name: + description: The `name` of a `KMSCryptoKey` resource. + type: string + namespace: + description: The `namespace` of a `KMSCryptoKey` resource. + type: string + type: object + type: object + location: + description: Immutable. + type: string + x-kubernetes-validations: + - message: Location field is immutable + rule: self == oldSelf + params: + additionalProperties: + type: string + description: 'Parameters specific to each data source. For more information + see the bq tab in the ''Setting up a data transfer'' section for + each data source. For example the parameters for Cloud Storage transfers + are listed here: https://cloud.google.com/bigquery-transfer/docs/cloud-storage-transfer#bq' + type: object + projectRef: + description: The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + pubSubTopicRef: + description: Pub/Sub topic where notifications will be sent after + transfer runs associated with this transfer config finish. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: If provided must be in the format `projects/[project_id]/topics/[topic_id]`. + type: string + name: + description: The `metadata.name` field of a `PubSubTopic` resource. + type: string + namespace: + description: The `metadata.namespace` field of a `PubSubTopic` + resource. + type: string + type: object + resourceID: + description: Immutable. The BigQueryDataTransferConfig name. If not + given, the metadata.name will be used. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + schedule: + description: |- + Data transfer schedule. + If the data source does not support a custom schedule, this should be + empty. If it is empty, the default value for the data source will be used. + The specified times are in UTC. + Examples of valid format: + `1st,3rd monday of month 15:30`, + `every wed,fri of jan,jun 13:15`, and + `first sunday of quarter 00:00`. + See more explanation about the format here: + https://cloud.google.com/appengine/docs/flexible/python/scheduling-jobs-with-cron-yaml#the_schedule_format + + NOTE: The minimum interval time between recurring transfers depends on the + data source; refer to the documentation for your data source. + type: string + scheduleOptions: + description: Options customizing the data transfer schedule. + properties: + disableAutoScheduling: + description: If true, automatic scheduling of data transfer runs + for this configuration will be disabled. The runs can be started + on ad-hoc basis using StartManualTransferRuns API. When automatic + scheduling is disabled, the TransferConfig.schedule field will + be ignored. + type: boolean + endTime: + description: Defines time to stop scheduling transfer runs. A + transfer run cannot be scheduled at or after the end time. The + end time can be changed at any moment. The time when a data + transfer can be triggered manually is not limited by this option. + type: string + startTime: + description: Specifies time to start scheduling transfer runs. + The first run will be scheduled at or after the start time according + to a recurrence pattern defined in the schedule string. The + start time can be changed at any moment. The time when a data + transfer can be triggered manually is not limited by this option. + type: string + type: object + serviceAccountRef: + description: Service account email. If this field is set, the transfer + config will be created with this service account's credentials. + It requires that the requesting user calling this API has permissions + to act as this service account. Note that not all data sources support + service account credentials when creating a transfer config. For + the latest list of data sources, please refer to https://cloud.google.com/bigquery/docs/use-service-accounts. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - dataSourceID + - datasetRef + - location + - params + - projectRef + type: object + status: + description: BigQueryDataTransferConfigStatus defines the config connector + machine state of BigQueryDataTransferConfig + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the BigQueryDataTransferConfig + resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + datasetRegion: + description: Output only. Region in which BigQuery dataset is + located. + type: string + name: + description: Identifier. The resource name of the transfer config. + Transfer config names have the form either `projects/{project_id}/locations/{region}/transferConfigs/{config_id}` + or `projects/{project_id}/transferConfigs/{config_id}`, where + `config_id` is usually a UUID, even though it is not guaranteed + or required. The name is ignored when creating a transfer config. + type: string + nextRunTime: + description: Output only. Next time when data transfer will run. + type: string + ownerInfo: + description: Output only. Information about the user whose credentials + are used to transfer data. Populated only for `transferConfigs.get` + requests. In case the user information is not available, this + field will not be populated. + properties: + email: + description: E-mail address of the user. + type: string + type: object + state: + description: Output only. State of the most recently updated transfer + run. + type: string + updateTime: + description: Output only. Data transfer modification time. Ignored + by server on input. + type: string + userID: + description: Deprecated. Unique ID of the user on whose behalf + transfer is done. + format: int64 + type: integer + type: object + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: BigQueryDataTransferConfig is the Schema for the BigQueryDataTransferConfig + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BigQueryDataTransferConfigSpec defines the desired state + of BigQueryDataTransferConfig + properties: + dataRefreshWindowDays: + description: The number of days to look back to automatically refresh + the data. For example, if `data_refresh_window_days = 10`, then + every day BigQuery reingests data for [today-10, today-1], rather + than ingesting data for just [today-1]. Only valid if the data source + supports the feature. Set the value to 0 to use the default value. + format: int32 + type: integer + dataSourceID: + description: 'Immutable. Data source ID. This cannot be changed once + data transfer is created. The full list of available data source + IDs can be returned through an API call: https://cloud.google.com/bigquery-transfer/docs/reference/datatransfer/rest/v1/projects.locations.dataSources/list' + type: string + x-kubernetes-validations: + - message: DataSourceID field is immutable + rule: self == oldSelf + datasetRef: + description: The BigQuery target dataset id. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: If provided must be in the format `projects/[project_id]/datasets/[dataset_id]`. + type: string + name: + description: The `metadata.name` field of a `BigQueryDataset` + resource. + type: string + namespace: + description: The `metadata.namespace` field of a `BigQueryDataset` + resource. + type: string + type: object + disabled: + description: Is this config disabled. When set to true, no runs will + be scheduled for this transfer config. + type: boolean + displayName: + description: User specified display name for the data transfer. + type: string + emailPreferences: + description: Email notifications will be sent according to these preferences + to the email address of the user who owns this transfer config. + properties: + enableFailureEmail: + description: If true, email notifications will be sent on transfer + run failures. + type: boolean + type: object + encryptionConfiguration: + description: The encryption configuration part. Currently, it is only + used for the optional KMS key name. The BigQuery service account + of your project must be granted permissions to use the key. Read + methods will return the key name applied in effect. Write methods + will apply the key if it is present, or otherwise try to apply project + default keys if it is absent. + properties: + kmsKeyRef: + description: The KMS key used for encrypting BigQuery data. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed KMSCryptoKey. + Should be in the format `projects/[kms_project_id]/locations/[region]/keyRings/[key_ring_id]/cryptoKeys/[key]`. + type: string + name: + description: The `name` of a `KMSCryptoKey` resource. + type: string + namespace: + description: The `namespace` of a `KMSCryptoKey` resource. + type: string + type: object + type: object + location: + description: Immutable. + type: string + x-kubernetes-validations: + - message: Location field is immutable + rule: self == oldSelf + params: + additionalProperties: + type: string + description: 'Parameters specific to each data source. For more information + see the bq tab in the ''Setting up a data transfer'' section for + each data source. For example the parameters for Cloud Storage transfers + are listed here: https://cloud.google.com/bigquery-transfer/docs/cloud-storage-transfer#bq' + type: object + projectRef: + description: The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + pubSubTopicRef: + description: Pub/Sub topic where notifications will be sent after + transfer runs associated with this transfer config finish. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: If provided must be in the format `projects/[project_id]/topics/[topic_id]`. + type: string + name: + description: The `metadata.name` field of a `PubSubTopic` resource. + type: string + namespace: + description: The `metadata.namespace` field of a `PubSubTopic` + resource. + type: string + type: object + resourceID: + description: Immutable. The BigQueryDataTransferConfig name. If not + given, the metadata.name will be used. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + schedule: + description: |- + Data transfer schedule. + If the data source does not support a custom schedule, this should be + empty. If it is empty, the default value for the data source will be used. + The specified times are in UTC. + Examples of valid format: + `1st,3rd monday of month 15:30`, + `every wed,fri of jan,jun 13:15`, and + `first sunday of quarter 00:00`. + See more explanation about the format here: + https://cloud.google.com/appengine/docs/flexible/python/scheduling-jobs-with-cron-yaml#the_schedule_format + + NOTE: The minimum interval time between recurring transfers depends on the + data source; refer to the documentation for your data source. + type: string + scheduleOptions: + description: Options customizing the data transfer schedule. + properties: + disableAutoScheduling: + description: If true, automatic scheduling of data transfer runs + for this configuration will be disabled. The runs can be started + on ad-hoc basis using StartManualTransferRuns API. When automatic + scheduling is disabled, the TransferConfig.schedule field will + be ignored. + type: boolean + endTime: + description: Defines time to stop scheduling transfer runs. A + transfer run cannot be scheduled at or after the end time. The + end time can be changed at any moment. The time when a data + transfer can be triggered manually is not limited by this option. + type: string + startTime: + description: Specifies time to start scheduling transfer runs. + The first run will be scheduled at or after the start time according + to a recurrence pattern defined in the schedule string. The + start time can be changed at any moment. The time when a data + transfer can be triggered manually is not limited by this option. + type: string + type: object + serviceAccountRef: + description: Service account email. If this field is set, the transfer + config will be created with this service account's credentials. + It requires that the requesting user calling this API has permissions + to act as this service account. Note that not all data sources support + service account credentials when creating a transfer config. For + the latest list of data sources, please refer to https://cloud.google.com/bigquery/docs/use-service-accounts. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - dataSourceID + - datasetRef + - location + - params + - projectRef + type: object + status: + description: BigQueryDataTransferConfigStatus defines the config connector + machine state of BigQueryDataTransferConfig + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the BigQueryDataTransferConfig + resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + datasetRegion: + description: Output only. Region in which BigQuery dataset is + located. + type: string + name: + description: Identifier. The resource name of the transfer config. + Transfer config names have the form either `projects/{project_id}/locations/{region}/transferConfigs/{config_id}` + or `projects/{project_id}/transferConfigs/{config_id}`, where + `config_id` is usually a UUID, even though it is not guaranteed + or required. The name is ignored when creating a transfer config. + type: string + nextRunTime: + description: Output only. Next time when data transfer will run. + type: string + ownerInfo: + description: Output only. Information about the user whose credentials + are used to transfer data. Populated only for `transferConfigs.get` + requests. In case the user information is not available, this + field will not be populated. + properties: + email: + description: E-mail address of the user. + type: string + type: object + state: + description: Output only. State of the most recently updated transfer + run. + type: string + updateTime: + description: Output only. Data transfer modification time. Ignored + by server on input. + type: string + userID: + description: Deprecated. Unique ID of the user on whose behalf + transfer is done. + format: int64 + type: integer + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryjobs.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryJob + plural: bigqueryjobs + shortNames: + - gcpbigqueryjob + - gcpbigqueryjobs + singular: bigqueryjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + copy: + description: Immutable. Copies a table. + properties: + createDisposition: + description: |- + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. + type: string + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string + required: + - kmsKeyRef + type: object + destinationTable: + description: Immutable. The destination table. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + sourceTables: + description: Immutable. Source tables to copy. + items: + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + type: array + writeDisposition: + description: |- + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. + type: string + required: + - sourceTables + type: object + extract: + description: Immutable. Configures an extract job. + properties: + compression: + description: |- + Immutable. The compression type to use for exported files. Possible values include GZIP, DEFLATE, SNAPPY, and NONE. + The default value is NONE. DEFLATE and SNAPPY are only supported for Avro. + type: string + destinationFormat: + description: |- + Immutable. The exported file format. Possible values include CSV, NEWLINE_DELIMITED_JSON and AVRO for tables and SAVED_MODEL for models. + The default value for tables is CSV. Tables with nested or repeated fields cannot be exported as CSV. + The default value for models is SAVED_MODEL. + type: string + destinationUris: + description: Immutable. A list of fully-qualified Google Cloud + Storage URIs where the extracted table should be written. + items: + type: string + type: array + fieldDelimiter: + description: |- + Immutable. When extracting data in CSV format, this defines the delimiter to use between fields in the exported data. + Default is ','. + type: string + printHeader: + description: Immutable. Whether to print out a header row in the + results. Default is true. + type: boolean + sourceTable: + description: Immutable. A reference to the table being exported. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + useAvroLogicalTypes: + description: Immutable. Whether to use logical types when extracting + to AVRO format. + type: boolean + required: + - destinationUris + type: object + jobTimeoutMs: + description: Immutable. Job timeout in milliseconds. If this time + limit is exceeded, BigQuery may attempt to terminate the job. + type: string + load: + description: Immutable. Configures a load job. + properties: + allowJaggedRows: + description: |- + Immutable. Accept rows that are missing trailing optional columns. The missing values are treated as nulls. + If false, records with missing trailing columns are treated as bad records, and if there are too many bad records, + an invalid error is returned in the job result. The default value is false. Only applicable to CSV, ignored for other formats. + type: boolean + allowQuotedNewlines: + description: |- + Immutable. Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file. + The default value is false. + type: boolean + autodetect: + description: Immutable. Indicates if we should automatically infer + the options and schema for CSV and JSON sources. + type: boolean + createDisposition: + description: |- + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. + type: string + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string + required: + - kmsKeyRef + type: object + destinationTable: + description: Immutable. The destination table to load the data + into. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + encoding: + description: |- + Immutable. The character encoding of the data. The supported values are UTF-8 or ISO-8859-1. + The default value is UTF-8. BigQuery decodes the data after the raw, binary data + has been split using the values of the quote and fieldDelimiter properties. + type: string + fieldDelimiter: + description: |- + Immutable. The separator for fields in a CSV file. The separator can be any ISO-8859-1 single-byte character. + To use a character in the range 128-255, you must encode the character as UTF8. BigQuery converts + the string to ISO-8859-1 encoding, and then uses the first byte of the encoded string to split the + data in its raw, binary state. BigQuery also supports the escape sequence "\t" to specify a tab separator. + The default value is a comma (','). + type: string + ignoreUnknownValues: + description: |- + Immutable. Indicates if BigQuery should allow extra values that are not represented in the table schema. + If true, the extra values are ignored. If false, records with extra columns are treated as bad records, + and if there are too many bad records, an invalid error is returned in the job result. + The default value is false. The sourceFormat property determines what BigQuery treats as an extra value: + CSV: Trailing columns + JSON: Named values that don't match any column names. + type: boolean + jsonExtension: + description: |- + Immutable. If sourceFormat is set to newline-delimited JSON, indicates whether it should be processed as a JSON variant such as GeoJSON. + For a sourceFormat other than JSON, omit this field. If the sourceFormat is newline-delimited JSON: - for newline-delimited + GeoJSON: set to GEOJSON. + type: string + maxBadRecords: + description: |- + Immutable. The maximum number of bad records that BigQuery can ignore when running the job. If the number of bad records exceeds this value, + an invalid error is returned in the job result. The default value is 0, which requires that all records are valid. + type: integer + nullMarker: + description: |- + Immutable. Specifies a string that represents a null value in a CSV file. For example, if you specify "\N", BigQuery interprets "\N" as a null value + when loading a CSV file. The default value is the empty string. If you set this property to a custom value, BigQuery throws an error if an + empty string is present for all data types except for STRING and BYTE. For STRING and BYTE columns, BigQuery interprets the empty string as + an empty value. + type: string + parquetOptions: + description: Immutable. Parquet Options for load and make external + tables. + properties: + enableListInference: + description: Immutable. If sourceFormat is set to PARQUET, + indicates whether to use schema inference specifically for + Parquet LIST logical type. + type: boolean + enumAsString: + description: Immutable. If sourceFormat is set to PARQUET, + indicates whether to infer Parquet ENUM logical type as + STRING instead of BYTES by default. + type: boolean + type: object + projectionFields: + description: |- + Immutable. If sourceFormat is set to "DATASTORE_BACKUP", indicates which entity properties to load into BigQuery from a Cloud Datastore backup. + Property names are case sensitive and must be top-level properties. If no properties are specified, BigQuery loads all properties. + If any named property isn't found in the Cloud Datastore backup, an invalid error is returned in the job result. + items: + type: string + type: array + quote: + description: |- + Immutable. The value that is used to quote data sections in a CSV file. BigQuery converts the string to ISO-8859-1 encoding, + and then uses the first byte of the encoded string to split the data in its raw, binary state. + The default value is a double-quote ('"'). If your data does not contain quoted sections, set the property value to an empty string. + If your data contains quoted newline characters, you must also set the allowQuotedNewlines property to true. + type: string + schemaUpdateOptions: + description: |- + Immutable. Allows the schema of the destination table to be updated as a side effect of the load job if a schema is autodetected or + supplied in the job configuration. Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; + when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, specified by partition decorators. + For normal tables, WRITE_TRUNCATE will always overwrite the schema. One or more of the following values are specified: + ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. + ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. + items: + type: string + type: array + skipLeadingRows: + description: |- + Immutable. The number of rows at the top of a CSV file that BigQuery will skip when loading the data. + The default value is 0. This property is useful if you have header rows in the file that should be skipped. + When autodetect is on, the behavior is the following: + skipLeadingRows unspecified - Autodetect tries to detect headers in the first row. If they are not detected, + the row is read as data. Otherwise data is read starting from the second row. + skipLeadingRows is 0 - Instructs autodetect that there are no headers and data should be read starting from the first row. + skipLeadingRows = N > 0 - Autodetect skips N-1 rows and tries to detect headers in row N. If headers are not detected, + row N is just skipped. Otherwise row N is used to extract column names for the detected schema. + type: integer + sourceFormat: + description: |- + Immutable. The format of the data files. For CSV files, specify "CSV". For datastore backups, specify "DATASTORE_BACKUP". + For newline-delimited JSON, specify "NEWLINE_DELIMITED_JSON". For Avro, specify "AVRO". For parquet, specify "PARQUET". + For orc, specify "ORC". [Beta] For Bigtable, specify "BIGTABLE". + The default value is CSV. + type: string + sourceUris: + description: |- + Immutable. The fully-qualified URIs that point to your data in Google Cloud. + For Google Cloud Storage URIs: Each URI can contain one '\*' wildcard character + and it must come after the 'bucket' name. Size limits related to load jobs apply + to external data sources. For Google Cloud Bigtable URIs: Exactly one URI can be + specified and it has be a fully specified and valid HTTPS URL for a Google Cloud Bigtable table. + For Google Cloud Datastore backups: Exactly one URI can be specified. Also, the '\*' wildcard character is not allowed. + items: + type: string + type: array + timePartitioning: + description: Immutable. Time-based partitioning specification + for the destination table. + properties: + expirationMs: + description: Immutable. Number of milliseconds for which to + keep the storage for a partition. A wrapper is used here + because 0 is an invalid value. + type: string + field: + description: |- + Immutable. If not set, the table is partitioned by pseudo column '_PARTITIONTIME'; if set, the table is partitioned by this field. + The field must be a top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or REQUIRED. + A wrapper is used here because an empty string is an invalid value. + type: string + type: + description: |- + Immutable. The only type supported is DAY, which will generate one partition per day. Providing an empty string used to cause an error, + but in OnePlatform the field will be treated as unset. + type: string + required: + - type + type: object + writeDisposition: + description: |- + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. + type: string + required: + - destinationTable + - sourceUris + type: object + location: + description: Immutable. The geographic location of the job. The default + value is US. + type: string + query: + description: Immutable. Configures a query job. + properties: + allowLargeResults: + description: |- + Immutable. If true and query uses legacy SQL dialect, allows the query to produce arbitrarily large result tables at a slight cost in performance. + Requires destinationTable to be set. For standard SQL queries, this flag is ignored and large results are always allowed. + However, you must still set destinationTable when result size exceeds the allowed maximum response size. + type: boolean + createDisposition: + description: |- + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. + type: string + defaultDataset: + description: Immutable. Specifies the default dataset to use for + unqualified table names in the query. Note that this does not + alter behavior of unqualified dataset names. + properties: + datasetRef: + description: A reference to the dataset. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryDataset` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - datasetRef + type: object + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string + required: + - kmsKeyRef + type: object + destinationTable: + description: |- + Immutable. Describes the table where the query results should be stored. + This property must be set for large results that exceed the maximum response size. + For queries that produce anonymous (cached) results, this field will be populated by BigQuery. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + flattenResults: + description: |- + Immutable. If true and query uses legacy SQL dialect, flattens all nested and repeated fields in the query results. + allowLargeResults must be true if this is set to false. For standard SQL queries, this flag is ignored and results are never flattened. + type: boolean + maximumBillingTier: + description: |- + Immutable. Limits the billing tier for this job. Queries that have resource usage beyond this tier will fail (without incurring a charge). + If unspecified, this will be set to your project default. + type: integer + maximumBytesBilled: + description: |- + Immutable. Limits the bytes billed for this job. Queries that will have bytes billed beyond this limit will fail (without incurring a charge). + If unspecified, this will be set to your project default. + type: string + parameterMode: + description: Immutable. Standard SQL only. Set to POSITIONAL to + use positional (?) query parameters or to NAMED to use named + (@myparam) query parameters in this query. + type: string + priority: + description: 'Immutable. Specifies a priority for the query. Default + value: "INTERACTIVE" Possible values: ["INTERACTIVE", "BATCH"].' + type: string + query: + description: |- + Immutable. SQL query text to execute. The useLegacySql field can be used to indicate whether the query uses legacy SQL or standard SQL. + *NOTE*: queries containing [DML language](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-manipulation-language) + ('DELETE', 'UPDATE', 'MERGE', 'INSERT') must specify 'create_disposition = ""' and 'write_disposition = ""'. + type: string + schemaUpdateOptions: + description: |- + Immutable. Allows the schema of the destination table to be updated as a side effect of the query job. + Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; + when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, + specified by partition decorators. For normal tables, WRITE_TRUNCATE will always overwrite the schema. + One or more of the following values are specified: + ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. + ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. + items: + type: string + type: array + scriptOptions: + description: Immutable. Options controlling the execution of scripts. + properties: + keyResultStatement: + description: |- + Immutable. Determines which statement in the script represents the "key result", + used to populate the schema and query results of the script job. Possible values: ["LAST", "FIRST_SELECT"]. + type: string + statementByteBudget: + description: Immutable. Limit on the number of bytes billed + per statement. Exceeding this budget results in an error. + type: string + statementTimeoutMs: + description: Immutable. Timeout period for each statement + in a script. + type: string + type: object + useLegacySql: + description: |- + Immutable. Specifies whether to use BigQuery's legacy SQL dialect for this query. The default value is true. + If set to false, the query will use BigQuery's standard SQL. + type: boolean + useQueryCache: + description: |- + Immutable. Whether to look for the result in the query cache. The query cache is a best-effort cache that will be flushed whenever + tables in the query are modified. Moreover, the query cache is only available when a query does not have a destination table specified. + The default value is true. + type: boolean + userDefinedFunctionResources: + description: Immutable. Describes user-defined function resources + used in the query. + items: + properties: + inlineCode: + description: |- + Immutable. An inline resource that contains code for a user-defined function (UDF). + Providing a inline code resource is equivalent to providing a URI for a file containing the same code. + type: string + resourceUri: + description: Immutable. A code resource to load from a Google + Cloud Storage URI (gs://bucket/path). + type: string + type: object + type: array + writeDisposition: + description: |- + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. + type: string + required: + - query + type: object + resourceID: + description: Immutable. Optional. The jobId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + jobType: + description: The type of the job. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + status: + description: The status of this job. Examine this value when polling + an asynchronous job to see if the job is complete. + items: + properties: + errorResult: + description: Final error result of the job. If present, indicates + that the job has completed and was unsuccessful. + items: + properties: + location: + description: Specifies where the error occurred, if present. + type: string + message: + description: A human-readable description of the error. + type: string + reason: + description: A short error code that summarizes the error. + type: string + type: object + type: array + errors: + description: |- + The first errors encountered during the running of the job. The final message + includes the number of errors that caused the process to stop. Errors here do + not necessarily mean that the job has not completed or was unsuccessful. + items: + properties: + location: + description: Specifies where the error occurred, if present. + type: string + message: + description: A human-readable description of the error. + type: string + reason: + description: A short error code that summarizes the error. + type: string + type: object + type: array + state: + description: Running state of the job. Valid states include + 'PENDING', 'RUNNING', and 'DONE'. + type: string + type: object + type: array + userEmail: + description: Email address of the user who ran the job. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryreservationcapacitycommitments.bigqueryreservation.cnrm.cloud.google.com +spec: + group: bigqueryreservation.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryReservationCapacityCommitment + plural: bigqueryreservationcapacitycommitments + shortNames: + - gcpbigqueryreservationcapacitycommitment + - gcpbigqueryreservationcapacitycommitments + singular: bigqueryreservationcapacitycommitment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + edition: + description: Immutable. The edition type. Valid values are STANDARD, + ENTERPRISE, ENTERPRISE_PLUS. + type: string + enforceSingleAdminProjectPerOrg: + description: Immutable. If true, fail the request if another project + in the organization has a capacity commitment. + type: string + location: + description: |- + Immutable. The geographic location where the transfer config should reside. + Examples: US, EU, asia-northeast1. The default value is US. + type: string + plan: + description: Capacity commitment plan. Valid values are at https://cloud.google.com/bigquery/docs/reference/reservations/rpc/google.cloud.bigquery.reservation.v1#commitmentplan. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + renewalPlan: + description: The plan this capacity commitment is converted to after + commitmentEndTime passes. Once the plan is changed, committed period + is extended according to commitment plan. Only applicable some commitment + plans. + type: string + resourceID: + description: Immutable. Optional. The capacityCommitmentId of the + resource. Used for creation and acquisition. When unset, the value + of `metadata.name` is used as the default. + type: string + slotCount: + description: Immutable. Number of slots in this commitment. + type: integer + required: + - location + - plan + - projectRef + - slotCount + type: object + status: + properties: + commitmentEndTime: + description: The start of the current commitment period. It is applicable + only for ACTIVE capacity commitments. + type: string + commitmentStartTime: + description: The start of the current commitment period. It is applicable + only for ACTIVE capacity commitments. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The resource name of the capacity commitment, e.g., projects/myproject/locations/US/capacityCommitments/123. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: State of the commitment. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryreservationreservations.bigqueryreservation.cnrm.cloud.google.com +spec: + group: bigqueryreservation.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryReservationReservation + plural: bigqueryreservationreservations + shortNames: + - gcpbigqueryreservationreservation + - gcpbigqueryreservationreservations + singular: bigqueryreservationreservation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscale: + description: The configuration parameters for the auto scaling feature. + properties: + currentSlots: + description: The slot capacity added to this reservation when + autoscale happens. Will be between [0, max_slots]. + type: integer + maxSlots: + description: Number of slots to be scaled when needed. + type: integer + type: object + concurrency: + description: Maximum number of queries that are allowed to run concurrently + in this reservation. This is a soft limit due to asynchronous nature + of the system and various optimizations for small queries. Default + value is 0 which means that concurrency will be automatically set + based on the reservation size. + type: integer + edition: + description: Immutable. The edition type. Valid values are STANDARD, + ENTERPRISE, ENTERPRISE_PLUS. + type: string + ignoreIdleSlots: + description: |- + If false, any query using this reservation will use idle slots from other reservations within + the same admin project. If true, a query using this reservation will execute with the slot + capacity specified above at most. + type: boolean + location: + description: |- + Immutable. The geographic location where the transfer config should reside. + Examples: US, EU, asia-northeast1. The default value is US. + type: string + multiRegionAuxiliary: + description: |- + Applicable only for reservations located within one of the BigQuery multi-regions (US or EU). + If set to true, this reservation is placed in the organization's secondary region which is designated for disaster recovery purposes. If false, this reservation is placed in the organization's default region. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + slotCapacity: + description: |- + Minimum slots available to this reservation. A slot is a unit of computational power in BigQuery, and serves as the + unit of parallelism. Queries using this reservation might use more slots during runtime if ignoreIdleSlots is set to false. + type: integer + required: + - location + - projectRef + - slotCapacity + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryroutines.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryRoutine + plural: bigqueryroutines + shortNames: + - gcpbigqueryroutine + - gcpbigqueryroutines + singular: bigqueryroutine + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + arguments: + description: Input/output argument of a function or a stored procedure. + items: + properties: + argumentKind: + description: 'Defaults to FIXED_TYPE. Default value: "FIXED_TYPE" + Possible values: ["FIXED_TYPE", "ANY_TYPE"].' + type: string + dataType: + description: |- + A JSON schema for the data type. Required unless argumentKind = ANY_TYPE. + ~>**NOTE**: Because this field expects a JSON string, any changes to the string + will create a diff, even if the JSON itself hasn't changed. If the API returns + a different value for the same schema, e.g. it switched the order of values + or replaced STRUCT field type with RECORD field type, we currently cannot + suppress the recurring diff this causes. As a workaround, we recommend using + the schema as returned by the API. + type: string + mode: + description: 'Specifies whether the argument is input or output. + Can be set for procedures only. Possible values: ["IN", "OUT", + "INOUT"].' + type: string + name: + description: The name of this argument. Can be absent for function + return argument. + type: string + type: object + type: array + datasetRef: + description: The ID of the dataset containing this routine. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigQueryDataset` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + definitionBody: + description: |- + The body of the routine. For functions, this is the expression in the AS clause. + If language=SQL, it is the substring inside (but excluding) the parentheses. + type: string + description: + description: The description of the routine if defined. + type: string + determinismLevel: + description: 'The determinism level of the JavaScript UDF if defined. + Possible values: ["DETERMINISM_LEVEL_UNSPECIFIED", "DETERMINISTIC", + "NOT_DETERMINISTIC"].' + type: string + importedLibraries: + description: |- + Optional. If language = "JAVASCRIPT", this field stores the path of the + imported JAVASCRIPT libraries. + items: + type: string + type: array + language: + description: 'The language of the routine. Possible values: ["SQL", + "JAVASCRIPT"].' + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The routineId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + returnTableType: + description: |- + Optional. Can be set only if routineType = "TABLE_VALUED_FUNCTION". + + If absent, the return table type is inferred from definitionBody at query time in each query + that references this routine. If present, then the columns in the evaluated table result will + be cast to match the column types specificed in return table type, at query time. + type: string + returnType: + description: |- + A JSON schema for the return type. Optional if language = "SQL"; required otherwise. + If absent, the return type is inferred from definitionBody at query time in each query + that references this routine. If present, then the evaluated result will be cast to + the specified returned type at query time. ~>**NOTE**: Because this field expects a JSON + string, any changes to the string will create a diff, even if the JSON itself hasn't + changed. If the API returns a different value for the same schema, e.g. it switche + d the order of values or replaced STRUCT field type with RECORD field type, we currently + cannot suppress the recurring diff this causes. As a workaround, we recommend using + the schema as returned by the API. + type: string + routineType: + description: 'Immutable. The type of routine. Possible values: ["SCALAR_FUNCTION", + "PROCEDURE", "TABLE_VALUED_FUNCTION"].' + type: string + required: + - datasetRef + - definitionBody + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTime: + description: |- + The time when this routine was created, in milliseconds since the + epoch. + type: integer + lastModifiedTime: + description: |- + The time when this routine was modified, in milliseconds since the + epoch. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigquerytables.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryTable + plural: bigquerytables + shortNames: + - gcpbigquerytable + - gcpbigquerytables + singular: bigquerytable + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clustering: + description: Specifies column names to use for data clustering. Up + to four top-level columns are allowed, and should be specified in + descending priority order. + items: + type: string + type: array + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigQueryDataset` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: The field description. + type: string + encryptionConfiguration: + description: Immutable. Specifies how the table should be encrypted. + If left blank, the table will be encrypted with a Google-managed + key; that process is transparent to the user. + properties: + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: The self link or full name of the kms key version + used to encrypt this table. + type: string + required: + - kmsKeyRef + type: object + expirationTime: + description: The time when this table expires, in milliseconds since + the epoch. If not present, the table will persist indefinitely. + Expired tables will be deleted and their storage reclaimed. + type: integer + externalDataConfiguration: + description: Describes the data format, location, and other properties + of a table stored outside of BigQuery. By defining these properties, + the data source can then be queried as if it were a standard BigQuery + table. + properties: + autodetect: + description: Let BigQuery try to autodetect the schema and format + of the table. + type: boolean + avroOptions: + description: Additional options if source_format is set to "AVRO". + properties: + useAvroLogicalTypes: + description: If sourceFormat is set to "AVRO", indicates whether + to interpret logical types as the corresponding BigQuery + data type (for example, TIMESTAMP), instead of using the + raw type (for example, INTEGER). + type: boolean + required: + - useAvroLogicalTypes + type: object + compression: + description: The compression type of the data source. Valid values + are "NONE" or "GZIP". + type: string + connectionId: + description: The connection specifying the credentials to be used + to read external storage, such as Azure Blob, Cloud Storage, + or S3. The connectionId can have the form "{{project}}.{{location}}.{{connection_id}}" + or "projects/{{project}}/locations/{{location}}/connections/{{connection_id}}". + type: string + csvOptions: + description: Additional properties to set if source_format is + set to "CSV". + properties: + allowJaggedRows: + description: Indicates if BigQuery should accept rows that + are missing trailing optional columns. + type: boolean + allowQuotedNewlines: + description: Indicates if BigQuery should allow quoted data + sections that contain newline characters in a CSV file. + The default value is false. + type: boolean + encoding: + description: The character encoding of the data. The supported + values are UTF-8 or ISO-8859-1. + type: string + fieldDelimiter: + description: The separator for fields in a CSV file. + type: string + quote: + type: string + skipLeadingRows: + description: The number of rows at the top of a CSV file that + BigQuery will skip when reading the data. + type: integer + required: + - quote + type: object + fileSetSpecType: + description: Specifies how source URIs are interpreted for constructing + the file set to load. By default source URIs are expanded against + the underlying storage. Other options include specifying manifest + files. Only applicable to object storage systems. + type: string + googleSheetsOptions: + description: Additional options if source_format is set to "GOOGLE_SHEETS". + properties: + range: + description: 'Range of a sheet to query from. Only used when + non-empty. At least one of range or skip_leading_rows must + be set. Typical format: "sheet_name!top_left_cell_id:bottom_right_cell_id" + For example: "sheet1!A1:B20".' + type: string + skipLeadingRows: + description: The number of rows at the top of the sheet that + BigQuery will skip when reading the data. At least one of + range or skip_leading_rows must be set. + type: integer + type: object + hivePartitioningOptions: + description: When set, configures hive partitioning support. Not + all storage formats support hive partitioning -- requesting + hive partitioning on an unsupported format will lead to an error, + as will providing an invalid specification. + properties: + mode: + description: When set, what mode of hive partitioning to use + when reading data. + type: string + requirePartitionFilter: + description: If set to true, queries over this table require + a partition filter that can be used for partition elimination + to be specified. + type: boolean + sourceUriPrefix: + description: When hive partition detection is requested, a + common for all source uris must be required. The prefix + must end immediately before the partition key encoding begins. + type: string + type: object + ignoreUnknownValues: + description: Indicates if BigQuery should allow extra values that + are not represented in the table schema. If true, the extra + values are ignored. If false, records with extra columns are + treated as bad records, and if there are too many bad records, + an invalid error is returned in the job result. The default + value is false. + type: boolean + jsonOptions: + description: Additional properties to set if sourceFormat is set + to JSON.". + properties: + encoding: + description: The character encoding of the data. The supported + values are UTF-8, UTF-16BE, UTF-16LE, UTF-32BE, and UTF-32LE. + The default value is UTF-8. + type: string + type: object + maxBadRecords: + description: The maximum number of bad records that BigQuery can + ignore when reading data. + type: integer + metadataCacheMode: + description: Metadata Cache Mode for the table. Set this to enable + caching of metadata from external data source. + type: string + objectMetadata: + description: Object Metadata is used to create Object Tables. + Object Tables contain a listing of objects (with their metadata) + found at the sourceUris. If ObjectMetadata is set, sourceFormat + should be omitted. + type: string + parquetOptions: + description: Additional properties to set if sourceFormat is set + to PARQUET.". + properties: + enableListInference: + description: Indicates whether to use schema inference specifically + for Parquet LIST logical type. + type: boolean + enumAsString: + description: Indicates whether to infer Parquet ENUM logical + type as STRING instead of BYTES by default. + type: boolean + type: object + referenceFileSchemaUri: + description: 'When creating an external table, the user can provide + a reference file with the table schema. This is enabled for + the following formats: AVRO, PARQUET, ORC.' + type: string + schema: + description: Immutable. A JSON schema for the external table. + Schema is required for CSV and JSON formats and is disallowed + for Google Cloud Bigtable, Cloud Datastore backups, and Avro + formats when using external tables. + type: string + sourceFormat: + description: ' Please see sourceFormat under ExternalDataConfiguration + in Bigquery''s public API documentation (https://cloud.google.com/bigquery/docs/reference/rest/v2/tables#externaldataconfiguration) + for supported formats. To use "GOOGLE_SHEETS" the scopes must + include "googleapis.com/auth/drive.readonly".' + type: string + sourceUris: + description: A list of the fully-qualified URIs that point to + your data in Google Cloud. + items: + type: string + type: array + required: + - autodetect + - sourceUris + type: object + friendlyName: + description: A descriptive name for the table. + type: string + materializedView: + description: If specified, configures this table as a materialized + view. + properties: + allowNonIncrementalDefinition: + description: Immutable. Allow non incremental materialized view + definition. The default value is false. + type: boolean + enableRefresh: + description: Specifies if BigQuery should automatically refresh + materialized view when the base table is updated. The default + is true. + type: boolean + query: + description: Immutable. A query whose result is persisted. + type: string + refreshIntervalMs: + description: Specifies maximum frequency at which this materialized + view will be refreshed. The default is 1800000. + type: integer + required: + - query + type: object + maxStaleness: + description: The maximum staleness of data that could be returned + when the table (or stale MV) is queried. Staleness encoded as a + string encoding of sql IntervalValue type. + type: string + rangePartitioning: + description: If specified, configures range-based partitioning for + this table. + properties: + field: + description: Immutable. The field used to determine how to create + a range-based partition. + type: string + range: + description: Information required to partition based on ranges. + Structure is documented below. + properties: + end: + description: End of the range partitioning, exclusive. + type: integer + interval: + description: The width of each range within the partition. + type: integer + start: + description: Start of the range partitioning, inclusive. + type: integer + required: + - end + - interval + - start + type: object + required: + - field + - range + type: object + requirePartitionFilter: + description: If set to true, queries over this table require a partition + filter that can be used for partition elimination to be specified. + type: boolean + resourceID: + description: Immutable. Optional. The tableId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + schema: + description: A JSON schema for the table. + type: string + tableConstraints: + description: Defines the primary key and foreign keys. + properties: + foreignKeys: + description: Present only if the table has a foreign key. The + foreign key is not enforced. + items: + properties: + columnReferences: + description: The pair of the foreign key column and primary + key column. + properties: + referencedColumn: + description: The column in the primary key that are + referenced by the referencingColumn. + type: string + referencingColumn: + description: The column that composes the foreign key. + type: string + required: + - referencedColumn + - referencingColumn + type: object + name: + description: Set only if the foreign key constraint is named. + type: string + referencedTable: + description: The table that holds the primary key and is + referenced by this foreign key. + properties: + datasetId: + description: The ID of the dataset containing this table. + type: string + projectId: + description: The ID of the project containing this table. + type: string + tableId: + description: The ID of the table. The ID must contain + only letters (a-z, A-Z), numbers (0-9), or underscores + (_). The maximum length is 1,024 characters. Certain + operations allow suffixing of the table ID with a + partition decorator, such as sample_table$20190123. + type: string + required: + - datasetId + - projectId + - tableId + type: object + required: + - columnReferences + - referencedTable + type: object + type: array + primaryKey: + description: Represents a primary key constraint on a table's + columns. Present only if the table has a primary key. The primary + key is not enforced. + properties: + columns: + description: The columns that are composed of the primary + key constraint. + items: + type: string + type: array + required: + - columns + type: object + type: object + timePartitioning: + description: If specified, configures time-based partitioning for + this table. + properties: + expirationMs: + description: Number of milliseconds for which to keep the storage + for a partition. + type: integer + field: + description: Immutable. The field used to determine how to create + a time-based partition. If time-based partitioning is enabled + without this value, the table is partitioned based on the load + time. + type: string + requirePartitionFilter: + description: DEPRECATED. This field is deprecated; please use + the top level field with the same name instead. If set to true, + queries over this table require a partition filter that can + be used for partition elimination to be specified. + type: boolean + type: + description: The supported types are DAY, HOUR, MONTH, and YEAR, + which will generate one partition per day, hour, month, and + year, respectively. + type: string + required: + - type + type: object + view: + description: If specified, configures this table as a view. + properties: + query: + description: A query that BigQuery executes when the view is referenced. + type: string + useLegacySql: + description: Specifies whether to use BigQuery's legacy SQL for + this view. The default value is true. If set to false, the view + will use BigQuery's standard SQL. + type: boolean + required: + - query + type: object + required: + - datasetRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTime: + description: The time when this table was created, in milliseconds + since the epoch. + type: integer + etag: + description: A hash of the resource. + type: string + lastModifiedTime: + description: The time when this table was last modified, in milliseconds + since the epoch. + type: integer + location: + description: The geographic location where the table resides. This + value is inherited from the dataset. + type: string + numBytes: + description: The geographic location where the table resides. This + value is inherited from the dataset. + type: integer + numLongTermBytes: + description: The number of bytes in the table that are considered + "long-term storage". + type: integer + numRows: + description: The number of rows of data in this table, excluding any + data in the streaming buffer. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: + description: Describes the table type. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigtableappprofiles.bigtable.cnrm.cloud.google.com +spec: + group: bigtable.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigtableAppProfile + plural: bigtableappprofiles + shortNames: + - gcpbigtableappprofile + - gcpbigtableappprofiles + singular: bigtableappprofile + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Long form description of the use case for this app profile. + type: string + instanceRef: + description: The instance to create the app profile within. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + multiClusterRoutingClusterIds: + description: The set of clusters to route to. The order is ignored; + clusters will be tried in order of distance. If left empty, all + clusters are eligible. + items: + type: string + type: array + multiClusterRoutingUseAny: + description: |- + If true, read/write requests are routed to the nearest cluster in the instance, and will fail over to the nearest cluster that is available + in the event of transient errors or delays. Clusters in a region are considered equidistant. Choosing this option sacrifices read-your-writes + consistency to improve availability. + type: boolean + resourceID: + description: Immutable. Optional. The appProfileId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + singleClusterRouting: + description: Use a single-cluster routing policy. + properties: + allowTransactionalWrites: + description: |- + If true, CheckAndMutateRow and ReadModifyWriteRow requests are allowed by this app profile. + It is unsafe to send these requests to the same table/row/column in multiple clusters. + type: boolean + clusterId: + description: The cluster to which read/write requests should be + routed. + type: string + required: + - clusterId + type: object + standardIsolation: + description: The standard options used for isolating this app profile's + traffic from other use cases. + properties: + priority: + description: 'The priority of requests sent using this app profile. + Possible values: ["PRIORITY_LOW", "PRIORITY_MEDIUM", "PRIORITY_HIGH"].' + type: string + required: + - priority + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The unique name of the requested app profile. Values + are of the form 'projects//instances//appProfiles/'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigtablegcpolicies.bigtable.cnrm.cloud.google.com +spec: + group: bigtable.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigtableGCPolicy + plural: bigtablegcpolicies + shortNames: + - gcpbigtablegcpolicy + - gcpbigtablegcpolicies + singular: bigtablegcpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + columnFamily: + description: Immutable. The name of the column family. + type: string + deletionPolicy: + description: "The deletion policy for the GC policy. Setting ABANDON + allows the resource\n\t\t\t\tto be abandoned rather than deleted. + This is useful for GC policy as it cannot be deleted\n\t\t\t\tin + a replicated instance. Possible values are: \"ABANDON\"." + type: string + gcRules: + description: Serialized JSON string for garbage collection policy. + Conflicts with "mode", "max_age" and "max_version". + type: string + instanceRef: + description: The name of the Bigtable instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + maxAge: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. GC policy that applies to all cells + older than the given age.' + items: + properties: + days: + description: DEPRECATED. Deprecated in favor of duration. Immutable. + Number of days before applying GC policy. + type: integer + duration: + description: Immutable. Duration before applying GC policy. + type: string + type: object + type: array + maxVersion: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. GC policy that applies to all versions + of a cell except for the most recent.' + items: + properties: + number: + description: Immutable. Number of version before applying the + GC policy. + type: integer + required: + - number + type: object + type: array + mode: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. If multiple policies are set, you + should choose between UNION OR INTERSECTION.' + type: string + tableRef: + description: The name of the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableTable` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - columnFamily + - instanceRef + - tableRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigtableinstances.bigtable.cnrm.cloud.google.com +spec: + group: bigtable.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigtableInstance + listKind: BigtableInstanceList + plural: bigtableinstances + shortNames: + - gcpbigtableinstance + - gcpbigtableinstances + singular: bigtableinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: BigtableInstance is the Schema for the BigtableInstance API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BigtableInstanceSpec defines the desired state of BigtableInstance + properties: + cluster: + description: A block of cluster configuration options. This can be + specified at least once. + items: + properties: + autoscalingConfig: + description: A list of Autoscaling configurations. Only one + element is used and allowed. + properties: + cpuTarget: + description: The target CPU utilization for autoscaling. + Value must be between 10 and 80. + format: int64 + type: integer + maxNodes: + description: The maximum number of nodes for autoscaling. + format: int64 + type: integer + minNodes: + description: The minimum number of nodes for autoscaling. + format: int64 + type: integer + storageTarget: + description: The target storage utilization for autoscaling, + in GB, for each node in a cluster. This number is limited + between 2560 (2.5TiB) and 5120 (5TiB) for a SSD cluster + and between 8192 (8TiB) and 16384 (16 TiB) for an HDD + cluster. If not set, whatever is already set for the cluster + will not change, or if the cluster is just being created, + it will use the default value of 2560 for SSD clusters + and 8192 for HDD clusters. + format: int64 + type: integer + required: + - cpuTarget + - maxNodes + - minNodes + type: object + clusterId: + description: The ID of the Cloud Bigtable cluster. Must be 6-30 + characters and must only contain hyphens, lowercase letters + and numbers. + type: string + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable + cluster. The requirements for this key are: + + 1) The Cloud Bigtable service account associated with the project that contains + this cluster must be granted the cloudkms.cryptoKeyEncrypterDecrypter role on the CMEK key. + 2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster. + 3) All clusters within an instance must use the same CMEK key access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed KMSCryptoKey. + Should be in the format `projects/[kms_project_id]/locations/[region]/keyRings/[key_ring_id]/cryptoKeys/[key]`. + type: string + name: + description: The `name` of a `KMSCryptoKey` resource. + type: string + namespace: + description: The `namespace` of a `KMSCryptoKey` resource. + type: string + type: object + numNodes: + description: The number of nodes in the cluster. If no value + is set, Cloud Bigtable automatically allocates nodes based + on your data footprint and optimized for 50% storage utilization. + format: int64 + type: integer + storageType: + description: The storage type to use. One of "SSD" or "HDD". + Defaults to "SSD". + type: string + zone: + description: The zone to create the Cloud Bigtable cluster in. + Each cluster must have a different zone in the same region. + Zones that support Bigtable instances are noted on the Cloud + Bigtable locations page. + type: string + required: + - clusterId + - zone + type: object + type: array + deletionProtection: + description: DEPRECATED. This field no longer serves any function + and is intended to be dropped in a later version of the resource. + type: boolean + displayName: + description: Required. The descriptive name for this instance as it + appears in UIs. Can be changed at any time, but should be kept globally + unique to avoid confusion. + type: string + instanceType: + description: DEPRECATED. It is recommended to leave this field unspecified + since the distinction between "DEVELOPMENT" and "PRODUCTION" instances + is going away, and all instances will become "PRODUCTION" instances. + This means that new and existing "DEVELOPMENT" instances will be + converted to "PRODUCTION" instances. It is recommended for users + to use "PRODUCTION" instances in any case, since a 1-node "PRODUCTION" + instance is functionally identical to a "DEVELOPMENT" instance, + but without the accompanying restrictions. The instance type to + create. One of "DEVELOPMENT" or "PRODUCTION". Defaults to "PRODUCTION". + type: string + resourceID: + description: The Instance name. If not given, the metadata.name will + be used. + type: string + type: object + status: + description: BigtableInstanceStatus defines the config connector machine + state of BigtableInstance + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigtabletables.bigtable.cnrm.cloud.google.com +spec: + group: bigtable.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigtableTable + plural: bigtabletables + shortNames: + - gcpbigtabletable + - gcpbigtabletables + singular: bigtabletable + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + changeStreamRetention: + description: Duration to retain change stream data for the table. + Set to 0 to disable. Must be between 1 and 7 days. + type: string + columnFamily: + description: A group of columns within a table which share a common + configuration. This can be specified multiple times. + items: + properties: + family: + description: The name of the column family. + type: string + required: + - family + type: object + type: array + deletionProtection: + description: A field to make the table protected against data loss + i.e. when set to PROTECTED, deleting the table, the column families + in the table, and the instance containing the table would be prohibited. + If not provided, currently deletion protection will be set to UNPROTECTED + as it is the API default value. + type: string + instanceRef: + description: The name of the Bigtable instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + splitKeys: + items: + type: string + type: array + required: + - instanceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: billingbudgetsbudgets.billingbudgets.cnrm.cloud.google.com +spec: + group: billingbudgets.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BillingBudgetsBudget + plural: billingbudgetsbudgets + shortNames: + - gcpbillingbudgetsbudget + - gcpbillingbudgetsbudgets + singular: billingbudgetsbudget + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + allUpdatesRule: + description: Optional. Rules to apply to notifications sent based + on budget spend and thresholds. + properties: + disableDefaultIamRecipients: + description: Optional. When set to true, disables default notifications + sent when a threshold is exceeded. Default notifications are + sent to those with Billing Account Administrator and Billing + Account User IAM roles for the target account. + type: boolean + monitoringNotificationChannels: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `MonitoringNotificationChannel` resource (format: + `projects/{{project}}/notificationChannels/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + pubsubTopicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The name of the Pub/Sub topic where budget related messages will be published, in the form `projects/{project_id}/topics/{topic_id}`. Updates are sent at regular intervals to the topic. The topic needs to be created before the budget is created; see https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications for more details. Caller is expected to have `pubsub.topics.setIamPolicy` permission on the topic when it's set for a budget, otherwise, the API call will fail with PERMISSION_DENIED. See https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#permissions_required_for_this_task for more details on Pub/Sub roles and permissions. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + schemaVersion: + description: Optional. Required when NotificationsRule.pubsub_topic + is set. The schema version of the notification sent to NotificationsRule.pubsub_topic. + Only "1.0" is accepted. It represents the JSON schema as defined + in https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#notification_format. + type: string + type: object + amount: + description: Required. Budgeted amount. + properties: + lastPeriodAmount: + description: Use the last period's actual spend as the budget + for the present period. LastPeriodAmount can only be set when + the budget's time period is a . + type: object + x-kubernetes-preserve-unknown-fields: true + specifiedAmount: + description: A specified amount to use as the budget. `currency_code` + is optional. If specified when creating a budget, it must match + the currency of the billing account. If specified when updating + a budget, it must match the currency_code of the existing budget. + The `currency_code` is provided on output. + properties: + currencyCode: + description: Immutable. The three-letter currency code defined + in ISO 4217. + type: string + nanos: + description: Number of nano (10^-9) units of the amount. The + value must be between -999,999,999 and +999,999,999 inclusive. + If `units` is positive, `nanos` must be positive or zero. + If `units` is zero, `nanos` can be positive, zero, or negative. + If `units` is negative, `nanos` must be negative or zero. + For example $-1.75 is represented as `units`=-1 and `nanos`=-750,000,000. + format: int64 + type: integer + units: + description: The whole units of the amount. For example if + `currencyCode` is `"USD"`, then 1 unit is one US dollar. + format: int64 + type: integer + type: object + type: object + billingAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The billing account of the resource + + Allowed value: The Google Cloud resource name of a Google Cloud Billing Account (format: `billingAccounts/{{name}}`). + type: string + name: + description: |- + [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + budgetFilter: + description: Optional. Filters that define which resources are used + to compute the actual spend against the budget amount, such as projects, + services, and the budget's time period, as well as other filters. + properties: + calendarPeriod: + description: 'Optional. Specifies to track usage for recurring + calendar period. For example, assume that CalendarPeriod.QUARTER + is set. The budget will track usage from April 1 to June 30, + when the current calendar month is April, May, June. After that, + it will track usage from July 1 to September 30 when the current + calendar month is July, August, September, so on. Possible values: + CALENDAR_PERIOD_UNSPECIFIED, MONTH, QUARTER, YEAR' + type: string + creditTypes: + description: Optional. If Filter.credit_types_treatment is INCLUDE_SPECIFIED_CREDITS, + this is a list of credit types to be subtracted from gross cost + to determine the spend for threshold calculations. See a list + of acceptable credit type values. If Filter.credit_types_treatment + is not INCLUDE_SPECIFIED_CREDITS, this field must be empty. + items: + type: string + type: array + creditTypesTreatment: + description: Optional. If not set, default behavior is `INCLUDE_ALL_CREDITS`. + type: string + customPeriod: + description: Optional. Specifies to track usage from any start + date (required) to any end date (optional). This time period + is static, it does not recur. + properties: + endDate: + description: Immutable. Optional. The end date of the time + period. Budgets with elapsed end date won't be processed. + If unset, specifies to track all usage incurred since the + start_date. + properties: + day: + description: Immutable. Day of a month. Must be from 1 + to 31 and valid for the year and month, or 0 to specify + a year by itself or a year and month where the day isn't + significant. + format: int64 + type: integer + month: + description: Immutable. Month of a year. Must be from + 1 to 12, or 0 to specify a year without a month and + day. + format: int64 + type: integer + year: + description: Immutable. Year of the date. Must be from + 1 to 9999, or 0 to specify a date without a year. + format: int64 + type: integer + type: object + startDate: + description: Immutable. Required. The start date must be after + January 1, 2017. + properties: + day: + description: Immutable. Day of a month. Must be from 1 + to 31 and valid for the year and month, or 0 to specify + a year by itself or a year and month where the day isn't + significant. + format: int64 + type: integer + month: + description: Immutable. Month of a year. Must be from + 1 to 12, or 0 to specify a year without a month and + day. + format: int64 + type: integer + year: + description: Immutable. Year of the date. Must be from + 1 to 9999, or 0 to specify a date without a year. + format: int64 + type: integer + type: object + required: + - startDate + type: object + labels: + additionalProperties: + properties: + values: + description: Immutable. The values of the label + items: + type: string + type: array + type: object + description: Optional. A single label and value pair specifying + that usage from only this set of labeled resources should be + included in the budget. Currently, multiple entries or multiple + values per entry are not allowed. If omitted, the report will + include all labeled and unlabeled usage. + type: object + projects: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + services: + description: 'Optional. A set of services of the form `services/{service_id}`, + specifying that usage from only this set of services should + be included in the budget. If omitted, the report will include + usage for all the services. The service names are available + through the Catalog API: https://cloud.google.com/billing/v1/how-tos/catalog-api.' + items: + type: string + type: array + subaccounts: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + type: string + name: + description: |- + [WARNING] CloudBillingBillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + displayName: + description: User data for display name in UI. The name must be less + than or equal to 60 characters. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + thresholdRules: + description: Optional. Rules that trigger alerts (notifications of + thresholds being crossed) when spend exceeds the specified percentages + of the budget. + items: + properties: + spendBasis: + description: 'Optional. The type of basis used to determine + if spend has passed the threshold. Behavior defaults to CURRENT_SPEND + if not set. Possible values: BASIS_UNSPECIFIED, CURRENT_SPEND, + FORECASTED_SPEND' + type: string + thresholdPercent: + description: 'Required. Send an alert when this threshold is + exceeded. This is a 1.0-based percentage, so 0.5 = 50%. Validation: + non-negative number.' + format: double + type: number + required: + - thresholdPercent + type: object + type: array + required: + - amount + - billingAccountRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: Optional. Etag to validate that the object is unchanged + for a read-modify-write operation. An empty etag will cause an update + to overwrite other changes. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: binaryauthorizationattestors.binaryauthorization.cnrm.cloud.google.com +spec: + group: binaryauthorization.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BinaryAuthorizationAttestor + plural: binaryauthorizationattestors + shortNames: + - gcpbinaryauthorizationattestor + - gcpbinaryauthorizationattestors + singular: binaryauthorizationattestor + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A descriptive comment. This field may be updated. + The field may be displayed in chooser dialogs. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + userOwnedDrydockNote: + description: This specifies how an attestation will be read, and how + it will be used during policy enforcement. + properties: + noteRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The Drydock resource name of a Attestation. Authority Note, created by the user, in the format: `projects/*/notes/*`. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation. Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency. + + Allowed value: The Google Cloud resource name of a `ContainerAnalysisNote` resource (format: `projects/{{project}}/notes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + publicKeys: + description: Optional. Public keys that verify attestations signed + by this attestor. This field may be updated. If this field is + non-empty, one of the specified public keys must verify that + an attestation was signed by this attestor for the image specified + in the admission request. If this field is empty, this attestor + always returns that no valid attestations exist. + items: + properties: + asciiArmoredPgpPublicKey: + description: ASCII-armored representation of a PGP public + key, as the entire output by the command `gpg --export + --armor foo@example.com` (either LF or CRLF line endings). + When using this field, `id` should be left blank. The + BinAuthz API handlers will calculate the ID and fill it + in automatically. BinAuthz computes this ID as the OpenPGP + RFC4880 V4 fingerprint, represented as upper-case hex. + If `id` is provided by the caller, it will be overwritten + by the API-calculated ID. + type: string + comment: + description: Optional. A descriptive comment. This field + may be updated. + type: string + id: + description: The ID of this public key. Signatures verified + by BinAuthz must include the ID of the public key that + can be used to verify them, and that ID must match the + contents of this field exactly. Additional restrictions + on this field can be imposed based on which public key + type is encapsulated. See the documentation on `public_key` + cases below for details. + type: string + pkixPublicKey: + description: 'A raw PKIX SubjectPublicKeyInfo format public + key. NOTE: `id` may be explicitly provided by the caller + when using this type of public key, but it MUST be a valid + RFC3986 URI. If `id` is left blank, a default one will + be computed based on the digest of the DER encoding of + the public key.' + properties: + publicKeyPem: + description: A PEM-encoded public key, as described + in https://tools.ietf.org/html/rfc7468#section-13 + type: string + signatureAlgorithm: + description: 'The signature algorithm used to verify + a message against a signature using this key. These + signature algorithm must match the structure and any + object identifiers encoded in `public_key_pem` (i.e. + this algorithm must match that of the public key). + Possible values: SIGNATURE_ALGORITHM_UNSPECIFIED, + RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, + RSA_PSS_4096_SHA512, RSA_SIGN_PKCS1_2048_SHA256, RSA_SIGN_PKCS1_3072_SHA256, + RSA_SIGN_PKCS1_4096_SHA256, RSA_SIGN_PKCS1_4096_SHA512, + ECDSA_P256_SHA256, EC_SIGN_P256_SHA256, ECDSA_P384_SHA384, + EC_SIGN_P384_SHA384, ECDSA_P521_SHA512, EC_SIGN_P521_SHA512' + type: string + type: object + type: object + type: array + required: + - noteRef + type: object + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. Time when the attestor was last updated. + format: date-time + type: string + userOwnedDrydockNote: + properties: + delegationServiceAccountEmail: + description: Output only. This field will contain the service + account email address that this Attestor will use as the principal + when querying Container Analysis. Attestor administrators must + grant this service account the IAM role needed to read attestations + from the in Container Analysis (`containeranalysis.notes.occurrences.viewer`). + This email address is fixed for the lifetime of the Attestor, + but callers should not make any other assumptions about the + service account email; future versions may use an email based + on a different naming pattern. + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: binaryauthorizationpolicies.binaryauthorization.cnrm.cloud.google.com +spec: + group: binaryauthorization.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BinaryAuthorizationPolicy + plural: binaryauthorizationpolicies + shortNames: + - gcpbinaryauthorizationpolicy + - gcpbinaryauthorizationpolicies + singular: binaryauthorizationpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + admissionWhitelistPatterns: + description: Optional. Admission policy allowlisting. A matching admission + request will always be permitted. This feature is typically used + to exclude Google or third-party infrastructure images from Binary + Authorization policies. + items: + properties: + namePattern: + description: An image name pattern to allowlist, in the form + `registry/path/to/image`. This supports a trailing `*` as + a wildcard, but this is allowed only in text after the `registry/` + part. + type: string + type: object + type: array + clusterAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-cluster admission rules. Cluster spec + format: location.clusterId. There can be at most one admission rule + per cluster spec. A location is either a compute zone (e.g. us-central1-a) + or a region (e.g. us-central1). For clusterId syntax restrictions + see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.' + type: object + defaultAdmissionRule: + description: Required. Default admission rule for a cluster without + a per-cluster, per-kubernetes-service-account, or per-istio-service-identity + admission rule. + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `BinaryAuthorizationAttestor` resource (format: `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: + description: Optional. A descriptive comment. + type: string + globalPolicyEvaluationMode: + description: 'Optional. Controls the evaluation of a Google-maintained + global admission policy for common system-level images. Images not + covered by the global policy will be subject to the project admission + policy. This setting has no effect when specified inside a global + admission policy. Possible values: GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED, + ENABLE, DISABLE' + type: string + istioServiceIdentityAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-istio-service-identity admission rules. + Istio service identity spec format: spiffe:///ns//sa/ or /ns//sa/ + e.g. spiffe://example.com/ns/test-ns/sa/default' + type: object + kubernetesNamespaceAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-kubernetes-namespace admission rules. + K8s namespace spec format: [a-z.-]+, e.g. ''some-namespace''' + type: object + kubernetesServiceAccountAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-kubernetes-service-account admission rules. + Service account spec format: namespace:serviceaccount. e.g. ''test-ns:default''' + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project of the resource. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - defaultAdmissionRule + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. The resource name, in the format `projects/*/policy`. + There is at most one policy per project. + type: string + updateTime: + description: Output only. Time when the policy was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: certificatemanagercertificatemapentries.certificatemanager.cnrm.cloud.google.com +spec: + group: certificatemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CertificateManagerCertificateMapEntry + plural: certificatemanagercertificatemapentries + shortNames: + - gcpcertificatemanagercertificatemapentry + - gcpcertificatemanagercertificatemapentries + singular: certificatemanagercertificatemapentry + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificatesRefs: + items: + description: |- + A set of Certificates defines for the given hostname. + There can be defined up to fifteen certificates in each Certificate Map Entry. + Each certificate must match pattern projects/*/locations/*/certificates/*. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/certificates/{{value}}`, + where {{value}} is the `name` field of a `CertificateManagerCertificate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + description: + description: A human-readable description of the resource. + type: string + hostname: + description: |- + Immutable. A Hostname (FQDN, e.g. example.com) or a wildcard hostname expression (*.example.com) + for a set of hostnames with common suffix. Used as Server Name Indication (SNI) for + selecting a proper certificate. + type: string + mapRef: + description: A map entry that is inputted into the certificate map. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CertificateManagerCertificateMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + matcher: + description: Immutable. A predefined matcher for particular cases, + other than SNI selection. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - certificatesRefs + - mapRef + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Creation timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC "Zulu" format, + with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: A serving state of this Certificate Map Entry. + type: string + updateTime: + description: |- + Update timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC "Zulu" format, + with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificatesRefs: + items: + description: |- + A set of Certificates defines for the given hostname. + There can be defined up to fifteen certificates in each Certificate Map Entry. + Each certificate must match pattern projects/*/locations/*/certificates/*. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/certificates/{{value}}`, + where {{value}} is the `name` field of a `CertificateManagerCertificate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + description: + description: A human-readable description of the resource. + type: string + hostname: + description: |- + Immutable. A Hostname (FQDN, e.g. example.com) or a wildcard hostname expression (*.example.com) + for a set of hostnames with common suffix. Used as Server Name Indication (SNI) for + selecting a proper certificate. + type: string + mapRef: + description: A map entry that is inputted into the certificate map. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CertificateManagerCertificateMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + matcher: + description: Immutable. A predefined matcher for particular cases, + other than SNI selection. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - certificatesRefs + - mapRef + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Creation timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC "Zulu" format, + with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: A serving state of this Certificate Map Entry. + type: string + updateTime: + description: |- + Update timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC "Zulu" format, + with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: certificatemanagercertificatemaps.certificatemanager.cnrm.cloud.google.com +spec: + group: certificatemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CertificateManagerCertificateMap + plural: certificatemanagercertificatemaps + shortNames: + - gcpcertificatemanagercertificatemap + - gcpcertificatemanagercertificatemaps + singular: certificatemanagercertificatemap + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Creation timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, + accurate to nanoseconds with up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + gclbTargets: + description: A list of target proxies that use this Certificate Map. + items: + properties: + ipConfigs: + description: An IP configuration where this Certificate Map + is serving. + items: + properties: + ipAddress: + description: An external IP address. + type: string + ports: + description: A list of ports. + items: + type: integer + type: array + type: object + type: array + targetHttpsProxy: + description: |- + Proxy name must be in the format projects/*/locations/*/targetHttpsProxies/*. + This field is part of a union field 'target_proxy': Only one of 'targetHttpsProxy' or + 'targetSslProxy' may be set. + type: string + targetSslProxy: + description: |- + Proxy name must be in the format projects/*/locations/*/targetSslProxies/*. + This field is part of a union field 'target_proxy': Only one of 'targetHttpsProxy' or + 'targetSslProxy' may be set. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + Update timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, + accurate to nanoseconds with up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Creation timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, + accurate to nanoseconds with up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + gclbTargets: + description: A list of target proxies that use this Certificate Map. + items: + properties: + ipConfigs: + description: An IP configuration where this Certificate Map + is serving. + items: + properties: + ipAddress: + description: An external IP address. + type: string + ports: + description: A list of ports. + items: + type: integer + type: array + type: object + type: array + targetHttpsProxy: + description: |- + Proxy name must be in the format projects/*/locations/*/targetHttpsProxies/*. + This field is part of a union field 'target_proxy': Only one of 'targetHttpsProxy' or + 'targetSslProxy' may be set. + type: string + targetSslProxy: + description: |- + Proxy name must be in the format projects/*/locations/*/targetSslProxies/*. + This field is part of a union field 'target_proxy': Only one of 'targetHttpsProxy' or + 'targetSslProxy' may be set. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + Update timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, + accurate to nanoseconds with up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: certificatemanagercertificates.certificatemanager.cnrm.cloud.google.com +spec: + group: certificatemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CertificateManagerCertificate + plural: certificatemanagercertificates + shortNames: + - gcpcertificatemanagercertificate + - gcpcertificatemanagercertificates + singular: certificatemanagercertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. + type: string + location: + description: Immutable. The Certificate Manager location. If not specified, + "global" is used. + type: string + managed: + description: |- + Immutable. Configuration and state of a Managed Certificate. + Certificate Manager provisions and renews Managed Certificates + automatically, for as long as it's authorized to do so. + properties: + authorizationAttemptInfo: + description: |- + Detailed state of the latest authorization attempt for each domain + specified for this Managed Certificate. + items: + properties: + details: + description: |- + Human readable explanation for reaching the state. Provided to help + address the configuration issues. + Not guaranteed to be stable. For programmatic access use 'failure_reason' field. + type: string + domain: + description: Domain name of the authorization attempt. + type: string + failureReason: + description: Reason for failure of the authorization attempt + for the domain. + type: string + state: + description: State of the domain for managed certificate + issuance. + type: string + type: object + type: array + dnsAuthorizationsRefs: + items: + description: Authorizations that will be used for performing + domain authorization. Either issuanceConfig or dnsAuthorizations + should be specified, but not both. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/locations/global/dnsAuthorizations/{{value}}`, + where {{value}} is the `name` field of a `CertificateManagerDNSAuthorization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + domains: + description: |- + Immutable. The domains for which a managed SSL certificate will be generated. + Wildcard domains are only supported with DNS challenge resolution. + items: + type: string + type: array + issuanceConfigRef: + description: |- + Only the `external` field is supported to configure the reference. + + Immutable. The resource name for a CertificateIssuanceConfig used to configure private PKI certificates in the format projects/*/locations/*/certificateIssuanceConfigs/*. + If this field is not set, the certificates will instead be publicly signed as documented at https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs#caa. + Either issuanceConfig or dnsAuthorizations should be specified, but not both. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/certificateIssuanceConfigs/{{name}}`, + where {{value}} is the `name` field of a `CertificateManagerCertificateIssuanceConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + provisioningIssue: + description: Information about issues with provisioning this Managed + Certificate. + items: + properties: + details: + description: |- + Human readable explanation about the issue. Provided to help address + the configuration issues. + Not guaranteed to be stable. For programmatic access use 'reason' field. + type: string + reason: + description: Reason for provisioning failures. + type: string + type: object + type: array + state: + description: A state of this Managed Certificate. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + scope: + description: |- + Immutable. The scope of the certificate. + + DEFAULT: Certificates with default scope are served from core Google data centers. + If unsure, choose this option. + + EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, + served from non-core Google data centers. + + ALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs). + see https://cloud.google.com/compute/docs/regions-zones. + type: string + selfManaged: + description: |- + Immutable. Certificate data for a SelfManaged Certificate. + SelfManaged Certificates are uploaded by the user. Updating such + certificates before they expire remains the user's responsibility. + properties: + certificatePem: + description: |- + DEPRECATED. `certificate_pem` is deprecated. Use `pem_certificate` instead. Immutable. The certificate chain in PEM-encoded form. + + Leaf certificate comes first, followed by intermediate ones if any. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + pemCertificate: + description: |- + Immutable. The certificate chain in PEM-encoded form. + + Leaf certificate comes first, followed by intermediate ones if any. + type: string + pemPrivateKey: + description: Immutable. The private key of the leaf certificate + in PEM-encoded form. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + privateKeyPem: + description: DEPRECATED. `private_key_pem` is deprecated. Use + `pem_private_key` instead. Immutable. The private key of the + leaf certificate in PEM-encoded form. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + type: object + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. + type: string + location: + description: Immutable. The Certificate Manager location. If not specified, + "global" is used. + type: string + managed: + description: |- + Immutable. Configuration and state of a Managed Certificate. + Certificate Manager provisions and renews Managed Certificates + automatically, for as long as it's authorized to do so. + properties: + authorizationAttemptInfo: + description: |- + Detailed state of the latest authorization attempt for each domain + specified for this Managed Certificate. + items: + properties: + details: + description: |- + Human readable explanation for reaching the state. Provided to help + address the configuration issues. + Not guaranteed to be stable. For programmatic access use 'failure_reason' field. + type: string + domain: + description: Domain name of the authorization attempt. + type: string + failureReason: + description: Reason for failure of the authorization attempt + for the domain. + type: string + state: + description: State of the domain for managed certificate + issuance. + type: string + type: object + type: array + dnsAuthorizationsRefs: + items: + description: Authorizations that will be used for performing + domain authorization. Either issuanceConfig or dnsAuthorizations + should be specified, but not both. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/locations/global/dnsAuthorizations/{{value}}`, + where {{value}} is the `name` field of a `CertificateManagerDNSAuthorization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + domains: + description: |- + Immutable. The domains for which a managed SSL certificate will be generated. + Wildcard domains are only supported with DNS challenge resolution. + items: + type: string + type: array + issuanceConfigRef: + description: |- + Only the `external` field is supported to configure the reference. + + Immutable. The resource name for a CertificateIssuanceConfig used to configure private PKI certificates in the format projects/*/locations/*/certificateIssuanceConfigs/*. + If this field is not set, the certificates will instead be publicly signed as documented at https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs#caa. + Either issuanceConfig or dnsAuthorizations should be specified, but not both. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/certificateIssuanceConfigs/{{name}}`, + where {{value}} is the `name` field of a `CertificateManagerCertificateIssuanceConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + provisioningIssue: + description: Information about issues with provisioning this Managed + Certificate. + items: + properties: + details: + description: |- + Human readable explanation about the issue. Provided to help address + the configuration issues. + Not guaranteed to be stable. For programmatic access use 'reason' field. + type: string + reason: + description: Reason for provisioning failures. + type: string + type: object + type: array + state: + description: A state of this Managed Certificate. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + scope: + description: |- + Immutable. The scope of the certificate. + + DEFAULT: Certificates with default scope are served from core Google data centers. + If unsure, choose this option. + + EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, + served from non-core Google data centers. + + ALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs). + see https://cloud.google.com/compute/docs/regions-zones. + type: string + selfManaged: + description: |- + Immutable. Certificate data for a SelfManaged Certificate. + SelfManaged Certificates are uploaded by the user. Updating such + certificates before they expire remains the user's responsibility. + properties: + certificatePem: + description: |- + DEPRECATED. `certificate_pem` is deprecated. Use `pem_certificate` instead. Immutable. The certificate chain in PEM-encoded form. + + Leaf certificate comes first, followed by intermediate ones if any. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + pemCertificate: + description: |- + Immutable. The certificate chain in PEM-encoded form. + + Leaf certificate comes first, followed by intermediate ones if any. + type: string + pemPrivateKey: + description: Immutable. The private key of the leaf certificate + in PEM-encoded form. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + privateKeyPem: + description: DEPRECATED. `private_key_pem` is deprecated. Use + `pem_private_key` instead. Immutable. The private key of the + leaf certificate in PEM-encoded form. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + type: object + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: certificatemanagerdnsauthorizations.certificatemanager.cnrm.cloud.google.com +spec: + group: certificatemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CertificateManagerDNSAuthorization + listKind: CertificateManagerDNSAuthorizationList + plural: certificatemanagerdnsauthorizations + shortNames: + - gcpcertificatemanagerdnsauthorization + - gcpcertificatemanagerdnsauthorizations + singular: certificatemanagerdnsauthorization + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: CertificateManagerDNSAuthorization is the Schema for the CertificateManagerDNSAuthorization + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CertificateManagerDNSAuthorizationSpec defines the desired + state of CertificateManagerDNSAuthorization + properties: + description: + description: A human-readable description of the resource. + type: string + domain: + description: Immutable. A domain which is being authorized. A DnsAuthorization + resource covers a single domain and its wildcard, e.g. authorization + for "example.com" can be used to issue certificates for "example.com" + and "*.example.com". + type: string + x-kubernetes-validations: + - message: Domain field is immutable + rule: self == oldSelf + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + required: + - domain + - projectRef + type: object + status: + description: CertificateManagerDNSAuthorizationStatus defines the config + connector machine state of CertificateManagerDNSAuthorization + properties: + conditions: + description: Conditions represent the latest available observations + of the CertificateManagerDNSAuthorization's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + dnsResourceRecord: + description: The structure describing the DNS Resource Record that + needs to be added to DNS configuration for the authorization to + be usable by certificate. + items: + properties: + data: + description: Data of the DNS Resource Record. + type: string + name: + description: Fully qualified name of the DNS Resource Record. + E.g. '_acme-challenge.example.com'. + type: string + type: + description: Type of the DNS Resource Record. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: CertificateManagerDNSAuthorization is the Schema for the CertificateManagerDNSAuthorization + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CertificateManagerDNSAuthorizationSpec defines the desired + state of CertificateManagerDNSAuthorization + properties: + description: + description: A human-readable description of the resource. + type: string + domain: + description: Immutable. A domain which is being authorized. A DnsAuthorization + resource covers a single domain and its wildcard, e.g. authorization + for "example.com" can be used to issue certificates for "example.com" + and "*.example.com". + type: string + x-kubernetes-validations: + - message: Domain field is immutable + rule: self == oldSelf + location: + description: Immutable. Optional. Location represents the geographical + location of the DnsAuthorization. If not specified, "global" is + used. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + required: + - domain + - projectRef + type: object + status: + description: CertificateManagerDNSAuthorizationStatus defines the config + connector machine state of CertificateManagerDNSAuthorization + properties: + conditions: + description: Conditions represent the latest available observations + of the CertificateManagerDNSAuthorization's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + dnsResourceRecord: + description: The structure describing the DNS Resource Record that + needs to be added to DNS configuration for the authorization to + be usable by certificate. + items: + properties: + data: + description: Output only. Data of the DNS Resource Record. + type: string + name: + description: Output only. Fully qualified name of the DNS Resource + Record. e.g. `_acme-challenge.example.com` + type: string + type: + description: Output only. Type of the DNS Resource Record. Currently + always set to "CNAME". + type: string + type: object + type: array + externalRef: + description: A unique specifier for the CertificateManagerDNSAuthorization + resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudassetfolderfeeds.cloudasset.cnrm.cloud.google.com +spec: + group: cloudasset.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudAssetFolderFeed + plural: cloudassetfolderfeeds + shortNames: + - gcpcloudassetfolderfeed + - gcpcloudassetfolderfeeds + singular: cloudassetfolderfeed + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + assetNames: + description: |- + A list of the full names of the assets to receive updates. You must specify either or both of + assetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are + exported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1. + See https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info. + items: + type: string + type: array + assetTypes: + description: |- + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + items: + type: string + type: array + billingProject: + description: |- + Immutable. The project whose identity will be used when sending messages to the + destination pubsub topic. It also specifies the project for API + enablement check, quota, and billing. + type: string + condition: + description: |- + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: |- + String indicating the location of the expression for error reporting, e.g. a file + name and a position in the file. + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression + type: object + contentType: + description: 'Asset content type. If not specified, no content but + the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", + "RESOURCE", "IAM_POLICY", "ORG_POLICY", "OS_INVENTORY", "ACCESS_POLICY"].' + type: string + feedId: + description: Immutable. This is the client-assigned asset feed identifier + and it needs to be unique under a specific parent. + type: string + feedOutputConfig: + description: Output configuration for asset feed destination. + properties: + pubsubDestination: + description: Destination on Cloud Pubsub. + properties: + topic: + description: Destination on Cloud Pubsub topic. + type: string + required: + - topic + type: object + required: + - pubsubDestination + type: object + folder: + description: Immutable. The folder this feed should be created in. + type: string + folderRef: + description: The folder that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Folder` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - billingProject + - feedId + - feedOutputConfig + - folder + - folderRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + folderId: + description: |- + The ID of the folder where this feed has been created. Both [FOLDER_NUMBER] + and folders/[FOLDER_NUMBER] are accepted. + type: string + name: + description: The format will be folders/{folder_number}/feeds/{client-assigned_feed_identifier}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudassetorganizationfeeds.cloudasset.cnrm.cloud.google.com +spec: + group: cloudasset.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudAssetOrganizationFeed + plural: cloudassetorganizationfeeds + shortNames: + - gcpcloudassetorganizationfeed + - gcpcloudassetorganizationfeeds + singular: cloudassetorganizationfeed + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + assetNames: + description: |- + A list of the full names of the assets to receive updates. You must specify either or both of + assetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are + exported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1. + See https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info. + items: + type: string + type: array + assetTypes: + description: |- + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + items: + type: string + type: array + billingProject: + description: |- + Immutable. The project whose identity will be used when sending messages to the + destination pubsub topic. It also specifies the project for API + enablement check, quota, and billing. + type: string + condition: + description: |- + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: |- + String indicating the location of the expression for error reporting, e.g. a file + name and a position in the file. + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression + type: object + contentType: + description: 'Asset content type. If not specified, no content but + the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", + "RESOURCE", "IAM_POLICY", "ORG_POLICY", "OS_INVENTORY", "ACCESS_POLICY"].' + type: string + feedId: + description: Immutable. This is the client-assigned asset feed identifier + and it needs to be unique under a specific parent. + type: string + feedOutputConfig: + description: Output configuration for asset feed destination. + properties: + pubsubDestination: + description: Destination on Cloud Pubsub. + properties: + topic: + description: Destination on Cloud Pubsub topic. + type: string + required: + - topic + type: object + required: + - pubsubDestination + type: object + organizationRef: + description: The organization that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - billingProject + - feedId + - feedOutputConfig + - organizationRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The format will be organizations/{organization_number}/feeds/{client-assigned_feed_identifier}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudassetprojectfeeds.cloudasset.cnrm.cloud.google.com +spec: + group: cloudasset.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudAssetProjectFeed + plural: cloudassetprojectfeeds + shortNames: + - gcpcloudassetprojectfeed + - gcpcloudassetprojectfeeds + singular: cloudassetprojectfeed + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + assetNames: + description: |- + A list of the full names of the assets to receive updates. You must specify either or both of + assetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are + exported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1. + See https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info. + items: + type: string + type: array + assetTypes: + description: |- + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + items: + type: string + type: array + billingProject: + description: |- + Immutable. The project whose identity will be used when sending messages to the + destination pubsub topic. It also specifies the project for API + enablement check, quota, and billing. If not specified, the resource's + project will be used. + type: string + condition: + description: |- + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: |- + String indicating the location of the expression for error reporting, e.g. a file + name and a position in the file. + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression + type: object + contentType: + description: 'Asset content type. If not specified, no content but + the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", + "RESOURCE", "IAM_POLICY", "ORG_POLICY", "OS_INVENTORY", "ACCESS_POLICY"].' + type: string + feedId: + description: Immutable. This is the client-assigned asset feed identifier + and it needs to be unique under a specific parent. + type: string + feedOutputConfig: + description: Output configuration for asset feed destination. + properties: + pubsubDestination: + description: Destination on Cloud Pubsub. + properties: + topic: + description: Destination on Cloud Pubsub topic. + type: string + required: + - topic + type: object + required: + - pubsubDestination + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - feedId + - feedOutputConfig + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The format will be projects/{projectNumber}/feeds/{client-assigned_feed_identifier}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudbuildtriggers.cloudbuild.cnrm.cloud.google.com +spec: + group: cloudbuild.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudBuildTrigger + plural: cloudbuildtriggers + shortNames: + - gcpcloudbuildtrigger + - gcpcloudbuildtriggers + singular: cloudbuildtrigger + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + approvalConfig: + description: |- + Configuration for manual approval to start a build invocation of this BuildTrigger. + Builds created by this trigger will require approval before they execute. + Any user with a Cloud Build Approver role for the project can approve a build. + properties: + approvalRequired: + description: |- + Whether or not approval is needed. If this is set on a build, it will become pending when run, + and will need to be explicitly approved to start. + type: boolean + type: object + bitbucketServerTriggerConfig: + description: BitbucketServerTriggerConfig describes the configuration + of a trigger that creates a build whenever a Bitbucket Server event + is received. + properties: + bitbucketServerConfigResourceRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the bitbucket server config. Format: + projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildBitbucketServerConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectKey: + description: 'Key of the project that the repo is in. For example: + The key for https://mybitbucket.server/projects/TEST/repos/test-repo + is "TEST".' + type: string + pullRequest: + description: Filter to match changes in pull requests. + properties: + branch: + description: |- + Regex of branches to match. + The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + commentControl: + description: 'Configure builds to run whether a repository + owner or collaborator need to comment /gcbrun. Possible + values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + required: + - branch + type: object + push: + description: Filter to match changes in refs like branches, tags. + properties: + branch: + description: Regex of branches to match. Specify only one + of branch or tag. + type: string + invertRegex: + description: When true, only trigger a build if the revision + regex does NOT match the gitRef regex. + type: boolean + tag: + description: Regex of tags to match. Specify only one of + branch or tag. + type: string + type: object + repoSlug: + description: |- + Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL. + For example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo. + type: string + required: + - bitbucketServerConfigResourceRef + - projectKey + - repoSlug + type: object + build: + description: Contents of the build template. Either a filename or + build template must be provided. + properties: + artifacts: + description: Artifacts produced by the build that should be uploaded + upon successful completion of all build steps. + properties: + images: + description: |- + A list of images to be pushed upon the successful completion of all build steps. + + The images will be pushed using the builder service account's credentials. + + The digests of the pushed images will be stored in the Build resource's results field. + + If any of the images fail to be pushed, the build is marked FAILURE. + items: + type: string + type: array + objects: + description: |- + A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. + + Files in the workspace matching specified paths globs will be uploaded to the + Cloud Storage location using the builder service account's credentials. + + The location and generation of the uploaded objects will be stored in the Build resource's results field. + + If any objects fail to be pushed, the build is marked FAILURE. + properties: + location: + description: |- + Cloud Storage bucket and optional object path, in the form "gs://bucket/path/to/somewhere/". + + Files in the workspace matching any path pattern will be uploaded to Cloud Storage with + this location as a prefix. + type: string + paths: + description: Path globs used to match files in the build's + workspace. + items: + type: string + type: array + timing: + description: Output only. Stores timing information for + pushing all artifact objects. + items: + properties: + endTime: + description: |- + End of time span. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + startTime: + description: |- + Start of time span. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + type: array + type: object + type: object + availableSecrets: + description: Secrets and secret environment variables. + properties: + secretManager: + description: Pairs a secret environment variable with a SecretVersion + in Secret Manager. + items: + properties: + env: + description: |- + Environment variable name to associate with the secret. Secret environment + variables must be unique across all of a build's secrets, and must be used + by at least one build step. + type: string + versionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of + a `SecretManagerSecretVersion` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - env + - versionRef + type: object + type: array + required: + - secretManager + type: object + images: + description: |- + A list of images to be pushed upon the successful completion of all build steps. + The images are pushed using the builder service account's credentials. + The digests of the pushed images will be stored in the Build resource's results field. + If any of the images fail to be pushed, the build status is marked FAILURE. + items: + type: string + type: array + logsBucketRef: + description: |- + Google Cloud Storage bucket where logs should be written. Logs file + names will be of the format ${logsBucket}/log-${build_id}.txt. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `url` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + options: + description: Special options for this build. + properties: + diskSizeGb: + description: |- + Requested disk size for the VM that runs the build. Note that this is NOT "disk free"; + some of the space will be used by the operating system and build utilities. + Also note that this is the minimum disk size that will be allocated for the build -- + the build may run with a larger disk than requested. At present, the maximum disk size + is 1000GB; builds that request more than the maximum are rejected with an error. + type: integer + dynamicSubstitutions: + description: |- + Option to specify whether or not to apply bash style string operations to the substitutions. + + NOTE this is always enabled for triggered builds and cannot be overridden in the build configuration file. + type: boolean + env: + description: |- + A list of global environment variable definitions that will exist for all build steps + in this build. If a variable is defined in both globally and in a build step, + the variable will use the build step value. + + The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE". + items: + type: string + type: array + logStreamingOption: + description: 'Option to define build log streaming behavior + to Google Cloud Storage. Possible values: ["STREAM_DEFAULT", + "STREAM_ON", "STREAM_OFF"].' + type: string + logging: + description: 'Option to specify the logging mode, which determines + if and where build logs are stored. Possible values: ["LOGGING_UNSPECIFIED", + "LEGACY", "GCS_ONLY", "STACKDRIVER_ONLY", "CLOUD_LOGGING_ONLY", + "NONE"].' + type: string + machineType: + description: Compute Engine machine type on which to run the + build. + type: string + requestedVerifyOption: + description: 'Requested verifiability options. Possible values: + ["NOT_VERIFIED", "VERIFIED"].' + type: string + secretEnv: + description: |- + A list of global environment variables, which are encrypted using a Cloud Key Management + Service crypto key. These values must be specified in the build's Secret. These variables + will be available to all build steps in this build. + items: + type: string + type: array + sourceProvenanceHash: + description: 'Requested hash for SourceProvenance. Possible + values: ["NONE", "SHA256", "MD5"].' + items: + type: string + type: array + substitutionOption: + description: |- + Option to specify behavior when there is an error in the substitution checks. + + NOTE this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden + in the build configuration file. Possible values: ["MUST_MATCH", "ALLOW_LOOSE"]. + type: string + volumes: + description: |- + Global list of volumes to mount for ALL build steps + + Each volume is created as an empty volume prior to starting the build process. + Upon completion of the build, volumes and their contents are discarded. Global + volume names and paths cannot conflict with the volumes defined a build step. + + Using a global volume in a build with only one step is not valid as it is indicative + of a build request with an incorrect configuration. + items: + properties: + name: + description: |- + Name of the volume to mount. + + Volume names must be unique per build step and must be valid names for Docker volumes. + Each named volume must be used by at least two build steps. + type: string + path: + description: |- + Path at which to mount the volume. + + Paths must be absolute and cannot conflict with other volume paths on the same + build step or with certain reserved volume paths. + type: string + type: object + type: array + workerPool: + description: |- + Option to specify a WorkerPool for the build. Format projects/{project}/workerPools/{workerPool} + + This field is experimental. + type: string + type: object + queueTtl: + description: |- + TTL in queue for this build. If provided and the build is enqueued longer than this value, + the build will expire and the build status will be EXPIRED. + The TTL starts ticking from createTime. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + secret: + description: Secrets to decrypt using Cloud Key Management Service. + items: + properties: + kmsKeyRef: + description: KMS crypto key to use to decrypt these envs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + secretEnv: + additionalProperties: + type: string + description: |- + Map of environment variable name to its encrypted value. + Secret environment variables must be unique across all of a build's secrets, + and must be used by at least one build step. Values can be at most 64 KB in size. + There can be at most 100 secret values across all of a build's secrets. + type: object + required: + - kmsKeyRef + type: object + type: array + source: + description: |- + The location of the source files to build. + + One of 'storageSource' or 'repoSource' must be provided. + properties: + repoSource: + description: Location of the source in a Google Cloud Source + Repository. + properties: + branchName: + description: |- + Regex matching branches to build. Exactly one a of branch name, tag, or commit SHA must be provided. + The syntax of the regular expressions accepted is the syntax accepted by RE2 and + described at https://github.com/google/re2/wiki/Syntax. + type: string + commitSha: + description: Explicit commit SHA to build. Exactly one + a of branch name, tag, or commit SHA must be provided. + type: string + dir: + description: |- + Directory, relative to the source root, in which to run the build. + This must be a relative path. If a step's dir is specified and is an absolute path, + this value is ignored for that step's execution. + type: string + invertRegex: + description: Only trigger a build if the revision regex + does NOT match the revision regex. + type: boolean + projectId: + description: |- + ID of the project that owns the Cloud Source Repository. + If omitted, the project ID requesting the build is assumed. + type: string + repoRef: + description: |- + The desired Cloud Source Repository. If omitted, "default" is + assumed. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a + `SourceRepoRepository` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + substitutions: + additionalProperties: + type: string + description: Substitutions to use in a triggered build. + Should only be used with triggers.run. + type: object + tagName: + description: |- + Regex matching tags to build. Exactly one a of branch name, tag, or commit SHA must be provided. + The syntax of the regular expressions accepted is the syntax accepted by RE2 and + described at https://github.com/google/re2/wiki/Syntax. + type: string + required: + - repoRef + type: object + storageSource: + description: Location of the source in an archive file in + Google Cloud Storage. + properties: + bucketRef: + description: Google Cloud Storage bucket containing the + source. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a + `StorageBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + generation: + description: |- + Google Cloud Storage generation for the object. + If the generation is omitted, the latest generation will be used. + type: string + object: + description: |- + Google Cloud Storage object containing the source. + This object must be a gzipped archive file (.tar.gz) containing source to build. + type: string + required: + - bucketRef + - object + type: object + type: object + step: + description: The operations to be performed on the workspace. + items: + properties: + allowExitCodes: + description: |- + Allow this build step to fail without failing the entire build if and + only if the exit code is one of the specified codes. + + If 'allowFailure' is also specified, this field will take precedence. + items: + type: integer + type: array + allowFailure: + description: |- + Allow this build step to fail without failing the entire build. + If false, the entire build will fail if this step fails. Otherwise, the + build will succeed, but this step will still have a failure status. + Error information will be reported in the 'failureDetail' field. + + 'allowExitCodes' takes precedence over this field. + type: boolean + args: + description: |- + A list of arguments that will be presented to the step when it is started. + + If the image used to run the step's container has an entrypoint, the args + are used as arguments to that entrypoint. If the image does not define an + entrypoint, the first element in args is used as the entrypoint, and the + remainder will be used as arguments. + items: + type: string + type: array + dir: + description: |- + Working directory to use when running this step's container. + + If this value is a relative path, it is relative to the build's working + directory. If this value is absolute, it may be outside the build's working + directory, in which case the contents of the path may not be persisted + across build step executions, unless a 'volume' for that path is specified. + + If the build specifies a 'RepoSource' with 'dir' and a step with a + 'dir', + which specifies an absolute path, the 'RepoSource' 'dir' is ignored + for the step's execution. + type: string + entrypoint: + description: |- + Entrypoint to be used instead of the build step image's + default entrypoint. + If unset, the image's default entrypoint is used. + type: string + env: + description: |- + A list of environment variable definitions to be used when + running a step. + + The elements are of the form "KEY=VALUE" for the environment variable + "KEY" being given the value "VALUE". + items: + type: string + type: array + id: + description: |- + Unique identifier for this build step, used in 'wait_for' to + reference this build step as a dependency. + type: string + name: + description: |- + The name of the container image that will run this particular build step. + + If the image is available in the host's Docker daemon's cache, it will be + run directly. If not, the host will attempt to pull the image first, using + the builder service account's credentials if necessary. + + The Docker daemon's cache will already have the latest versions of all of + the officially supported build steps (see https://github.com/GoogleCloudPlatform/cloud-builders + for images and examples). + The Docker daemon will also have cached many of the layers for some popular + images, like "ubuntu", "debian", but they will be refreshed at the time + you attempt to use them. + + If you built an image in a previous build step, it will be stored in the + host's Docker daemon's cache and is available to use as the name for a + later build step. + type: string + script: + description: |- + A shell script to be executed in the step. + When script is provided, the user cannot specify the entrypoint or args. + type: string + secretEnv: + description: |- + A list of environment variables which are encrypted using + a Cloud Key + Management Service crypto key. These values must be specified in + the build's 'Secret'. + items: + type: string + type: array + timeout: + description: |- + Time limit for executing this build step. If not defined, + the step has no + time limit and will be allowed to continue to run until either it + completes or the build itself times out. + type: string + timing: + description: |- + Output only. Stores timing information for executing this + build step. + type: string + volumes: + description: |- + List of volumes to mount into the build step. + + Each volume is created as an empty volume prior to execution of the + build step. Upon completion of the build, volumes and their contents + are discarded. + + Using a named volume in only one step is not valid as it is + indicative of a build request with an incorrect configuration. + items: + properties: + name: + description: |- + Name of the volume to mount. + + Volume names must be unique per build step and must be valid names for + Docker volumes. Each named volume must be used by at least two build steps. + type: string + path: + description: |- + Path at which to mount the volume. + + Paths must be absolute and cannot conflict with other volume paths on + the same build step or with certain reserved volume paths. + type: string + required: + - name + - path + type: object + type: array + waitFor: + description: |- + The ID(s) of the step(s) that this build step depends on. + + This build step will not start until all the build steps in 'wait_for' + have completed successfully. If 'wait_for' is empty, this build step + will start when all previous build steps in the 'Build.Steps' list + have completed successfully. + items: + type: string + type: array + required: + - name + type: object + type: array + substitutions: + additionalProperties: + type: string + description: Substitutions data for Build resource. + type: object + tags: + description: Tags for annotation of a Build. These are not docker + tags. + items: + type: string + type: array + timeout: + description: |- + Amount of time that this build should be allowed to run, to second granularity. + If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT. + This timeout must be equal to or greater than the sum of the timeouts for build steps within the build. + The expected format is the number of seconds followed by s. + Default time is ten minutes (600s). + type: string + required: + - step + type: object + description: + description: Human-readable description of the trigger. + type: string + disabled: + description: Whether the trigger is disabled or not. If true, the + trigger will never result in a build. + type: boolean + filename: + description: |- + Path, from the source root, to a file whose contents is used for the template. + Either a filename or build template must be provided. Set this only when using trigger_template or github. + When using Pub/Sub, Webhook or Manual set the file name using git_file_source instead. + type: string + filter: + description: A Common Expression Language string. Used only with Pub/Sub + and Webhook. + type: string + gitFileSource: + description: The file source describing the local or remote Build + template. + properties: + bitbucketServerConfigRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the bitbucket server config. Format: + projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildBitbucketServerConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + githubEnterpriseConfigRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + path: + description: The path of the file, with the repo root as the root + of the path. + type: string + repoType: + description: |- + The type of the repo, since it may not be explicit from the repo field (e.g from a URL). + Values can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: ["UNKNOWN", "CLOUD_SOURCE_REPOSITORIES", "GITHUB", "BITBUCKET_SERVER"]. + type: string + repositoryRef: + description: |- + Only `external` field is supported to configure the reference. + + The fully qualified resource name of the Repo API repository. The fully qualified resource name of the Repo API repository. + If unspecified, the repo from which the trigger invocation originated is assumed to be the repo from which to read the specified path. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildV2Repository` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + revision: + description: |- + The branch, tag, arbitrary ref, or SHA version of the repo to use when resolving the + filename (optional). This field respects the same syntax/resolution as described here: https://git-scm.com/docs/gitrevisions + If unspecified, the revision from which the trigger invocation originated is assumed to be the revision from which to read the specified path. + type: string + uri: + description: |- + The URI of the repo (optional). If unspecified, the repo from which the trigger + invocation originated is assumed to be the repo from which to read the specified path. + type: string + required: + - path + - repoType + type: object + github: + description: |- + Describes the configuration of a trigger that creates a build whenever a GitHub event is received. + + One of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided. + properties: + enterpriseConfigResourceNameRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: |- + Name of the repository. For example: The name for + https://github.com/googlecloudplatform/cloud-builders is "cloud-builders". + type: string + owner: + description: |- + Owner of the repository. For example: The owner for + https://github.com/googlecloudplatform/cloud-builders is "googlecloudplatform". + type: string + pullRequest: + description: filter to match changes in pull requests. Specify + only one of 'pull_request' or 'push'. + properties: + branch: + description: Regex of branches to match. + type: string + commentControl: + description: 'Whether to block builds on a "/gcbrun" comment + from a repository owner or collaborator. Possible values: + ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + required: + - branch + type: object + push: + description: filter to match changes in refs, like branches or + tags. Specify only one of 'pull_request' or 'push'. + properties: + branch: + description: Regex of branches to match. Specify only one + of branch or tag. + type: string + invertRegex: + description: When true, only trigger a build if the revision + regex does NOT match the git_ref regex. + type: boolean + tag: + description: Regex of tags to match. Specify only one of + branch or tag. + type: string + type: object + type: object + ignoredFiles: + description: |- + ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match + extended with support for '**'. + + If ignoredFiles and changed files are both empty, then they are not + used to determine whether or not to trigger a build. + + If ignoredFiles is not empty, then we ignore any files that match any + of the ignored_file globs. If the change has no files that are outside + of the ignoredFiles globs, then we do not trigger a build. + items: + type: string + type: array + includeBuildLogs: + description: |- + Build logs will be sent back to GitHub as part of the checkrun + result. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or + INCLUDE_BUILD_LOGS_WITH_STATUS Possible values: ["INCLUDE_BUILD_LOGS_UNSPECIFIED", "INCLUDE_BUILD_LOGS_WITH_STATUS"]. + type: string + includedFiles: + description: |- + ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match + extended with support for '**'. + + If any of the files altered in the commit pass the ignoredFiles filter + and includedFiles is empty, then as far as this filter is concerned, we + should trigger the build. + + If any of the files altered in the commit pass the ignoredFiles filter + and includedFiles is not empty, then we make sure that at least one of + those files matches a includedFiles glob. If not, then we do not trigger + a build. + items: + type: string + type: array + location: + description: 'Immutable. The location of the Cloud Build trigger. + If not specified, "global" is used. More info: cloud.google.com/build/docs/locations.' + type: string + pubsubConfig: + description: |- + PubsubConfig describes the configuration of a trigger that creates + a build whenever a Pub/Sub message is published. + + One of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided. + properties: + serviceAccountRef: + description: Service account that will make the push request. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + state: + description: |- + Potential issues with the underlying Pub/Sub subscription configuration. + Only populated on get requests. + type: string + subscription: + description: Output only. Name of the subscription. + type: string + topicRef: + description: |- + The name of the topic from which this subscription + is receiving messages. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + repositoryEventConfig: + description: The configuration of a trigger that creates a build whenever + an event from Repo API is received. + properties: + pullRequest: + description: Contains filter properties for matching Pull Requests. + properties: + branch: + description: |- + Regex of branches to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + commentControl: + description: 'Configure builds to run whether a repository + owner or collaborator need to comment ''/gcbrun''. Possible + values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + type: object + push: + description: Contains filter properties for matching git pushes. + properties: + branch: + description: |- + Regex of branches to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + invertRegex: + description: If true, only trigger a build if the revision + regex does NOT match the git_ref regex. + type: boolean + tag: + description: |- + Regex of tags to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + type: object + repository: + description: The resource name of the Repo API resource. + type: string + type: object + serviceAccountRef: + description: |- + The service account used for all user-controlled operations including + triggers.patch, triggers.run, builds.create, and builds.cancel. + + If no service account is set, then the standard Cloud Build service account + ([PROJECT_NUM]@system.gserviceaccount.com) will be used instead. + + When populating via the external field, the following format is supported: + projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL} + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/serviceAccounts/{{value}}`, + where {{value}} is the `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceToBuild: + description: |- + The repo and ref of the repository from which to build. + This field is used only for those triggers that do not respond to SCM events. + Triggers that respond to such events build source at whatever commit caused the event. + This field is currently only used by Webhook, Pub/Sub, Manual, and Cron triggers. + + One of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided. + properties: + bitbucketServerConfigRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the bitbucket server config. Format: + projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildBitbucketServerConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + githubEnterpriseConfigRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ref: + description: The branch or tag to use. Must start with "refs/" + (required). + type: string + repoType: + description: |- + The type of the repo, since it may not be explicit from the repo field (e.g from a URL). + Values can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: ["UNKNOWN", "CLOUD_SOURCE_REPOSITORIES", "GITHUB", "BITBUCKET_SERVER"]. + type: string + repositoryRef: + description: |- + Only `external` field is supported to configure the reference. + + The qualified resource name of the Repo API repository. + Either uri or repository can be specified and is required. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildV2Repository` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + uri: + description: The URI of the repo. + type: string + required: + - ref + - repoType + type: object + substitutions: + additionalProperties: + type: string + description: Substitutions data for Build resource. + type: object + tags: + description: Tags for annotation of a BuildTrigger. + items: + type: string + type: array + triggerTemplate: + description: |- + Template describing the types of source changes to trigger a build. + + Branch and tag names in trigger templates are interpreted as regular + expressions. Any branch or tag change that matches that regular + expression will trigger a build. + + One of 'trigger_template', 'github', 'pubsub_config', 'webhook_config' or 'source_to_build' must be provided. + properties: + branchName: + description: |- + Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided. + This field is a regular expression. + type: string + commitSha: + description: Explicit commit SHA to build. Exactly one of a branch + name, tag, or commit SHA must be provided. + type: string + dir: + description: |- + Directory, relative to the source root, in which to run the build. + + This must be a relative path. If a step's dir is specified and + is an absolute path, this value is ignored for that step's + execution. + type: string + invertRegex: + description: Only trigger a build if the revision regex does NOT + match the revision regex. + type: boolean + repoRef: + description: |- + The Cloud Source Repository to build. If omitted, the repo with + name "default" is assumed. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SourceRepoRepository` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tagName: + description: |- + Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided. + This field is a regular expression. + type: string + type: object + webhookConfig: + description: |- + WebhookConfig describes the configuration of a trigger that creates + a build whenever a webhook is sent to a trigger's webhook URL. + + One of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided. + properties: + secretRef: + description: The secret required + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SecretManagerSecretVersion` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + state: + description: |- + Potential issues with the underlying Pub/Sub subscription configuration. + Only populated on get requests. + type: string + required: + - secretRef + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time when the trigger was created. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + triggerId: + description: The unique identifier for the trigger. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: beta + name: cloudbuildworkerpools.cloudbuild.cnrm.cloud.google.com +spec: + group: cloudbuild.cnrm.cloud.google.com + names: + kind: CloudBuildWorkerPool + listKind: CloudBuildWorkerPoolList + plural: cloudbuildworkerpools + singular: cloudbuildworkerpool + preserveUnknownFields: false + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: CloudBuildWorkerPool is the Schema for the CloudBuild WorkerPool + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CloudBuildWorkerPoolSpec defines the desired state of Instance + properties: + displayName: + type: string + location: + type: string + name: + type: string + privatePoolV1Config: + properties: + networkConfig: + properties: + egressOption: + type: string + peeredNetworkIPRange: + type: string + peeredNetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed Compute + Network resource. Should be in the format `projects//global/networks/`. + type: string + name: + description: The `name` field of a `ComputeNetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeNetwork` + resource. + type: string + type: object + required: + - peeredNetworkRef + type: object + workerConfig: + properties: + diskSizeGb: + format: int64 + type: integer + machineType: + type: string + type: object + required: + - workerConfig + type: object + projectRef: + description: The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + type: string + required: + - location + - privatePoolV1Config + - projectRef + type: object + status: + description: CloudBuildWorkerPoolStatus defines the observed state of + Instance + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + createTime: + description: The creation timestamp of the workerpool. + format: date-time + type: string + networkConfig: + properties: + egressOption: + type: string + peeredNetwork: + type: string + peeredNetworkIPRange: + type: string + type: object + updateTime: + description: The last update timestamp of the workerpool. + format: date-time + type: string + workerConfig: + properties: + diskSizeGb: + format: int64 + type: integer + machineType: + type: string + type: object + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: CloudBuildWorkerPool is the Schema for the CloudBuild WorkerPool + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CloudBuildWorkerPoolSpec defines the desired state of Instance + properties: + displayName: + description: A user-specified, human-readable name for the `WorkerPool`. + If provided, this value must be 1-63 characters. + type: string + location: + type: string + privatePoolV1Config: + description: Legacy Private Pool configuration. + properties: + networkConfig: + description: Network configuration for the pool. + properties: + egressOption: + description: Option to configure network egress for the workers. + type: string + peeredNetworkIPRange: + description: Immutable. Subnet IP range within the peered + network. This is specified in CIDR notation with a slash + and the subnet prefix size. You can optionally specify an + IP address before the subnet prefix value. e.g. `192.168.0.0/29` + would specify an IP range starting at 192.168.0.0 with a + prefix size of 29 bits. `/16` would specify a prefix size + of 16 bits, with an automatically determined IP within the + peered VPC. If unspecified, a value of `/24` will be used. + type: string + x-kubernetes-validations: + - message: the field is immutable + rule: self == oldSelf + peeredNetworkRef: + description: Immutable. The network definition that the workers + are peered to. If this section is left empty, the workers + will be peered to `WorkerPool.project_id` on the service + producer network. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed Compute + Network resource. Should be in the format `projects//global/networks/`. + type: string + name: + description: The `name` field of a `ComputeNetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeNetwork` + resource. + type: string + type: object + x-kubernetes-validations: + - message: the field is immutable + rule: self == oldSelf + type: object + workerConfig: + description: Machine configuration for the workers in the pool. + properties: + diskSizeGb: + description: Size of the disk attached to the worker, in GB. + See [Worker pool config file](https://cloud.google.com/build/docs/private-pools/worker-pool-config-file-schema). + Specify a value of up to 2000. If `0` is specified, Cloud + Build will use a standard disk size. + format: int64 + type: integer + machineType: + description: Machine type of a worker, such as `e2-medium`. + See [Worker pool config file](https://cloud.google.com/build/docs/private-pools/worker-pool-config-file-schema). + If left blank, Cloud Build will use a sensible default. + type: string + type: object + required: + - workerConfig + type: object + projectRef: + description: The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: The GCP resource identifier. If not given, the metadata.name + will be used. + type: string + required: + - location + - privatePoolV1Config + - projectRef + type: object + status: + description: CloudBuildWorkerPoolStatus defines the observed state of + Instance + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique Config Connector specifier for the resource + in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + createTime: + description: The creation timestamp of the workerpool. + format: date-time + type: string + etag: + description: The Checksum computed by the server, using weak indicator. + type: string + networkConfig: + description: Network configuration for the pool. + properties: + egressOption: + description: Option to configure network egress for the workers. + type: string + peeredNetwork: + description: Immutable. The network definition that the workers + are peered to. If this section is left empty, the workers + will be peered to `WorkerPool.project_id` on the service + producer network. + type: string + peeredNetworkIPRange: + description: Immutable. Subnet IP range within the peered + network. This is specified in CIDR notation with a slash + and the subnet prefix size. You can optionally specify an + IP address before the subnet prefix value. e.g. `192.168.0.0/29` + would specify an IP range starting at 192.168.0.0 with a + prefix size of 29 bits. `/16` would specify a prefix size + of 16 bits, with an automatically determined IP within the + peered VPC. If unspecified, a value of `/24` will be used. + type: string + type: object + updateTime: + description: The last update timestamp of the workerpool. + format: date-time + type: string + workerConfig: + description: Machine configuration for the workers in the pool. + properties: + diskSizeGb: + description: Size of the disk attached to the worker, in GB. + See [Worker pool config file](https://cloud.google.com/build/docs/private-pools/worker-pool-config-file-schema). + Specify a value of up to 2000. If `0` is specified, Cloud + Build will use a standard disk size. + format: int64 + type: integer + machineType: + description: Machine type of a worker, such as `e2-medium`. + See [Worker pool config file](https://cloud.google.com/build/docs/private-pools/worker-pool-config-file-schema). + If left blank, Cloud Build will use a sensible default. + type: string + type: object + required: + - workerConfig + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudfunctions2functions.cloudfunctions2.cnrm.cloud.google.com +spec: + group: cloudfunctions2.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudFunctions2Function + plural: cloudfunctions2functions + shortNames: + - gcpcloudfunctions2function + - gcpcloudfunctions2functions + singular: cloudfunctions2function + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + buildConfig: + description: |- + Describes the Build step of the function that builds a container + from the given source. + properties: + build: + description: |- + The Cloud Build name of the latest successful + deployment of the function. + type: string + dockerRepository: + description: User managed repository created in Artifact Registry + optionally with a customer managed encryption key. + type: string + entryPoint: + description: |- + The name of the function (as defined in source code) that will be executed. + Defaults to the resource name suffix, if not specified. For backward + compatibility, if function with given name is not found, then the system + will try to use function named "function". For Node.js this is name of a + function exported by the module specified in source_location. + type: string + environmentVariables: + additionalProperties: + type: string + description: User-provided build-time environment variables for + the function. + type: object + runtime: + description: |- + The runtime in which to run the function. Required when deploying a new + function, optional when updating an existing function. + type: string + source: + description: The location of the function source code. + properties: + repoSource: + description: If provided, get the source from this location + in a Cloud Source Repository. + properties: + branchName: + description: Regex matching branches to build. + type: string + commitSha: + description: Regex matching tags to build. + type: string + dir: + description: Directory, relative to the source root, in + which to run the build. + type: string + invertRegex: + description: |- + Only trigger a build if the revision regex does + NOT match the revision regex. + type: boolean + projectId: + description: |- + Immutable. ID of the project that owns the Cloud Source Repository. If omitted, the + project ID requesting the build is assumed. + type: string + repoName: + description: Name of the Cloud Source Repository. + type: string + tagName: + description: Regex matching tags to build. + type: string + type: object + storageSource: + description: If provided, get the source from this location + in Google Cloud Storage. + properties: + bucket: + description: Google Cloud Storage bucket containing the + source. + type: string + generation: + description: |- + Google Cloud Storage generation for the object. If the generation + is omitted, the latest generation will be used. + type: integer + object: + description: Google Cloud Storage object containing the + source. + type: string + type: object + type: object + workerPool: + description: Name of the Cloud Build Custom Worker Pool that should + be used to build the function. + type: string + type: object + description: + description: User-provided description of a function. + type: string + eventTrigger: + description: |- + An Eventarc trigger managed by Google Cloud Functions that fires events in + response to a condition in another service. + properties: + eventFilters: + description: Criteria used to filter events. + items: + properties: + attribute: + description: |- + 'Required. The name of a CloudEvents attribute. + Currently, only a subset of attributes are supported for filtering. Use the 'gcloud eventarc providers describe' command to learn more about events and their attributes. + Do not filter for the 'type' attribute here, as this is already achieved by the resource's 'event_type' attribute. + type: string + operator: + description: |- + Optional. The operator used for matching the events with the value of + the filter. If not specified, only events that have an exact key-value + pair specified in the filter are matched. + The only allowed value is 'match-path-pattern'. + [See documentation on path patterns here](https://cloud.google.com/eventarc/docs/path-patterns)'. + type: string + value: + description: |- + Required. The value for the attribute. + If the operator field is set as 'match-path-pattern', this value can be a path pattern instead of an exact value. + type: string + required: + - attribute + - value + type: object + type: array + eventType: + description: Required. The type of event to observe. + type: string + pubsubTopic: + description: |- + The name of a Pub/Sub topic in the same project that will be used + as the transport topic for the event delivery. + type: string + retryPolicy: + description: |- + Describes the retry policy in case of function's execution failure. + Retried execution is charged as any other execution. Possible values: ["RETRY_POLICY_UNSPECIFIED", "RETRY_POLICY_DO_NOT_RETRY", "RETRY_POLICY_RETRY"]. + type: string + serviceAccountEmail: + description: The email of the service account for this function. + type: string + trigger: + description: Output only. The resource name of the Eventarc trigger. + type: string + triggerRegion: + description: |- + The region that the trigger will be in. The trigger will only receive + events originating in this region. It can be the same + region as the function, a different region or multi-region, or the global + region. If not provided, defaults to the same region as the function. + type: string + type: object + kmsKeyName: + description: |- + Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. + It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}. + type: string + location: + description: Immutable. The location of this cloud function. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceConfig: + description: Describes the Service being deployed. + properties: + allTrafficOnLatestRevision: + description: Whether 100% of traffic is routed to the latest revision. + Defaults to true. + type: boolean + availableCpu: + description: The number of CPUs used in a single container instance. + Default value is calculated from available memory. + type: string + availableMemory: + description: |- + The amount of memory available for a function. + Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is + supplied the value is interpreted as bytes. + type: string + environmentVariables: + additionalProperties: + type: string + description: Environment variables that shall be available during + function execution. + type: object + gcfUri: + description: URIs of the Service deployed. + type: string + ingressSettings: + description: 'Available ingress settings. Defaults to "ALLOW_ALL" + if unspecified. Default value: "ALLOW_ALL" Possible values: + ["ALLOW_ALL", "ALLOW_INTERNAL_ONLY", "ALLOW_INTERNAL_AND_GCLB"].' + type: string + maxInstanceCount: + description: |- + The limit on the maximum number of function instances that may coexist at a + given time. + type: integer + maxInstanceRequestConcurrency: + description: Sets the maximum number of concurrent requests that + each instance can receive. Defaults to 1. + type: integer + minInstanceCount: + description: |- + The limit on the minimum number of function instances that may coexist at a + given time. + type: integer + secretEnvironmentVariables: + description: Secret environment variables configuration. + items: + properties: + key: + description: Name of the environment variable. + type: string + projectId: + description: Project identifier (preferrably project number + but can also be the project ID) of the project that contains + the secret. If not set, it will be populated with the + function's project assuming that the secret exists in + the same project as of the function. + type: string + secret: + description: Name of the secret in secret manager (not the + full resource name). + type: string + version: + description: Version of the secret (version number or the + string 'latest'). It is recommended to use a numeric version + for secret environment variables as any updates to the + secret value is not reflected until new instances start. + type: string + required: + - key + - projectId + - secret + - version + type: object + type: array + secretVolumes: + description: Secret volumes configuration. + items: + properties: + mountPath: + description: 'The path within the container to mount the + secret volume. For example, setting the mountPath as /etc/secrets + would mount the secret value files under the /etc/secrets + directory. This directory will also be completely shadowed + and unavailable to mount any other secrets. Recommended + mount path: /etc/secrets.' + type: string + projectId: + description: Project identifier (preferrably project number + but can also be the project ID) of the project that contains + the secret. If not set, it will be populated with the + function's project assuming that the secret exists in + the same project as of the function. + type: string + secret: + description: Name of the secret in secret manager (not the + full resource name). + type: string + versions: + description: List of secret versions to mount for this secret. + If empty, the latest version of the secret will be made + available in a file named after the secret under the mount + point.'. + items: + properties: + path: + description: Relative path of the file under the mount + path where the secret value for this version will + be fetched and made available. For example, setting + the mountPath as '/etc/secrets' and path as secret_foo + would mount the secret value file at /etc/secrets/secret_foo. + type: string + version: + description: Version of the secret (version number + or the string 'latest'). It is preferable to use + latest version with secret volumes as secret value + changes are reflected immediately. + type: string + required: + - path + - version + type: object + type: array + required: + - mountPath + - projectId + - secret + type: object + type: array + service: + description: Name of the service associated with a Function. + type: string + serviceAccountEmail: + description: The email of the service account for this function. + type: string + timeoutSeconds: + description: |- + The function execution timeout. Execution is considered failed and + can be terminated if the function is not completed at the end of the + timeout period. Defaults to 60 seconds. + type: integer + uri: + description: URI of the Service deployed. + type: string + vpcConnector: + description: The Serverless VPC Access connector that this cloud + function can connect to. + type: string + vpcConnectorEgressSettings: + description: 'Available egress settings. Possible values: ["VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED", + "PRIVATE_RANGES_ONLY", "ALL_TRAFFIC"].' + type: string + type: object + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + environment: + description: The environment the function is hosted on. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: Describes the current state of the function. + type: string + updateTime: + description: The last update timestamp of a Cloud Function. + type: string + url: + description: Output only. The deployed url for the function. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: cloudfunctionsfunctions.cloudfunctions.cnrm.cloud.google.com +spec: + group: cloudfunctions.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudFunctionsFunction + plural: cloudfunctionsfunctions + shortNames: + - gcpcloudfunctionsfunction + - gcpcloudfunctionsfunctions + singular: cloudfunctionsfunction + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + availableMemoryMb: + description: 'Memory (in MB), available to the function. Default value + is 256MB. Allowed values are: 128MB, 256MB, 512MB, 1024MB, and 2048MB.' + format: int64 + type: integer + description: + description: User-provided description of a function. + type: string + entryPoint: + description: |- + Immutable. The name of the function (as defined in source code) that will be + executed. Defaults to the resource name suffix, if not specified. For + backward compatibility, if function with given name is not found, then the + system will try to use function named "function". + For Node.js this is name of a function exported by the module specified + in `source_location`. + type: string + environmentVariables: + additionalProperties: + type: string + description: Environment variables that shall be available during + function execution. + type: object + eventTrigger: + description: Immutable. A source that fires events in response to + a condition in another service. + properties: + eventType: + description: |- + Immutable. Required. The type of event to observe. For example: + `providers/cloud.storage/eventTypes/object.change` and + `providers/cloud.pubsub/eventTypes/topic.publish`. + + Event types match pattern `providers/*/eventTypes/*.*`. + The pattern contains: + + 1. namespace: For example, `cloud.storage` and + `google.firebase.analytics`. + 2. resource type: The type of resource on which event occurs. For + example, the Google Cloud Storage API includes the type `object`. + 3. action: The action that generates the event. For example, action for + a Google Cloud Storage Object is 'change'. + These parts are lower case. + type: string + failurePolicy: + description: Immutable. Specifies policy for failed executions. + type: boolean + resourceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: |- + Required. The resource(s) from which to observe events, for example, + `projects/_/buckets/myBucket`. + + Not all syntactically correct values are accepted by all services. For + example: + + 1. The authorization model must support it. Google Cloud Functions + only allows EventTriggers to be deployed that observe resources in the + same project as the `Function`. + 2. The resource type must match the pattern expected for an + `event_type`. For example, an `EventTrigger` that has an + `event_type` of "google.pubsub.topic.publish" should have a resource + that matches Google Cloud Pub/Sub topics. + + Additionally, some services may support short names when creating an + `EventTrigger`. These will always be returned in the normalized "long" + format. + + See each *service's* documentation for supported formats. + + Allowed values: + * The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + * The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + kind: + description: 'Kind of the referent. Allowed values: StorageBucket,PubSubTopic' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + service: + description: |- + Immutable. The hostname of the service that should be observed. + + If no string is provided, the default service implementing the API will + be used. For example, `storage.googleapis.com` is the default for all + event types in the `google.storage` namespace. + type: string + required: + - eventType + - resourceRef + type: object + httpsTrigger: + description: Immutable. An HTTPS endpoint type of source that can + be triggered via URL. + properties: + securityLevel: + description: 'Immutable. Both HTTP and HTTPS requests with URLs + that match the handler succeed without redirects. The application + can examine the request to determine which protocol was used + and respond accordingly. Possible values: SECURITY_LEVEL_UNSPECIFIED, + SECURE_ALWAYS, SECURE_OPTIONAL' + type: string + type: object + ingressSettings: + description: |- + The ingress settings for the function, controlling what traffic can reach + it. Possible values: INGRESS_SETTINGS_UNSPECIFIED, ALLOW_ALL, ALLOW_INTERNAL_ONLY, ALLOW_INTERNAL_AND_GCLB + type: string + maxInstances: + description: |- + The limit on the maximum number of function instances that may coexist at a + given time. + format: int64 + type: integer + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project id of the function. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The name of the Cloud Functions region of + the function. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + runtime: + description: | + The runtime in which to run the function. Required when deploying a new + function, optional when updating an existing function. For a complete + list of possible choices, see the + [`gcloud` command + reference](/sdk/gcloud/reference/functions/deploy#--runtime). + type: string + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The email of the function's service account. If empty, defaults to + `{project_id}@appspot.gserviceaccount.com`. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceArchiveUrl: + description: Immutable. The Google Cloud Storage URL, starting with + gs://, pointing to the zip archive which contains the function. + type: string + sourceRepository: + description: Immutable. Represents parameters related to source repository + where a function is hosted. + properties: + url: + description: |- + Immutable. The URL pointing to the hosted repository where the function is defined. + There are supported Cloud Source Repository URLs in the following + formats: + + To refer to a specific commit: + `https://source.developers.google.com/projects/*/repos/*/revisions/*/paths/*` + To refer to a moveable alias (branch): + `https://source.developers.google.com/projects/*/repos/*/moveable-aliases/*/paths/*` + In particular, to refer to HEAD use `master` moveable alias. + To refer to a specific fixed alias (tag): + `https://source.developers.google.com/projects/*/repos/*/fixed-aliases/*/paths/*` + + You may omit `paths/*` if you want to use the main directory. + type: string + required: + - url + type: object + timeout: + description: |- + The function execution timeout. Execution is considered failed and + can be terminated if the function is not completed at the end of the + timeout period. Defaults to 60 seconds. + type: string + vpcConnectorEgressSettings: + description: |- + The egress settings for the connector, controlling what traffic is diverted + through it. Possible values: VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, ALL_TRAFFIC + type: string + vpcConnectorRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The VPC Network Connector that this cloud function can connect to. It can + be either the fully-qualified URI, or the short name of the network + connector resource. The format of this field is + `projects/*/locations/*/connectors/*` + + Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + - region + - runtime + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + httpsTrigger: + properties: + url: + description: Output only. The deployed url for the function. + type: string + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + sourceRepository: + properties: + deployedUrl: + description: |- + Output only. The URL pointing to the hosted repository where the function + were defined at the time of deployment. It always points to a specific + commit in the format described above. + type: string + type: object + status: + description: 'Output only. Status of the function deployment. Possible + values: CLOUD_FUNCTION_STATUS_UNSPECIFIED, ACTIVE, OFFLINE, DEPLOY_IN_PROGRESS, + DELETE_IN_PROGRESS, UNKNOWN' + type: string + updateTime: + description: Output only. The last update timestamp of a Cloud Function + in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up + to nine fractional digits. + type: string + versionId: + description: |- + Output only. The version identifier of the Cloud Function. Each deployment attempt + results in a new version of a function being created. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudidentitygroups.cloudidentity.cnrm.cloud.google.com +spec: + group: cloudidentity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudIdentityGroup + plural: cloudidentitygroups + shortNames: + - gcpcloudidentitygroup + - gcpcloudidentitygroups + singular: cloudidentitygroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + An extended description to help users determine the purpose of a Group. + Must not be longer than 4,096 characters. + type: string + displayName: + description: The display name of the Group. + type: string + groupKey: + description: Immutable. EntityKey of the Group. + properties: + id: + description: |- + Immutable. The ID of the entity. + + For Google-managed entities, the id must be the email address of an existing + group or user. + + For external-identity-mapped entities, the id must be a string conforming + to the Identity Source's requirements. + + Must be unique within a namespace. + type: string + namespace: + description: |- + Immutable. The namespace in which the entity exists. + + If not specified, the EntityKey represents a Google-managed entity + such as a Google user or a Google Group. + + If specified, the EntityKey represents an external-identity-mapped group. + The namespace must correspond to an identity source created in Admin Console + and must be in the form of 'identitysources/{identity_source_id}'. + type: string + required: + - id + type: object + initialGroupConfig: + description: |- + Immutable. The initial configuration options for creating a Group. + + See the + [API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig) + for possible values. Default value: "EMPTY" Possible values: ["INITIAL_GROUP_CONFIG_UNSPECIFIED", "WITH_INITIAL_OWNER", "EMPTY"]. + type: string + labels: + additionalProperties: + type: string + description: |- + One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value. + + Google Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value. + + Existing Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added. + + Dynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic. + + Identity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value. + type: object + parent: + description: |- + Immutable. The resource name of the entity under which this Group resides in the + Cloud Identity resource hierarchy. + + Must be of the form identitysources/{identity_source_id} for external-identity-mapped + groups or customers/{customer_id} for Google Groups. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - groupKey + - labels + - parent + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the Group was created. + type: string + name: + description: |- + Resource name of the Group in the format: groups/{group_id}, where group_id + is the unique ID assigned to the Group. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: The time when the Group was last updated. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: cloudidentitymemberships.cloudidentity.cnrm.cloud.google.com +spec: + group: cloudidentity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudIdentityMembership + plural: cloudidentitymemberships + shortNames: + - gcpcloudidentitymembership + - gcpcloudidentitymemberships + singular: cloudidentitymembership + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + groupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The group for the resource + + Allowed value: The Google Cloud resource name of a `CloudIdentityGroup` resource (format: `groups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + memberKey: + description: Immutable. The `EntityKey` of the member. Either `member_key` + or `preferred_member_key` must be set when calling MembershipsService.CreateMembership + but not both; both shall be set when returned. + properties: + id: + description: The ID of the entity. For Google-managed entities, + the `id` must be the email address of an existing group or user. + For external-identity-mapped entities, the `id` must be a string + conforming to the Identity Source's requirements. Must be unique + within a `namespace`. + type: string + namespace: + description: The namespace in which the entity exists. If not + specified, the `EntityKey` represents a Google-managed entity + such as a Google user or a Google Group. If specified, the `EntityKey` + represents an external-identity-mapped group. The namespace + must correspond to an identity source created in Admin Console + and must be in the form of `identitysources/{identity_source_id}`. + type: string + type: object + preferredMemberKey: + description: Immutable. Required. Immutable. The `EntityKey` of the + member. + properties: + id: + description: Immutable. The ID of the entity. For Google-managed + entities, the `id` must be the email address of a group or user. + For external-identity-mapped entities, the `id` must be a string + conforming to the Identity Source's requirements. Must be unique + within a `namespace`. + type: string + namespace: + description: Immutable. The namespace in which the entity exists. + If not specified, the `EntityKey` represents a Google-managed + entity such as a Google user or a Google Group. If specified, + the `EntityKey` represents an external-identity-mapped group. + The namespace must correspond to an identity source created + in Admin Console and must be in the form of `identitysources/{identity_source_id}`. + type: string + required: + - id + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + roles: + description: The `MembershipRole`s that apply to the `Membership`. + If unspecified, defaults to a single `MembershipRole` with `name` + `MEMBER`. Must not contain duplicate `MembershipRole`s with the + same `name`. + items: + properties: + expiryDetail: + description: The expiry details of the `MembershipRole`. Expiry + details are only supported for `MEMBER` `MembershipRoles`. + May be set if `name` is `MEMBER`. Must not be set if `name` + is any other value. + properties: + expireTime: + description: The time at which the `MembershipRole` will + expire. + format: date-time + type: string + type: object + name: + type: string + restrictionEvaluations: + description: Evaluations of restrictions applied to parent group + on this membership. + properties: + memberRestrictionEvaluation: + description: Evaluation of the member restriction applied + to this membership. Empty if the user lacks permission + to view the restriction evaluation. + properties: + state: + description: 'Output only. The current state of the + restriction Possible values: ENCRYPTION_STATE_UNSPECIFIED, + UNSUPPORTED_BY_DEVICE, ENCRYPTED, NOT_ENCRYPTED' + type: string + type: object + type: object + required: + - name + type: object + type: array + required: + - groupRef + - preferredMemberKey + - roles + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when the `Membership` was created. + format: date-time + type: string + deliverySetting: + description: 'Output only. Delivery setting associated with the membership. + Possible values: DELIVERY_SETTING_UNSPECIFIED, ALL_MAIL, DIGEST, + DAILY, NONE, DISABLED' + type: string + displayName: + description: Output only. The display name of this member, if available + properties: + familyName: + description: Output only. Member's family name + type: string + fullName: + description: Output only. Localized UTF-16 full name for the member. + Localization is done based on the language in the request and + the language of the stored display name. + type: string + givenName: + description: Output only. Member's given name + type: string + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: + description: 'Output only. The type of the membership. Possible values: + OWNER_TYPE_UNSPECIFIED, OWNER_TYPE_CUSTOMER, OWNER_TYPE_PARTNER' + type: string + updateTime: + description: Output only. The time when the `Membership` was last + updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudidsendpoints.cloudids.cnrm.cloud.google.com +spec: + group: cloudids.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudIDSEndpoint + plural: cloudidsendpoints + shortNames: + - gcpcloudidsendpoint + - gcpcloudidsendpoints + singular: cloudidsendpoint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of the endpoint. + type: string + location: + description: Immutable. The location for the endpoint. + type: string + networkRef: + description: |- + Immutable. Name of the VPC network that is connected + to the IDS endpoint. This can either contain the VPC network name + itself (like "src-net") or the full URL to the network (like "projects/{project_id}/global/networks/src-net"). + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + severity: + description: 'Immutable. The minimum alert severity level that is + reported by the endpoint. Possible values: ["INFORMATIONAL", "LOW", + "MEDIUM", "HIGH", "CRITICAL"].' + type: string + threatExceptions: + description: 'Configuration for threat IDs excluded from generating + alerts. Limit: 99 IDs.' + items: + type: string + type: array + required: + - location + - networkRef + - projectRef + - severity + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + createTime: + description: Creation timestamp in RFC 3339 text format. + type: string + endpointForwardingRule: + description: URL of the endpoint's network address to which traffic + is to be sent by Packet Mirroring. + type: string + endpointIP: + description: Internal IP address of the endpoint's network entry + point. + type: string + updateTime: + description: Last update timestamp in RFC 3339 text format. + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of the endpoint. + type: string + location: + description: Immutable. The location for the endpoint. + type: string + networkRef: + description: |- + Immutable. Name of the VPC network that is connected + to the IDS endpoint. This can either contain the VPC network name + itself (like "src-net") or the full URL to the network (like "projects/{project_id}/global/networks/src-net"). + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + severity: + description: 'Immutable. The minimum alert severity level that is + reported by the endpoint. Possible values: ["INFORMATIONAL", "LOW", + "MEDIUM", "HIGH", "CRITICAL"].' + type: string + threatExceptions: + description: 'Configuration for threat IDs excluded from generating + alerts. Limit: 99 IDs.' + items: + type: string + type: array + required: + - location + - networkRef + - projectRef + - severity + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + createTime: + description: Creation timestamp in RFC 3339 text format. + type: string + endpointForwardingRule: + description: URL of the endpoint's network address to which traffic + is to be sent by Packet Mirroring. + type: string + endpointIP: + description: Internal IP address of the endpoint's network entry + point. + type: string + updateTime: + description: Last update timestamp in RFC 3339 text format. + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudiotdeviceregistries.cloudiot.cnrm.cloud.google.com +spec: + group: cloudiot.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudIOTDeviceRegistry + plural: cloudiotdeviceregistries + shortNames: + - gcpcloudiotdeviceregistry + - gcpcloudiotdeviceregistries + singular: cloudiotdeviceregistry + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + credentials: + description: List of public key certificates to authenticate devices. + items: + properties: + publicKeyCertificate: + description: A public key certificate format and data. + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - publicKeyCertificate + type: object + type: array + eventNotificationConfigs: + description: |- + List of configurations for event notifications, such as PubSub topics + to publish device events to. + items: + properties: + pubsubTopicName: + description: PubSub topic name to publish device events. + type: string + subfolderMatches: + description: |- + If the subfolder name matches this string exactly, this + configuration will be used. The string must not include the + leading '/' character. If empty, all strings are matched. Empty + value can only be used for the last 'event_notification_configs' + item. + type: string + required: + - pubsubTopicName + type: object + type: array + httpConfig: + description: Activate or deactivate HTTP. + type: object + x-kubernetes-preserve-unknown-fields: true + logLevel: + description: |- + The default logging verbosity for activity from devices in this + registry. Specifies which events should be written to logs. For + example, if the LogLevel is ERROR, only events that terminate in + errors will be logged. LogLevel is inclusive; enabling INFO logging + will also enable ERROR logging. Default value: "NONE" Possible values: ["NONE", "ERROR", "INFO", "DEBUG"]. + type: string + mqttConfig: + description: Activate or deactivate MQTT. + type: object + x-kubernetes-preserve-unknown-fields: true + project: + description: Immutable. + type: string + region: + description: |- + Immutable. The region in which the created registry should reside. + If it is not provided, the provider region is used. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + stateNotificationConfig: + description: A PubSub topic to publish device state updates. + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudiotdevices.cloudiot.cnrm.cloud.google.com +spec: + group: cloudiot.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudIOTDevice + plural: cloudiotdevices + shortNames: + - gcpcloudiotdevice + - gcpcloudiotdevices + singular: cloudiotdevice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + blocked: + description: If a device is blocked, connections or requests from + this device will fail. + type: boolean + credentials: + description: The credentials used to authenticate this device. + items: + properties: + expirationTime: + description: The time at which this credential becomes invalid. + type: string + publicKey: + description: A public key used to verify the signature of JSON + Web Tokens (JWTs). + properties: + format: + description: 'The format of the key. Possible values: ["RSA_PEM", + "RSA_X509_PEM", "ES256_PEM", "ES256_X509_PEM"].' + type: string + key: + description: The key data. + type: string + required: + - format + - key + type: object + required: + - publicKey + type: object + type: array + gatewayConfig: + description: Gateway-related configuration and state. + properties: + gatewayAuthMethod: + description: 'Indicates whether the device is a gateway. Possible + values: ["ASSOCIATION_ONLY", "DEVICE_AUTH_TOKEN_ONLY", "ASSOCIATION_AND_DEVICE_AUTH_TOKEN"].' + type: string + gatewayType: + description: 'Immutable. Indicates whether the device is a gateway. + Default value: "NON_GATEWAY" Possible values: ["GATEWAY", "NON_GATEWAY"].' + type: string + lastAccessedGatewayId: + description: The ID of the gateway the device accessed most recently. + type: string + lastAccessedGatewayTime: + description: The most recent time at which the device accessed + the gateway specified in last_accessed_gateway. + type: string + type: object + logLevel: + description: 'The logging verbosity for device activity. Possible + values: ["NONE", "ERROR", "INFO", "DEBUG"].' + type: string + metadata: + additionalProperties: + type: string + description: The metadata key-value pairs assigned to the device. + type: object + registry: + description: Immutable. The name of the device registry where this + device should be created. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - registry + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + config: + description: The most recent device configuration, which is eventually + sent from Cloud IoT Core to the device. + items: + properties: + binaryData: + description: The device configuration data. + type: string + cloudUpdateTime: + description: The time at which this configuration version was + updated in Cloud IoT Core. + type: string + deviceAckTime: + description: |- + The time at which Cloud IoT Core received the acknowledgment from the device, + indicating that the device has received this configuration version. + type: string + version: + description: The version of this update. + type: string + type: object + type: array + lastConfigAckTime: + description: The last time a cloud-to-device config version acknowledgment + was received from the device. + type: string + lastConfigSendTime: + description: The last time a cloud-to-device config version was sent + to the device. + type: string + lastErrorStatus: + description: The error message of the most recent error, such as a + failure to publish to Cloud Pub/Sub. + items: + properties: + details: + description: A list of messages that carry the error details. + items: + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + message: + description: A developer-facing error message, which should + be in English. + type: string + number: + description: The status code, which should be an enum value + of google.rpc.Code. + type: integer + type: object + type: array + lastErrorTime: + description: The time the most recent error occurred, such as a failure + to publish to Cloud Pub/Sub. + type: string + lastEventTime: + description: The last time a telemetry event was received. + type: string + lastHeartbeatTime: + description: The last time an MQTT PINGREQ was received. + type: string + lastStateTime: + description: The last time a state event was received. + type: string + numId: + description: |- + A server-defined unique numeric ID for the device. + This is a more compact way to identify devices, and it is globally unique. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The state most recently received from the device. + items: + properties: + binaryData: + description: The device state data. + type: string + updateTime: + description: The time at which this state version was updated + in Cloud IoT Core. + type: string + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: cloudschedulerjobs.cloudscheduler.cnrm.cloud.google.com +spec: + group: cloudscheduler.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudSchedulerJob + plural: cloudschedulerjobs + shortNames: + - gcpcloudschedulerjob + - gcpcloudschedulerjobs + singular: cloudschedulerjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + appEngineHttpTarget: + description: App Engine HTTP target. + properties: + appEngineRouting: + description: App Engine Routing setting for the job. + properties: + instance: + description: App instance. By default, the job is sent to + an instance which is available when the job is attempted. + Requests can only be sent to a specific instance if [manual + scaling is used in App Engine Standard](https://cloud.google.com/appengine/docs/python/an-overview-of-app-engine?hl=en_US#scaling_types_and_instance_classes). + App Engine Flex does not support instances. For more information, + see [App Engine Standard request routing](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed) + and [App Engine Flex request routing](https://cloud.google.com/appengine/docs/flexible/python/how-requests-are-routed). + type: string + service: + description: App service. By default, the job is sent to the + service which is the default service when the job is attempted. + type: string + version: + description: App version. By default, the job is sent to the + version which is the default version when the job is attempted. + type: string + type: object + body: + description: Body. HTTP request body. A request body is allowed + only if the HTTP method is POST or PUT. It will result in invalid + argument error to set a body on a job with an incompatible HttpMethod. + type: string + headers: + additionalProperties: + type: string + description: 'HTTP request headers. This map contains the header + field names and values. Headers can be set when the job is created. + Cloud Scheduler sets some headers to default values: * `User-Agent`: + By default, this header is `"App Engine-Google; (+http://code.google.com/appengine)"`. + This header can be modified, but Cloud Scheduler will append + `"App Engine-Google; (+http://code.google.com/appengine)"` to + the modified `User-Agent`. * `X-CloudScheduler`: This header + will be set to true. The headers below are output only. They + cannot be set or overridden: * `X-Google-*`: For Google internal + use only. * `X-App Engine-*`: For Google internal use only. + In addition, some App Engine headers, which contain job-specific + information, are also be sent to the job handler.' + type: object + httpMethod: + description: 'The HTTP method to use for the request. PATCH and + OPTIONS are not permitted. Possible values: HTTP_METHOD_UNSPECIFIED, + POST, GET, HEAD, PUT, DELETE, PATCH, OPTIONS' + type: string + relativeUri: + description: The relative URI. The relative URL must begin with + "/" and must be a valid HTTP relative URL. It can contain a + path, query string arguments, and `#` fragments. If the relative + URL is empty, then the root path "/" will be used. No spaces + are allowed, and the maximum length allowed is 2083 characters. + type: string + type: object + attemptDeadline: + description: 'The deadline for job attempts. If the request handler + does not respond by this deadline then the request is cancelled + and the attempt is marked as a `DEADLINE_EXCEEDED` failure. The + failed attempt can be viewed in execution logs. Cloud Scheduler + will retry the job according to the RetryConfig. The allowed duration + for this deadline is: * For HTTP targets, between 15 seconds and + 30 minutes. * For App Engine HTTP targets, between 15 seconds and + 24 hours.' + type: string + description: + description: Optionally caller-specified in CreateJob or UpdateJob. + A human-readable description for the job. This string must not contain + more than 500 characters. + type: string + httpTarget: + description: HTTP target. + properties: + body: + description: HTTP request body. A request body is allowed only + if the HTTP method is POST, PUT, or PATCH. It is an error to + set body on a job with an incompatible HttpMethod. + type: string + headers: + additionalProperties: + type: string + description: 'The user can specify HTTP request headers to send + with the job''s HTTP request. This map contains the header field + names and values. Repeated headers are not supported, but a + header value can contain commas. These headers represent a subset + of the headers that will accompany the job''s HTTP request. + Some HTTP request headers will be ignored or replaced. A partial + list of headers that will be ignored or replaced is below: - + Host: This will be computed by Cloud Scheduler and derived from + uri. * `Content-Length`: This will be computed by Cloud Scheduler. + * `User-Agent`: This will be set to `"Google-Cloud-Scheduler"`. + * `X-Google-*`: Google internal use only. * `X-appengine-*`: + Google internal use only. The total size of headers must be + less than 80KB.' + type: object + httpMethod: + description: 'Which HTTP method to use for the request. Possible + values: HTTP_METHOD_UNSPECIFIED, POST, GET, HEAD, PUT, DELETE, + PATCH, OPTIONS' + type: string + oauthToken: + description: If specified, an [OAuth token](https://developers.google.com/identity/protocols/OAuth2) + will be generated and attached as an `Authorization` header + in the HTTP request. This type of authorization should generally + only be used when calling Google APIs hosted on *.googleapis.com. + properties: + scope: + description: OAuth scope to be used for generating OAuth access + token. If not specified, "https://www.googleapis.com/auth/cloud-platform" + will be used. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OAuth token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + oidcToken: + description: If specified, an [OIDC](https://developers.google.com/identity/protocols/OpenIDConnect) + token will be generated and attached as an `Authorization` header + in the HTTP request. This type of authorization can be used + for many scenarios, including calling Cloud Run, or endpoints + where you intend to validate the token yourself. + properties: + audience: + description: Audience to be used when generating OIDC token. + If not specified, the URI specified in target will be used. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OIDC token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + uri: + description: 'Required. The full URI path that the request will + be sent to. This string must begin with either "http://" or + "https://". Some examples of valid values for uri are: `http://acme.com` + and `https://acme.com/sales:8080`. Cloud Scheduler will encode + some characters for safety and compatibility. The maximum allowed + URL length is 2083 characters after encoding.' + type: string + required: + - uri + type: object + location: + description: Immutable. The location for the resource + type: string + pubsubTarget: + description: Pub/Sub target. + properties: + attributes: + additionalProperties: + type: string + description: Attributes for PubsubMessage. Pubsub message must + contain either non-empty data, or at least one attribute. + type: object + data: + description: The message payload for PubsubMessage. Pubsub message + must contain either non-empty data, or at least one attribute. + type: string + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the Cloud Pub/Sub topic to which messages will be published when a job is delivered. The topic name must be in the same format as required by Pub/Sub's [PublishRequest.name](https://cloud.google.com/pubsub/docs/reference/rpc/google.pubsub.v1#publishrequest), for example `projects/PROJECT_ID/topics/TOPIC_ID`. The topic must be in the same project as the Cloud Scheduler job. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retryConfig: + description: Settings that determine the retry behavior. + properties: + maxBackoffDuration: + description: The maximum amount of time to wait before retrying + a job after it fails. The default value of this field is 1 hour. + type: string + maxDoublings: + description: The time between retries will double `max_doublings` + times. A job's retry interval starts at min_backoff_duration, + then doubles `max_doublings` times, then increases linearly, + and finally retries at intervals of max_backoff_duration up + to retry_count times. For example, if min_backoff_duration is + 10s, max_backoff_duration is 300s, and `max_doublings` is 3, + then the a job will first be retried in 10s. The retry interval + will double three times, and then increase linearly by 2^3 * + 10s. Finally, the job will retry at intervals of max_backoff_duration + until the job has been attempted retry_count times. Thus, the + requests will retry at 10s, 20s, 40s, 80s, 160s, 240s, 300s, + 300s, .... The default value of this field is 5. + format: int64 + type: integer + maxRetryDuration: + description: The time limit for retrying a failed job, measured + from time when an execution was first attempted. If specified + with retry_count, the job will be retried until both limits + are reached. The default value for max_retry_duration is zero, + which means retry duration is unlimited. + type: string + minBackoffDuration: + description: The minimum amount of time to wait before retrying + a job after it fails. The default value of this field is 5 seconds. + type: string + retryCount: + description: The number of attempts that the system will make + to run a job using the exponential backoff procedure described + by max_doublings. The default value of retry_count is zero. + If retry_count is zero, a job attempt will *not* be retried + if it fails. Instead the Cloud Scheduler system will wait for + the next scheduled execution time. If retry_count is set to + a non-zero number then Cloud Scheduler will retry failed attempts, + using exponential backoff, retry_count times, or until the next + scheduled execution time, whichever comes first. Values greater + than 5 and negative values are not allowed. + format: int64 + type: integer + type: object + schedule: + description: 'Required, except when used with UpdateJob. Describes + the schedule on which the job will be executed. The schedule can + be either of the following types: * [Crontab](http://en.wikipedia.org/wiki/Cron#Overview) + * English-like [schedule](https://cloud.google.com/scheduler/docs/configuring/cron-job-schedules) + As a general rule, execution `n + 1` of a job will not begin until + execution `n` has finished. Cloud Scheduler will never allow two + simultaneously outstanding executions. For example, this implies + that if the `n+1`th execution is scheduled to run at 16:00 but the + `n`th execution takes until 16:15, the `n+1`th execution will not + start until `16:15`. A scheduled start time will be delayed if the + previous execution has not ended when its scheduled time occurs. + If retry_count > 0 and a job attempt fails, the job will be tried + a total of retry_count times, with exponential backoff, until the + next scheduled start time.' + type: string + timeZone: + description: Specifies the time zone to be used in interpreting schedule. + The value of this field must be a time zone name from the [tz database](http://en.wikipedia.org/wiki/Tz_database). + Note that some time zones include a provision for daylight savings + time. The rules for daylight saving time are determined by the chosen + tz. For UTC use the string "utc". If a time zone is not specified, + the default will be in UTC (also known as GMT). + type: string + required: + - location + type: object + status: + properties: + appEngineHttpTarget: + properties: + appEngineRouting: + properties: + host: + description: 'Output only. The host that the job is sent to. + For more information about how App Engine requests are routed, + see [here](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed). + The host is constructed as: * `host = [application_domain_name]` + `| [service] + ''.'' + [application_domain_name]` `| [version] + + ''.'' + [application_domain_name]` `| [version_dot_service]+ + ''.'' + [application_domain_name]` `| [instance] + ''.'' + + [application_domain_name]` `| [instance_dot_service] + + ''.'' + [application_domain_name]` `| [instance_dot_version] + + ''.'' + [application_domain_name]` `| [instance_dot_version_dot_service] + + ''.'' + [application_domain_name]` * `application_domain_name` + = The domain name of the app, for example .appspot.com, + which is associated with the job''s project ID. * `service + =` service * `version =` version * `version_dot_service + =` version `+ ''.'' +` service * `instance =` instance * + `instance_dot_service =` instance `+ ''.'' +` service * + `instance_dot_version =` instance `+ ''.'' +` version * + `instance_dot_version_dot_service =` instance `+ ''.'' +` + version `+ ''.'' +` service If service is empty, then the + job will be sent to the service which is the default service + when the job is attempted. If version is empty, then the + job will be sent to the version which is the default version + when the job is attempted. If instance is empty, then the + job will be sent to an instance which is available when + the job is attempted. If service, version, or instance is + invalid, then the job will be sent to the default version + of the default service when the job is attempted.' + type: string + type: object + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + lastAttemptTime: + description: Output only. The time the last job attempt started. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + scheduleTime: + description: Output only. The next time the job is scheduled. Note + that this may be a retry of a previously failed attempt or the next + execution time according to the schedule. + format: date-time + type: string + state: + description: 'Output only. State of the job. Possible values: STATE_UNSPECIFIED, + ENABLED, PAUSED, DISABLED, UPDATE_FAILED' + type: string + status: + description: Output only. The response from the target for the last + attempted execution. + properties: + code: + description: The status code, which should be an enum value of + google.rpc.Code. + format: int64 + type: integer + details: + description: A list of messages that carry the error details. + There is a common set of message types for APIs to use. + items: + properties: + typeUrl: + description: 'A URL/resource name that uniquely identifies + the type of the serialized protocol buffer message. This + string must contain at least one "/" character. The last + segment of the URL''s path must represent the fully qualified + name of the type (as in `path/google.protobuf.Duration`). + The name should be in a canonical form (e.g., leading + "." is not accepted). In practice, teams usually precompile + into the binary all types that they expect it to use in + the context of Any. However, for URLs which use the scheme + `http`, `https`, or no scheme, one can optionally set + up a type server that maps type URLs to message definitions + as follows: * If no scheme is provided, `https` is assumed. + * An HTTP GET on the URL must yield a google.protobuf.Type + value in binary format, or produce an error. * Applications + are allowed to cache lookup results based on the URL, + or have them precompiled into a binary to avoid any lookup. + Therefore, binary compatibility needs to be preserved + on changes to types. (Use versioned type names to manage + breaking changes.) Note: this functionality is not currently + available in the official protobuf release, and it is + not used for type URLs beginning with type.googleapis.com. + Schemes other than `http`, `https` (or the empty scheme) + might be used with implementation specific semantics.' + type: string + value: + description: Must be a valid serialized protocol buffer + of the above specified type. + type: string + type: object + type: array + message: + description: A developer-facing error message, which should be + in English. Any user-facing error message should be localized + and sent in the google.rpc.Status.details field, or localized + by the client. + type: string + type: object + userUpdateTime: + description: Output only. The creation time of the job. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudtasksqueues.cloudtasks.cnrm.cloud.google.com +spec: + group: cloudtasks.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudTasksQueue + plural: cloudtasksqueues + shortNames: + - gcpcloudtasksqueue + - gcpcloudtasksqueues + singular: cloudtasksqueue + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + appEngineRoutingOverride: + description: |- + Overrides for task-level appEngineRouting. These settings apply only + to App Engine tasks in this queue. + properties: + host: + description: The host that the task is sent to. + type: string + instance: + description: |- + App instance. + + By default, the task is sent to an instance which is available when the task is attempted. + type: string + service: + description: |- + App service. + + By default, the task is sent to the service which is the default service when the task is attempted. + type: string + version: + description: |- + App version. + + By default, the task is sent to the version which is the default version when the task is attempted. + type: string + type: object + location: + description: Immutable. The location of the queue. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rateLimits: + description: |- + Rate limits for task dispatches. + + The queue's actual dispatch rate is the result of: + + * Number of tasks in the queue + * User-specified throttling: rateLimits, retryConfig, and the queue's state. + * System throttling due to 429 (Too Many Requests) or 503 (Service + Unavailable) responses from the worker, high error rates, or to + smooth sudden large traffic spikes. + properties: + maxBurstSize: + description: |- + The max burst size. + + Max burst size limits how fast tasks in queue are processed when many tasks are + in the queue and the rate is high. This field allows the queue to have a high + rate so processing starts shortly after a task is enqueued, but still limits + resource usage when many tasks are enqueued in a short period of time. + type: integer + maxConcurrentDispatches: + description: |- + The maximum number of concurrent tasks that Cloud Tasks allows to + be dispatched for this queue. After this threshold has been + reached, Cloud Tasks stops dispatching tasks until the number of + concurrent requests decreases. + type: integer + maxDispatchesPerSecond: + description: |- + The maximum rate at which tasks are dispatched from this queue. + + If unspecified when the queue is created, Cloud Tasks will pick the default. + type: number + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retryConfig: + description: Settings that determine the retry behavior. + properties: + maxAttempts: + description: |- + Number of attempts per task. + + Cloud Tasks will attempt the task maxAttempts times (that is, if + the first attempt fails, then there will be maxAttempts - 1 + retries). Must be >= -1. + + If unspecified when the queue is created, Cloud Tasks will pick + the default. + + -1 indicates unlimited attempts. + type: integer + maxBackoff: + description: |- + A task will be scheduled for retry between minBackoff and + maxBackoff duration after it fails, if the queue's RetryConfig + specifies that the task should be retried. + type: string + maxDoublings: + description: |- + The time between retries will double maxDoublings times. + + A task's retry interval starts at minBackoff, then doubles maxDoublings times, + then increases linearly, and finally retries retries at intervals of maxBackoff + up to maxAttempts times. + type: integer + maxRetryDuration: + description: |- + If positive, maxRetryDuration specifies the time limit for + retrying a failed task, measured from when the task was first + attempted. Once maxRetryDuration time has passed and the task has + been attempted maxAttempts times, no further attempts will be + made and the task will be deleted. + + If zero, then the task age is unlimited. + type: string + minBackoff: + description: |- + A task will be scheduled for retry between minBackoff and + maxBackoff duration after it fails, if the queue's RetryConfig + specifies that the task should be retried. + type: string + type: object + stackdriverLoggingConfig: + description: Configuration options for writing logs to Stackdriver + Logging. + properties: + samplingRatio: + description: |- + Specifies the fraction of operations to write to Stackdriver Logging. + This field may contain any value between 0.0 and 1.0, inclusive. 0.0 is the + default and means that no operations are logged. + type: number + required: + - samplingRatio + type: object + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeaddresses.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeAddress + plural: computeaddresses + shortNames: + - gcpcomputeaddress + - gcpcomputeaddresses + singular: computeaddress + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + address: + description: |- + Immutable. The static external IP address represented by this resource. + The IP address must be inside the specified subnetwork, + if any. Set by the API if undefined. + type: string + addressType: + description: |- + Immutable. The type of address to reserve. + Note: if you set this argument's value as 'INTERNAL' you need to leave the 'network_tier' argument unset in that resource block. Default value: "EXTERNAL" Possible values: ["INTERNAL", "EXTERNAL"]. + type: string + description: + description: Immutable. An optional description of this resource. + type: string + ipVersion: + description: 'Immutable. The IP Version that will be used by this + address. The default value is ''IPV4''. Possible values: ["IPV4", + "IPV6"].' + type: string + ipv6EndpointType: + description: |- + Immutable. The endpoint type of this address, which should be VM or NETLB. This is + used for deciding which type of endpoint this address can be used after + the external IPv6 address reservation. Possible values: ["VM", "NETLB"]. + type: string + location: + description: 'Location represents the geographical location of the + ComputeAddress. Specify a region name or "global" for global resources. + Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + networkRef: + description: |- + The network in which to reserve the address. If global, the address + must be within the RFC1918 IP space. The network cannot be deleted + if there are any reserved IP ranges referring to it. This field can + only be used with INTERNAL type with the VPC_PEERING and + IPSEC_INTERCONNECT purposes. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkTier: + description: |- + Immutable. The networking tier used for configuring this address. If this field is not + specified, it is assumed to be PREMIUM. + This argument should not be used when configuring Internal addresses, because [network tier cannot be set for internal traffic; it's always Premium](https://cloud.google.com/network-tiers/docs/overview). Possible values: ["PREMIUM", "STANDARD"]. + type: string + prefixLength: + description: Immutable. The prefix length if the resource represents + an IP range. + type: integer + purpose: + description: |- + Immutable. The purpose of this resource, which can be one of the following values. + + * GCE_ENDPOINT for addresses that are used by VM instances, alias IP + ranges, load balancers, and similar resources. + + * SHARED_LOADBALANCER_VIP for an address that can be used by multiple + internal load balancers. + + * VPC_PEERING for addresses that are reserved for VPC peer networks. + + * IPSEC_INTERCONNECT for addresses created from a private IP range that + are reserved for a VLAN attachment in an HA VPN over Cloud Interconnect + configuration. These addresses are regional resources. + + * PRIVATE_SERVICE_CONNECT for a private network address that is used to + configure Private Service Connect. Only global internal addresses can use + this purpose. + + + This should only be set when using an Internal address. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnetworkRef: + description: |- + The subnetwork in which to reserve the address. If an IP address is + specified, it must be within the subnetwork's IP range. This field + can only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER + purposes. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + address: + description: |- + Immutable. The static external IP address represented by this resource. + The IP address must be inside the specified subnetwork, + if any. Set by the API if undefined. + type: string + type: object + selfLink: + type: string + users: + description: The URLs of the resources that are using this address. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeautoscalers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeAutoscaler + plural: computeautoscalers + shortNames: + - gcpcomputeautoscaler + - gcpcomputeautoscalers + singular: computeautoscaler + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscalingPolicy: + description: |- + The configuration parameters for the autoscaling algorithm. You can + define one or more of the policies for an autoscaler: cpuUtilization, + customMetricUtilizations, and loadBalancingUtilization. + + If none of these are specified, the default will be to autoscale based + on cpuUtilization to 0.6 or 60%. + properties: + cooldownPeriod: + description: |- + The number of seconds that the autoscaler should wait before it + starts collecting information from a new instance. This prevents + the autoscaler from collecting information when the instance is + initializing, during which the collected usage would not be + reliable. The default time autoscaler waits is 60 seconds. + + Virtual machine initialization times might vary because of + numerous factors. We recommend that you test how long an + instance may take to initialize. To do this, create an instance + and time the startup process. + type: integer + cpuUtilization: + description: |- + Defines the CPU utilization policy that allows the autoscaler to + scale based on the average CPU utilization of a managed instance + group. + properties: + predictiveMethod: + description: |- + Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are: + + - NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics. + + - OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand. + type: string + target: + description: |- + The target CPU utilization that the autoscaler should maintain. + Must be a float value in the range (0, 1]. If not specified, the + default is 0.6. + + If the CPU level is below the target utilization, the autoscaler + scales down the number of instances until it reaches the minimum + number of instances you specified or until the average CPU of + your instances reaches the target utilization. + + If the average CPU is above the target utilization, the autoscaler + scales up until it reaches the maximum number of instances you + specified or until the average utilization reaches the target + utilization. + type: number + required: + - target + type: object + loadBalancingUtilization: + description: Configuration parameters of autoscaling based on + a load balancer. + properties: + target: + description: |- + Fraction of backend capacity utilization (set in HTTP(s) load + balancing configuration) that autoscaler should maintain. Must + be a positive float value. If not defined, the default is 0.8. + type: number + required: + - target + type: object + maxReplicas: + description: |- + The maximum number of instances that the autoscaler can scale up + to. This is required when creating or updating an autoscaler. The + maximum number of replicas should not be lower than minimal number + of replicas. + type: integer + metric: + description: Configuration parameters of autoscaling based on + a custom metric. + items: + properties: + filter: + description: |- + A filter string to be used as the filter string for + a Stackdriver Monitoring TimeSeries.list API call. + This filter is used to select a specific TimeSeries for + the purpose of autoscaling and to determine whether the metric + is exporting per-instance or per-group data. + + You can only use the AND operator for joining selectors. + You can only use direct equality comparison operator (=) without + any functions for each selector. + You can specify the metric in both the filter string and in the + metric field. However, if specified in both places, the metric must + be identical. + + The monitored resource type determines what kind of values are + expected for the metric. If it is a gce_instance, the autoscaler + expects the metric to include a separate TimeSeries for each + instance in a group. In such a case, you cannot filter on resource + labels. + + If the resource type is any other value, the autoscaler expects + this metric to contain values that apply to the entire autoscaled + instance group and resource label filtering can be performed to + point autoscaler at the correct TimeSeries to scale upon. + This is called a per-group metric for the purpose of autoscaling. + + If not specified, the type defaults to gce_instance. + + You should provide a filter that is selective enough to pick just + one TimeSeries for the autoscaled group or for each of the instances + (if you are using gce_instance resource type). If multiple + TimeSeries are returned upon the query execution, the autoscaler + will sum their respective values to obtain its scaling value. + type: string + name: + description: |- + The identifier (type) of the Stackdriver Monitoring metric. + The metric cannot have negative values. + + The metric must have a value type of INT64 or DOUBLE. + type: string + singleInstanceAssignment: + description: |- + If scaling is based on a per-group metric value that represents the + total amount of work to be done or resource usage, set this value to + an amount assigned for a single instance of the scaled group. + The autoscaler will keep the number of instances proportional to the + value of this metric, the metric itself should not change value due + to group resizing. + + For example, a good metric to use with the target is + 'pubsub.googleapis.com/subscription/num_undelivered_messages' + or a custom metric exporting the total number of requests coming to + your instances. + + A bad example would be a metric exporting an average or median + latency, since this value can't include a chunk assignable to a + single instance, it could be better used with utilization_target + instead. + type: number + target: + description: |- + The target value of the metric that autoscaler should + maintain. This must be a positive value. A utilization + metric scales number of virtual machines handling requests + to increase or decrease proportionally to the metric. + + For example, a good metric to use as a utilizationTarget is + www.googleapis.com/compute/instance/network/received_bytes_count. + The autoscaler will work to keep this value constant for each + of the instances. + type: number + type: + description: |- + Defines how target utilization value is expressed for a + Stackdriver Monitoring metric. Possible values: ["GAUGE", "DELTA_PER_SECOND", "DELTA_PER_MINUTE"]. + type: string + required: + - name + type: object + type: array + minReplicas: + description: |- + The minimum number of replicas that the autoscaler can scale down + to. This cannot be less than 0. If not provided, autoscaler will + choose a default value depending on maximum number of instances + allowed. + type: integer + mode: + description: Defines operating mode for this policy. + type: string + scaleDownControl: + description: |- + Defines scale down controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledDownReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scaleInControl: + description: |- + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledInReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scalingSchedules: + description: Scaling schedules defined for an autoscaler. Multiple + schedules can be set on an autoscaler and they can overlap. + items: + properties: + description: + description: A description of a scaling schedule. + type: string + disabled: + description: A boolean value that specifies if a scaling + schedule can influence autoscaler recommendations. If + set to true, then a scaling schedule has no effect. + type: boolean + durationSec: + description: The duration of time intervals (in seconds) + for which this scaling schedule will be running. The minimum + allowed value is 300. + type: integer + minRequiredReplicas: + description: Minimum number of VM instances that autoscaler + will recommend in time intervals starting according to + schedule. + type: integer + name: + type: string + schedule: + description: The start timestamps of time intervals when + this scaling schedule should provide a scaling signal. + This field uses the extended cron format (with an optional + year field). + type: string + timeZone: + description: 'The time zone to be used when interpreting + the schedule. The value of this field must be a time zone + name from the tz database: http://en.wikipedia.org/wiki/Tz_database.' + type: string + required: + - durationSec + - minRequiredReplicas + - name + - schedule + type: object + type: array + required: + - maxReplicas + - minReplicas + type: object + description: + description: An optional description of this resource. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + targetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstanceGroupManager` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + zone: + description: Immutable. URL of the zone where the instance group resides. + type: string + required: + - autoscalingPolicy + - projectRef + - targetRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computebackendbuckets.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeBackendBucket + plural: computebackendbuckets + shortNames: + - gcpcomputebackendbucket + - gcpcomputebackendbuckets + singular: computebackendbucket + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bucketRef: + description: Reference to the bucket. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + cdnPolicy: + description: Cloud CDN configuration for this Backend Bucket. + properties: + bypassCacheOnRequestHeaders: + description: Bypass the cache when the specified request headers + are matched - e.g. Pragma or Authorization headers. Up to 5 + headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode + settings. + items: + properties: + headerName: + description: The header field name to match on when bypassing + cache. Values are case-insensitive. + type: string + type: object + type: array + cacheKeyPolicy: + description: The CacheKeyPolicy for this CdnPolicy. + properties: + includeHttpHeaders: + description: |- + Allows HTTP request headers (by name) to be used in the + cache key. + items: + type: string + type: array + queryStringWhitelist: + description: |- + Names of query string parameters to include in cache keys. + Default parameters are always included. '&' and '=' will + be percent encoded and not treated as delimiters. + items: + type: string + type: array + type: object + cacheMode: + description: |- + Specifies the cache setting for all responses from this backend. + The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. + type: string + clientTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + defaultTtl: + description: |- + Specifies the default TTL for cached content served by this origin for responses + that do not have an existing valid TTL (max-age or s-max-age). + type: integer + maxTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + negativeCaching: + description: Negative caching allows per-status code TTLs to be + set, in order to apply fine-grained caching for common errors + or redirects. + type: boolean + negativeCachingPolicy: + description: |- + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. + items: + properties: + code: + description: |- + The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 + can be specified as values, and you cannot specify a status code more than once. + type: integer + ttl: + description: |- + The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s + (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + type: integer + type: object + type: array + requestCoalescing: + description: If true then Cloud CDN will combine multiple concurrent + cache fill requests into a small number of requests to the origin. + type: boolean + serveWhileStale: + description: Serve existing content from the cache (if available) + when revalidating content with the origin, or when an error + is encountered when refreshing the cache. + type: integer + signedUrlCacheMaxAgeSec: + description: |- + Maximum number of seconds the response to a signed URL request will + be considered fresh. After this time period, + the response will be revalidated before being served. + When serving responses to signed URL requests, + Cloud CDN will internally behave as though + all responses from this backend had a "Cache-Control: public, + max-age=[TTL]" header, regardless of any existing Cache-Control + header. The actual headers served in responses will not be altered. + type: integer + type: object + compressionMode: + description: 'Compress text responses using Brotli or gzip compression, + based on the client''s Accept-Encoding header. Possible values: + ["AUTOMATIC", "DISABLED"].' + type: string + customResponseHeaders: + description: Headers that the HTTP/S load balancer should add to proxied + responses. + items: + type: string + type: array + description: + description: |- + An optional textual description of the resource; provided by the + client when the resource is created. + type: string + edgeSecurityPolicy: + description: The security policy associated with this backend bucket. + type: string + enableCdn: + description: If true, enable Cloud CDN for this BackendBucket. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - bucketRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computebackendbucketsignedurlkeys.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeBackendBucketSignedURLKey + plural: computebackendbucketsignedurlkeys + shortNames: + - gcpcomputebackendbucketsignedurlkey + - gcpcomputebackendbucketsignedurlkeys + singular: computebackendbucketsignedurlkey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeBackendBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + keyValue: + description: |- + Immutable. 128-bit key value used for signing the URL. The key value must be a + valid RFC 4648 Section 5 base64url encoded string. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - backendBucketRef + - keyValue + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computebackendservices.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeBackendService + plural: computebackendservices + shortNames: + - gcpcomputebackendservice + - gcpcomputebackendservices + singular: computebackendservice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + affinityCookieTtlSec: + description: |- + Lifetime of cookies in seconds if session_affinity is + GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts + only until the end of the browser session (or equivalent). The + maximum allowed value for TTL is one day. + + When the load balancing scheme is INTERNAL, this field is not used. + type: integer + backend: + description: The set of backends that serve this BackendService. + items: + properties: + balancingMode: + description: |- + Specifies the balancing mode for this backend. + + For global HTTP(S) or TCP/SSL load balancing, the default is + UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)) + and CONNECTION (for TCP/SSL). + + See the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode) + for an explanation of load balancing modes. Default value: "UTILIZATION" Possible values: ["UTILIZATION", "RATE", "CONNECTION"]. + type: string + capacityScaler: + description: |- + A multiplier applied to the group's maximum servicing capacity + (based on UTILIZATION, RATE or CONNECTION). + + Default value is 1, which means the group will serve up to 100% + of its configured capacity (depending on balancingMode). A + setting of 0 means the group is completely drained, offering + 0% of its available Capacity. Valid range is [0.0,1.0]. + type: number + description: + description: |- + An optional description of this resource. + Provide this property when you create the resource. + type: string + failover: + description: |- + This field designates whether this is a failover backend. More + than one failover backend can be configured for a given RegionBackendService. + type: boolean + group: + description: |- + Reference to a ComputeInstanceGroup or ComputeNetworkEndpointGroup + resource. In case of instance group this defines the list of + instances that serve traffic. Member virtual machine instances from + each instance group must live in the same zone as the instance + group itself. No two backends in a backend service are allowed to + use same Instance Group resource. + + For Network Endpoint Groups this defines list of endpoints. All + endpoints of Network Endpoint Group must be hosted on instances + located in the same zone as the Network Endpoint Group. + + Backend services cannot mix Instance Group and Network Endpoint + Group backends. + + When the 'load_balancing_scheme' is INTERNAL, only instance groups + are supported. + oneOf: + - required: + - instanceGroupRef + - required: + - networkEndpointGroupRef + properties: + instanceGroupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeInstanceGroup` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkEndpointGroupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeNetworkEndpointGroup` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + maxConnections: + description: |- + The max number of simultaneous connections for the group. Can + be used with either CONNECTION or UTILIZATION balancing modes. + + For CONNECTION mode, either maxConnections or one + of maxConnectionsPerInstance or maxConnectionsPerEndpoint, + as appropriate for group type, must be set. + type: integer + maxConnectionsPerEndpoint: + description: |- + The max number of simultaneous connections that a single backend + network endpoint can handle. This is used to calculate the + capacity of the group. Can be used in either CONNECTION or + UTILIZATION balancing modes. + + For CONNECTION mode, either + maxConnections or maxConnectionsPerEndpoint must be set. + type: integer + maxConnectionsPerInstance: + description: |- + The max number of simultaneous connections that a single + backend instance can handle. This is used to calculate the + capacity of the group. Can be used in either CONNECTION or + UTILIZATION balancing modes. + + For CONNECTION mode, either maxConnections or + maxConnectionsPerInstance must be set. + type: integer + maxRate: + description: |- + The max requests per second (RPS) of the group. + + Can be used with either RATE or UTILIZATION balancing modes, + but required if RATE mode. For RATE mode, either maxRate or one + of maxRatePerInstance or maxRatePerEndpoint, as appropriate for + group type, must be set. + type: integer + maxRatePerEndpoint: + description: |- + The max requests per second (RPS) that a single backend network + endpoint can handle. This is used to calculate the capacity of + the group. Can be used in either balancing mode. For RATE mode, + either maxRate or maxRatePerEndpoint must be set. + type: number + maxRatePerInstance: + description: |- + The max requests per second (RPS) that a single backend + instance can handle. This is used to calculate the capacity of + the group. Can be used in either balancing mode. For RATE mode, + either maxRate or maxRatePerInstance must be set. + type: number + maxUtilization: + description: |- + Used when balancingMode is UTILIZATION. This ratio defines the + CPU utilization target for the group. Valid range is [0.0, 1.0]. + type: number + required: + - group + type: object + type: array + cdnPolicy: + description: Cloud CDN configuration for this BackendService. + properties: + bypassCacheOnRequestHeaders: + description: |- + Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. + The cache is bypassed for all cdnPolicy.cacheMode settings. + items: + properties: + headerName: + description: The header field name to match on when bypassing + cache. Values are case-insensitive. + type: string + required: + - headerName + type: object + type: array + cacheKeyPolicy: + description: The CacheKeyPolicy for this CdnPolicy. + properties: + includeHost: + description: If true requests to different hosts will be cached + separately. + type: boolean + includeHttpHeaders: + description: |- + Allows HTTP request headers (by name) to be used in the + cache key. + items: + type: string + type: array + includeNamedCookies: + description: Names of cookies to include in cache keys. + items: + type: string + type: array + includeProtocol: + description: If true, http and https requests will be cached + separately. + type: boolean + includeQueryString: + description: |- + If true, include query string parameters in the cache key + according to query_string_whitelist and + query_string_blacklist. If neither is set, the entire query + string will be included. + + If false, the query string will be excluded from the cache + key entirely. + type: boolean + queryStringBlacklist: + description: |- + Names of query string parameters to exclude in cache keys. + + All other parameters will be included. Either specify + query_string_whitelist or query_string_blacklist, not both. + '&' and '=' will be percent encoded and not treated as + delimiters. + items: + type: string + type: array + queryStringWhitelist: + description: |- + Names of query string parameters to include in cache keys. + + All other parameters will be excluded. Either specify + query_string_whitelist or query_string_blacklist, not both. + '&' and '=' will be percent encoded and not treated as + delimiters. + items: + type: string + type: array + type: object + cacheMode: + description: |- + Specifies the cache setting for all responses from this backend. + The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. + type: string + clientTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + defaultTtl: + description: |- + Specifies the default TTL for cached content served by this origin for responses + that do not have an existing valid TTL (max-age or s-max-age). + type: integer + maxTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + negativeCaching: + description: Negative caching allows per-status code TTLs to be + set, in order to apply fine-grained caching for common errors + or redirects. + type: boolean + negativeCachingPolicy: + description: |- + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. + items: + properties: + code: + description: |- + The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 + can be specified as values, and you cannot specify a status code more than once. + type: integer + ttl: + description: |- + The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s + (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + type: integer + type: object + type: array + serveWhileStale: + description: Serve existing content from the cache (if available) + when revalidating content with the origin, or when an error + is encountered when refreshing the cache. + type: integer + signedUrlCacheMaxAgeSec: + description: |- + Maximum number of seconds the response to a signed URL request + will be considered fresh, defaults to 1hr (3600s). After this + time period, the response will be revalidated before + being served. + + When serving responses to signed URL requests, Cloud CDN will + internally behave as though all responses from this backend had a + "Cache-Control: public, max-age=[TTL]" header, regardless of any + existing Cache-Control header. The actual headers served in + responses will not be altered. + type: integer + type: object + circuitBreakers: + description: |- + Settings controlling the volume of connections to a backend service. This field + is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. + properties: + connectTimeout: + description: The timeout for new network connections to hosts. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + maxConnections: + description: |- + The maximum number of connections to the backend cluster. + Defaults to 1024. + type: integer + maxPendingRequests: + description: |- + The maximum number of pending requests to the backend cluster. + Defaults to 1024. + type: integer + maxRequests: + description: |- + The maximum number of parallel requests to the backend cluster. + Defaults to 1024. + type: integer + maxRequestsPerConnection: + description: |- + Maximum requests for a single backend connection. This parameter + is respected by both the HTTP/1.1 and HTTP/2 implementations. If + not specified, there is no limit. Setting this parameter to 1 + will effectively disable keep alive. + type: integer + maxRetries: + description: |- + The maximum number of parallel retries to the backend cluster. + Defaults to 3. + type: integer + type: object + compressionMode: + description: 'Compress text responses using Brotli or gzip compression, + based on the client''s Accept-Encoding header. Possible values: + ["AUTOMATIC", "DISABLED"].' + type: string + connectionDrainingTimeoutSec: + description: |- + Time for which instance will be drained (not accept new + connections, but still work to finish started). + type: integer + connectionTrackingPolicy: + description: |- + Connection Tracking configuration for this BackendService. + This is available only for Layer 4 Internal Load Balancing and + Network Load Balancing. + properties: + connectionPersistenceOnUnhealthyBackends: + description: |- + Specifies connection persistence when backends are unhealthy. + + If set to 'DEFAULT_FOR_PROTOCOL', the existing connections persist on + unhealthy backends only for connection-oriented protocols (TCP and SCTP) + and only if the Tracking Mode is PER_CONNECTION (default tracking mode) + or the Session Affinity is configured for 5-tuple. They do not persist + for UDP. + + If set to 'NEVER_PERSIST', after a backend becomes unhealthy, the existing + connections on the unhealthy backend are never persisted on the unhealthy + backend. They are always diverted to newly selected healthy backends + (unless all backends are unhealthy). + + If set to 'ALWAYS_PERSIST', existing connections always persist on + unhealthy backends regardless of protocol and session affinity. It is + generally not recommended to use this mode overriding the default. Default value: "DEFAULT_FOR_PROTOCOL" Possible values: ["DEFAULT_FOR_PROTOCOL", "NEVER_PERSIST", "ALWAYS_PERSIST"]. + type: string + enableStrongAffinity: + description: Enable Strong Session Affinity for Network Load Balancing. + This option is not available publicly. + type: boolean + idleTimeoutSec: + description: |- + Specifies how long to keep a Connection Tracking entry while there is + no matching traffic (in seconds). + + For L4 ILB the minimum(default) is 10 minutes and maximum is 16 hours. + + For NLB the minimum(default) is 60 seconds and the maximum is 16 hours. + type: integer + trackingMode: + description: |- + Specifies the key used for connection tracking. There are two options: + 'PER_CONNECTION': The Connection Tracking is performed as per the + Connection Key (default Hash Method) for the specific protocol. + + 'PER_SESSION': The Connection Tracking is performed as per the + configured Session Affinity. It matches the configured Session Affinity. Default value: "PER_CONNECTION" Possible values: ["PER_CONNECTION", "PER_SESSION"]. + type: string + type: object + consistentHash: + description: |- + Consistent Hash-based load balancing can be used to provide soft session + affinity based on HTTP headers, cookies or other properties. This load balancing + policy is applicable only for HTTP connections. The affinity to a particular + destination host will be lost when one or more hosts are added/removed from the + destination service. This field specifies parameters that control consistent + hashing. This field only applies if the load_balancing_scheme is set to + INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is + set to MAGLEV or RING_HASH. + properties: + httpCookie: + description: |- + Hash is based on HTTP Cookie. This field describes a HTTP cookie + that will be used as the hash key for the consistent hash load + balancer. If the cookie is not present, it will be generated. + This field is applicable if the sessionAffinity is set to HTTP_COOKIE. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: Lifetime of the cookie. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + type: object + httpHeaderName: + description: |- + The hash based on the value of the specified header field. + This field is applicable if the sessionAffinity is set to HEADER_FIELD. + type: string + minimumRingSize: + description: |- + The minimum number of virtual nodes to use for the hash ring. + Larger ring sizes result in more granular load + distributions. If the number of hosts in the load balancing pool + is larger than the ring size, each host will be assigned a single + virtual node. + Defaults to 1024. + type: integer + type: object + customRequestHeaders: + description: |- + Headers that the HTTP/S load balancer should add to proxied + requests. + items: + type: string + type: array + customResponseHeaders: + description: |- + Headers that the HTTP/S load balancer should add to proxied + responses. + items: + type: string + type: array + description: + description: An optional description of this resource. + type: string + edgeSecurityPolicyRef: + description: |- + The resource URL for the edge security policy associated with this + backend service. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + enableCdn: + description: If true, enable Cloud CDN for this BackendService. + type: boolean + failoverPolicy: + description: Policy for failovers. + properties: + disableConnectionDrainOnFailover: + description: |- + On failover or failback, this field indicates whether connection drain + will be honored. Setting this to true has the following effect: connections + to the old active pool are not drained. Connections to the new active pool + use the timeout of 10 min (currently fixed). Setting to false has the + following effect: both old and new connections will have a drain timeout + of 10 min. + This can be set to true only if the protocol is TCP. + The default is false. + type: boolean + dropTrafficIfUnhealthy: + description: |- + This option is used only when no healthy VMs are detected in the primary + and backup instance groups. When set to true, traffic is dropped. When + set to false, new connections are sent across all VMs in the primary group. + The default is false. + type: boolean + failoverRatio: + description: |- + The value of the field must be in [0, 1]. If the ratio of the healthy + VMs in the primary backend is at or below this number, traffic arriving + at the load-balanced IP will be directed to the failover backend. + In case where 'failoverRatio' is not set or all the VMs in the backup + backend are unhealthy, the traffic will be directed back to the primary + backend in the "force" mode, where traffic will be spread to the healthy + VMs with the best effort, or to all VMs when no VM is healthy. + This field is only used with l4 load balancing. + type: number + type: object + healthChecks: + items: + description: |- + The health check resources for health checking this + ComputeBackendService. Currently at most one health check can be + specified, and a health check is required. + oneOf: + - required: + - healthCheckRef + - required: + - httpHealthCheckRef + properties: + healthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + httpHealthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + iap: + description: Settings for enabling Cloud Identity Aware Proxy. + oneOf: + - required: + - oauth2ClientId + - required: + - oauth2ClientIdRef + properties: + oauth2ClientId: + description: DEPRECATED. Although this field is still available, + there is limited support. We recommend that you use `spec.iap.oauth2ClientIdRef` + instead. + type: string + oauth2ClientIdRef: + description: OAuth2 Client ID for IAP. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `IAPIdentityAwareProxyClient` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + oauth2ClientSecret: + description: OAuth2 Client Secret for IAP. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - key + - name + type: object + type: object + type: object + oauth2ClientSecretSha256: + description: OAuth2 Client Secret SHA-256 for IAP. + type: string + type: object + loadBalancingScheme: + description: |- + Immutable. Indicates whether the backend service will be used with internal or + external load balancing. A backend service created for one type of + load balancing cannot be used with the other. For more information, refer to + [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: "EXTERNAL" Possible values: ["EXTERNAL", "INTERNAL_SELF_MANAGED", "INTERNAL_MANAGED", "EXTERNAL_MANAGED"]. + type: string + localityLbPolicies: + description: |- + A list of locality load balancing policies to be used in order of + preference. Either the policy or the customPolicy field should be set. + Overrides any value set in the localityLbPolicy field. + + localityLbPolicies is only supported when the BackendService is referenced + by a URL Map that is referenced by a target gRPC proxy that has the + validateForProxyless field set to true. + items: + properties: + customPolicy: + description: |- + The configuration for a custom policy implemented by the user and + deployed with the client. + properties: + data: + description: |- + An optional, arbitrary JSON object with configuration data, understood + by a locally installed custom policy implementation. + type: string + name: + description: |- + Identifies the custom policy. + + The value should match the type the custom implementation is registered + with on the gRPC clients. It should follow protocol buffer + message naming conventions and include the full path (e.g. + myorg.CustomLbPolicy). The maximum length is 256 characters. + + Note that specifying the same custom policy more than once for a + backend is not a valid configuration and will be rejected. + type: string + required: + - name + type: object + policy: + description: The configuration for a built-in load balancing + policy. + properties: + name: + description: |- + The name of a locality load balancer policy to be used. The value + should be one of the predefined ones as supported by localityLbPolicy, + although at the moment only ROUND_ROBIN is supported. + + This field should only be populated when the customPolicy field is not + used. + + Note that specifying the same policy more than once for a backend is + not a valid configuration and will be rejected. + + The possible values are: + + * 'ROUND_ROBIN': This is a simple policy in which each healthy backend + is selected in round robin order. + + * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy + hosts and picks the host which has fewer active requests. + + * 'RING_HASH': The ring/modulo hash load balancer implements consistent + hashing to backends. The algorithm has the property that the + addition/removal of a host from a set of N hosts only affects + 1/N of the requests. + + * 'RANDOM': The load balancer selects a random healthy host. + + * 'ORIGINAL_DESTINATION': Backend host is selected based on the client + connection metadata, i.e., connections are opened + to the same address as the destination address of + the incoming connection before the connection + was redirected to the load balancer. + + * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. + Maglev is not as stable as ring hash but has faster table lookup + build times and host selection times. For more information about + Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"]. + type: string + required: + - name + type: object + type: object + type: array + localityLbPolicy: + description: |- + The load balancing algorithm used within the scope of the locality. + The possible values are: + + * 'ROUND_ROBIN': This is a simple policy in which each healthy backend + is selected in round robin order. + + * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy + hosts and picks the host which has fewer active requests. + + * 'RING_HASH': The ring/modulo hash load balancer implements consistent + hashing to backends. The algorithm has the property that the + addition/removal of a host from a set of N hosts only affects + 1/N of the requests. + + * 'RANDOM': The load balancer selects a random healthy host. + + * 'ORIGINAL_DESTINATION': Backend host is selected based on the client + connection metadata, i.e., connections are opened + to the same address as the destination address of + the incoming connection before the connection + was redirected to the load balancer. + + * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. + Maglev is not as stable as ring hash but has faster table lookup + build times and host selection times. For more information about + Maglev, refer to https://ai.google/research/pubs/pub44824 + + * 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check + reported weights. If set, the Backend Service must + configure a non legacy HTTP-based Health Check, and + health check replies are expected to contain + non-standard HTTP response header field + X-Load-Balancing-Endpoint-Weight to specify the + per-instance weights. If set, Load Balancing is weight + based on the per-instance weights reported in the last + processed health check replies, as long as every + instance either reported a valid weight or had + UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains + equal-weight. + + + This field is applicable to either: + + * A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, + and loadBalancingScheme set to INTERNAL_MANAGED. + * A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. + * A regional backend service with loadBalancingScheme set to EXTERNAL (External Network + Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External + Network Load Balancing. The default is MAGLEV. + + + If session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV, + or RING_HASH, session affinity settings will not take effect. + + Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced + by a URL map that is bound to target gRPC proxy that has validate_for_proxyless + field set to true. Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV", "WEIGHTED_MAGLEV"]. + type: string + location: + description: 'Location represents the geographical location of the + ComputeBackendService. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + logConfig: + description: |- + This field denotes the logging options for the load balancer traffic served by this backend service. + If logging is enabled, logs will be exported to Stackdriver. + properties: + enable: + description: Whether to enable logging for the load balancer traffic + served by this backend service. + type: boolean + sampleRate: + description: |- + This field can only be specified if logging is enabled for this backend service. The value of + the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer + where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. + The default value is 1.0. + type: number + type: object + networkRef: + description: |- + The network to which this backend service belongs. This field can + only be specified when the load balancing scheme is set to + INTERNAL. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + outlierDetection: + description: |- + Settings controlling eviction of unhealthy hosts from the load balancing pool. + This field is applicable only when the load_balancing_scheme is set + to INTERNAL_SELF_MANAGED. + properties: + baseEjectionTime: + description: |- + The base time that a host is ejected for. The real time is equal to the base + time multiplied by the number of times the host has been ejected. Defaults to + 30000ms or 30s. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: integer + required: + - seconds + type: object + consecutiveErrors: + description: |- + Number of errors before a host is ejected from the connection pool. When the + backend host is accessed over HTTP, a 5xx return code qualifies as an error. + Defaults to 5. + type: integer + consecutiveGatewayFailure: + description: |- + The number of consecutive gateway failures (502, 503, 504 status or connection + errors that are mapped to one of those status codes) before a consecutive + gateway failure ejection occurs. Defaults to 5. + type: integer + enforcingConsecutiveErrors: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through consecutive 5xx. This setting can be used to disable + ejection or to ramp it up slowly. Defaults to 100. + type: integer + enforcingConsecutiveGatewayFailure: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through consecutive gateway failures. This setting can be + used to disable ejection or to ramp it up slowly. Defaults to 0. + type: integer + enforcingSuccessRate: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through success rate statistics. This setting can be used to + disable ejection or to ramp it up slowly. Defaults to 100. + type: integer + interval: + description: |- + Time interval between ejection sweep analysis. This can result in both new + ejections as well as hosts being returned to service. Defaults to 10 seconds. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: integer + required: + - seconds + type: object + maxEjectionPercent: + description: |- + Maximum percentage of hosts in the load balancing pool for the backend service + that can be ejected. Defaults to 10%. + type: integer + successRateMinimumHosts: + description: |- + The number of hosts in a cluster that must have enough request volume to detect + success rate outliers. If the number of hosts is less than this setting, outlier + detection via success rate statistics is not performed for any host in the + cluster. Defaults to 5. + type: integer + successRateRequestVolume: + description: |- + The minimum number of total requests that must be collected in one interval (as + defined by the interval duration above) to include this host in success rate + based outlier detection. If the volume is lower than this setting, outlier + detection via success rate statistics is not performed for that host. Defaults + to 100. + type: integer + successRateStdevFactor: + description: |- + This factor is used to determine the ejection threshold for success rate outlier + ejection. The ejection threshold is the difference between the mean success + rate, and the product of this factor and the standard deviation of the mean + success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided + by a thousand to get a double. That is, if the desired factor is 1.9, the + runtime value should be 1900. Defaults to 1900. + type: integer + type: object + portName: + description: |- + Name of backend port. The same name should appear in the instance + groups referenced by this service. Required when the load balancing + scheme is EXTERNAL. + type: string + protocol: + description: |- + The protocol this BackendService uses to communicate with backends. + The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer + types and may result in errors if used with the GA API. **NOTE**: With protocol “UNSPECIFIED”, + the backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing + with TCP/UDP/L3_DEFAULT Forwarding Rule protocol. Possible values: ["HTTP", "HTTPS", "HTTP2", "TCP", "SSL", "GRPC", "UNSPECIFIED"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + securityPolicy: + description: The security policy associated with this backend service. + type: string + securityPolicyRef: + description: The security policy associated with this backend service. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + securitySettings: + description: |- + The security settings that apply to this backend service. This field is applicable to either + a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and + load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the + load_balancing_scheme set to INTERNAL_SELF_MANAGED. + properties: + clientTLSPolicyRef: + description: |- + ClientTlsPolicy is a resource that specifies how a client should + authenticate connections to backends of a service. This resource itself + does not affect configuration unless it is attached to a backend + service resource. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `//networksecurity.googleapis.com/projects/{{project}}/locations/{{location}}/clientTlsPolicies/{{value}}`, + where {{value}} is the `name` field of a `NetworkSecurityClientTLSPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subjectAltNames: + description: |- + A list of alternate names to verify the subject identity in the certificate. + If specified, the client will verify that the server certificate's subject + alt name matches one of the specified values. + items: + type: string + type: array + required: + - clientTLSPolicyRef + - subjectAltNames + type: object + sessionAffinity: + description: |- + Type of session affinity to use. The default is NONE. Session affinity is + not applicable if the protocol is UDP. Possible values: ["NONE", "CLIENT_IP", "CLIENT_IP_PORT_PROTO", "CLIENT_IP_PROTO", "GENERATED_COOKIE", "HEADER_FIELD", "HTTP_COOKIE"]. + type: string + subsetting: + description: Subsetting configuration for this BackendService. Currently + this is applicable only for Internal TCP/UDP load balancing and + Internal HTTP(S) load balancing. + properties: + policy: + description: 'The algorithm used for subsetting. Possible values: + ["CONSISTENT_HASH_SUBSETTING"].' + type: string + required: + - policy + type: object + timeoutSec: + description: |- + How many seconds to wait for the backend before considering it a + failed request. Default is 30 seconds. Valid range is [1, 86400]. + type: integer + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + fingerprint: + description: |- + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. + type: string + generatedId: + description: The unique identifier for the resource. This identifier + is defined by the server. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computebackendservicesignedurlkeys.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeBackendServiceSignedURLKey + plural: computebackendservicesignedurlkeys + shortNames: + - gcpcomputebackendservicesignedurlkey + - gcpcomputebackendservicesignedurlkeys + singular: computebackendservicesignedurlkey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + keyValue: + description: |- + Immutable. 128-bit key value used for signing the URL. The key value must be a + valid RFC 4648 Section 5 base64url encoded string. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - backendServiceRef + - keyValue + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computediskresourcepolicyattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeDiskResourcePolicyAttachment + plural: computediskresourcepolicyattachments + shortNames: + - gcpcomputediskresourcepolicyattachment + - gcpcomputediskresourcepolicyattachments + singular: computediskresourcepolicyattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + diskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. A reference to the zone where the disk resides. + type: string + required: + - diskRef + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computedisks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeDisk + plural: computedisks + shortNames: + - gcpcomputedisk + - gcpcomputedisks + singular: computedisk + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + asyncPrimaryDisk: + description: Immutable. A nested object resource. + properties: + diskRef: + description: Immutable. Primary disk for asynchronous disk replication. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - diskRef + type: object + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + diskEncryptionKey: + description: |- + Immutable. Encrypts the disk using a customer-supplied encryption key. + + After you encrypt a disk with a customer-supplied key, you must + provide the same key if you use the disk later (e.g. to create a disk + snapshot or an image, or to attach the disk to a virtual machine). + + Customer-supplied encryption keys do not protect access to metadata of + the disk. + + If you do not provide an encryption key when creating the disk, then + the disk will be encrypted using an automatically generated key and + you do not need to provide a key to use the disk later. + properties: + kmsKeyRef: + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - key + - name + type: object + type: object + type: object + rsaEncryptedKey: + description: |- + Immutable. Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit + customer-supplied encryption key to either encrypt or decrypt + this resource. You can provide either the rawKey or the rsaEncryptedKey. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + enableConfidentialCompute: + description: |- + Immutable. Whether this disk is using confidential compute mode. + Note: Only supported on hyperdisk skus, disk_encryption_key is required when setting to true. + type: boolean + guestOsFeatures: + description: |- + Immutable. A list of features to enable on the guest operating system. + Applicable only for bootable disks. + items: + properties: + type: + description: 'Immutable. The type of supported feature. Read + [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) + to see a list of available options. Possible values: ["MULTI_IP_SUBNET", + "SECURE_BOOT", "SEV_CAPABLE", "UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", + "WINDOWS", "GVNIC", "SEV_LIVE_MIGRATABLE", "SEV_SNP_CAPABLE", + "SUSPEND_RESUME_COMPATIBLE", "TDX_CAPABLE"].' + type: string + required: + - type + type: object + type: array + imageRef: + description: The image from which to initialize this disk. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeImage` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + interface: + description: DEPRECATED. `interface` is deprecated. This field is + no longer used and can be safely removed from your configurations; + disk interfaces are automatically determined on attachment. Immutable. + Specifies the disk interface to use for attaching this disk, which + is either SCSI or NVME. The default is SCSI. + type: string + licenses: + description: Immutable. Any applicable license URI. + items: + type: string + type: array + location: + description: 'Location represents the geographical location of the + ComputeDisk. Specify a region name or a zone name. Reference: GCP + definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + multiWriter: + description: Immutable. Indicates whether or not the disk can be read/write + attached to more than one instance. + type: boolean + physicalBlockSizeBytes: + description: |- + Immutable. Physical block size of the persistent disk, in bytes. If not present + in a request, a default value is used. Currently supported sizes + are 4096 and 16384, other sizes may be added in the future. + If an unsupported value is requested, the error message will list + the supported values for the caller's project. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + provisionedIops: + description: |- + Indicates how many IOPS must be provisioned for the disk. + Note: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk + allows for an update of IOPS every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it. + type: integer + provisionedThroughput: + description: |- + Indicates how much Throughput must be provisioned for the disk. + Note: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk + allows for an update of Throughput every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it. + type: integer + replicaZones: + description: Immutable. URLs of the zones where the disk should be + replicated to. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + description: |- + Resource policies applied to this disk for automatic snapshot creations. + This field only applies for zonal compute disk resources. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + size: + description: |- + Size of the persistent disk, specified in GB. You can specify this + field when creating a persistent disk using the 'image' or + 'snapshot' parameter, or specify it alone to create an empty + persistent disk. + + If you specify this field along with 'image' or 'snapshot', + the value must not be less than the size of the image + or the size of the snapshot. + + Upsizing the disk is mutable, but downsizing the disk + requires re-creating the resource. + type: integer + snapshotRef: + description: The source snapshot used to create this disk. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceDiskRef: + description: The source disk used to create this disk. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceImageEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source image. Required if + the source image is protected by a customer-supplied encryption key. + properties: + kmsKeyRef: + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + type: string + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + sourceSnapshotEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source snapshot. Required + if the source snapshot is protected by a customer-supplied encryption + key. + properties: + kmsKeyRef: + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + type: string + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + type: + description: |- + Immutable. URL of the disk type resource describing which disk type to use to + create the disk. Provide this when creating the disk. + type: string + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + lastAttachTimestamp: + description: Last attach timestamp in RFC3339 text format. + type: string + lastDetachTimestamp: + description: Last detach timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + sourceDiskId: + description: |- + The ID value of the disk used to create this image. This value may + be used to determine whether the image was taken from the current + or a previous instance of a given disk name. + type: string + sourceImageId: + description: |- + The ID value of the image used to create this disk. This value + identifies the exact image that was used to create this persistent + disk. For example, if you created the persistent disk from an image + that was later deleted and recreated under the same name, the source + image ID would identify the exact version of the image that was used. + type: string + sourceSnapshotId: + description: |- + The unique ID of the snapshot used to create this disk. This value + identifies the exact snapshot that was used to create this persistent + disk. For example, if you created the persistent disk from a snapshot + that was later deleted and recreated under the same name, the source + snapshot ID would identify the exact version of the snapshot that was + used. + type: string + users: + description: |- + Links to the users of the disk (attached instances) in form: + project/zones/zone/instances/instance. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeexternalvpngateways.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeExternalVPNGateway + plural: computeexternalvpngateways + shortNames: + - gcpcomputeexternalvpngateway + - gcpcomputeexternalvpngateways + singular: computeexternalvpngateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + interface: + description: Immutable. A list of interfaces on this external VPN + gateway. + items: + properties: + id: + description: |- + Immutable. The numeric ID for this interface. Allowed values are based on the redundancy type + of this external VPN gateway + * '0 - SINGLE_IP_INTERNALLY_REDUNDANT' + * '0, 1 - TWO_IPS_REDUNDANCY' + * '0, 1, 2, 3 - FOUR_IPS_REDUNDANCY'. + type: integer + ipAddress: + description: |- + Immutable. IP address of the interface in the external VPN gateway. + Only IPv4 is supported. This IP address can be either from + your on-premise gateway or another Cloud provider's VPN gateway, + it cannot be an IP address from Google Compute Engine. + type: string + type: object + type: array + redundancyType: + description: 'Immutable. Indicates the redundancy type of this external + VPN gateway Possible values: ["FOUR_IPS_REDUNDANCY", "SINGLE_IP_INTERNALLY_REDUNDANT", + "TWO_IPS_REDUNDANCY"].' + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computefirewallpolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeFirewallPolicy + plural: computefirewallpolicies + shortNames: + - gcpcomputefirewallpolicy + - gcpcomputefirewallpolicies + singular: computefirewallpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef + properties: + description: + description: An optional description of this resource. Provide this + property when you create the resource. + type: string + folderRef: + description: Immutable. The Folder that this resource belongs to. + Only one of [folderRef, organizationRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Folder` resource (format: `folders/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [folderRef, organizationRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + shortName: + description: Immutable. User-provided name of the Organization firewall + policy. The name should be unique in the organization in which the + firewall policy is created. The name must be 1-63 characters long, + and comply with RFC1035. Specifically, the name must be 1-63 characters + long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? + which means the first character must be a lowercase letter, and + all following characters must be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. + type: string + required: + - shortName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + fingerprint: + description: Fingerprint of the resource. This field is used internally + during updates of this resource. + type: string + id: + description: The unique identifier for the resource. This identifier + is defined by the server. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + ruleTupleCount: + description: Total count of all firewall policy rule tuples. A firewall + policy can not exceed a set number of tuples. + format: int64 + type: integer + selfLink: + description: Server-defined URL for the resource. + type: string + selfLinkWithId: + description: Server-defined URL for this resource with the resource + id. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computefirewallpolicyassociations.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeFirewallPolicyAssociation + plural: computefirewallpolicyassociations + shortNames: + - gcpcomputefirewallpolicyassociation + - gcpcomputefirewallpolicyassociations + singular: computefirewallpolicyassociation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attachmentTargetRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: |- + The target that the firewall policy is attached to. + + Allowed values: + * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). + * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). + type: string + kind: + description: 'Kind of the referent. Allowed values: Folder' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + firewallPolicyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The firewall policy ID of the association. + + Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - attachmentTargetRef + - firewallPolicyRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + shortName: + description: The short name of the firewall policy of the association. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computefirewallpolicyrules.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeFirewallPolicyRule + listKind: ComputeFirewallPolicyRuleList + plural: computefirewallpolicyrules + shortNames: + - gcpcomputefirewallpolicyrule + - gcpcomputefirewallpolicyrules + singular: computefirewallpolicyrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: ComputeFirewallPolicyRule is the Schema for the compute API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: The Action to perform when the client connection triggers + the rule. Valid actions are "allow", "deny" and "goto_next". + type: string + description: + description: An optional description for this resource. + type: string + direction: + description: 'The direction in which this rule applies. Possible values: + INGRESS, EGRESS' + type: string + disabled: + description: Denotes whether the firewall policy rule is disabled. + When set to true, the firewall policy rule is not enforced and traffic + behaves as if it did not exist. If this is unspecified, the firewall + policy rule will be enabled. + type: boolean + enableLogging: + description: 'Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the configured export + destination in Stackdriver. Logs may be exported to BigQuery or + Pub/Sub. Note: you cannot enable logging on "goto_next" rules.' + type: boolean + firewallPolicyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed ComputeFirewallPolicy + resource. Should be in the format `locations/global/firewallPolicies/{{firewallPolicyID}}`. + type: string + name: + description: The `name` field of a `ComputeFirewallPolicy` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeFirewallPolicy` + resource. + type: string + type: object + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding 'action' is + enforced. + properties: + destAddressGroups: + description: Address groups which should be matched against the + traffic destination. Maximum number of destination address groups + is 10. Destination address groups is only supported in Egress + rules. + items: + type: string + type: array + destFqdns: + description: Domain names that will be used to match against the + resolved domain name of destination of traffic. Can only be + specified if DIRECTION is egress. + items: + type: string + type: array + destIPRanges: + description: CIDR IP address range. Maximum number of destination + CIDR IP ranges allowed is 256. + items: + type: string + type: array + destRegionCodes: + description: The Unicode country codes whose IP addresses will + be used to match against the source of traffic. Can only be + specified if DIRECTION is egress. + items: + type: string + type: array + destThreatIntelligences: + description: Name of the Google Cloud Threat Intelligence list. + items: + type: string + type: array + layer4Configs: + description: Pairs of IP protocols and ports that the rule should + match. + items: + properties: + ipProtocol: + description: The IP protocol to which this rule applies. + The protocol type is required when creating a firewall + rule. This value can either be one of the following well + known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, + `ipip`, `sctp`), or the IP protocol number. + type: string + ports: + description: 'An optional list of ports to which this rule + applies. This field is only applicable for UDP or TCP + protocol. Each entry must be either an integer or a range. + If not specified, this rule applies to connections through + any port. Example inputs include: ``.' + items: + type: string + type: array + required: + - ipProtocol + type: object + type: array + srcAddressGroups: + description: Address groups which should be matched against the + traffic source. Maximum number of source address groups is 10. + Source address groups is only supported in Ingress rules. + items: + type: string + type: array + srcFqdns: + description: Domain names that will be used to match against the + resolved domain name of source of traffic. Can only be specified + if DIRECTION is ingress. + items: + type: string + type: array + srcIPRanges: + description: CIDR IP address range. Maximum number of source CIDR + IP ranges allowed is 256. + items: + type: string + type: array + srcRegionCodes: + description: The Unicode country codes whose IP addresses will + be used to match against the source of traffic. Can only be + specified if DIRECTION is ingress. + items: + type: string + type: array + srcThreatIntelligences: + description: Name of the Google Cloud Threat Intelligence list. + items: + type: string + type: array + required: + - layer4Configs + type: object + priority: + description: Immutable. An integer indicating the priority of a rule + in the list. The priority must be a positive value between 0 and + 2147483647. Rules are evaluated from highest to lowest priority + where 0 is the highest priority and 2147483647 is the lowest prority. + format: int64 + type: integer + targetResources: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed Compute Network + resource. Should be in the format `projects//global/networks/`. + type: string + name: + description: The `name` field of a `ComputeNetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeNetwork` resource. + type: string + type: object + type: array + targetServiceAccounts: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - action + - direction + - firewallPolicyRef + - match + - priority + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique Config Connector specifier for the resource + in GCP. + type: string + kind: + description: Type of the resource. Always `compute#firewallPolicyRule` + for firewall policy rules + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + ruleTupleCount: + description: Calculation of the complexity of a single firewall policy + rule. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computefirewalls.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeFirewall + plural: computefirewalls + shortNames: + - gcpcomputefirewall + - gcpcomputefirewalls + singular: computefirewall + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + allow: + description: |- + The list of ALLOW rules specified by this firewall. Each rule + specifies a protocol and port-range tuple that describes a permitted + connection. + items: + properties: + ports: + description: |- + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + items: + type: string + type: array + protocol: + description: |- + The IP protocol to which this rule applies. The protocol type is + required when creating a firewall rule. This value can either be + one of the following well known protocol strings (tcp, udp, + icmp, esp, ah, sctp, ipip, all), or the IP protocol number. + type: string + required: + - protocol + type: object + type: array + deny: + description: |- + The list of DENY rules specified by this firewall. Each rule specifies + a protocol and port-range tuple that describes a denied connection. + items: + properties: + ports: + description: |- + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + items: + type: string + type: array + protocol: + description: |- + The IP protocol to which this rule applies. The protocol type is + required when creating a firewall rule. This value can either be + one of the following well known protocol strings (tcp, udp, + icmp, esp, ah, sctp, ipip, all), or the IP protocol number. + type: string + required: + - protocol + type: object + type: array + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + destinationRanges: + description: |- + If destination ranges are specified, the firewall will apply only to + traffic that has destination IP address in these ranges. These ranges + must be expressed in CIDR format. IPv4 or IPv6 ranges are supported. + items: + type: string + type: array + direction: + description: |- + Immutable. Direction of traffic to which this firewall applies; default is + INGRESS. Note: For INGRESS traffic, one of 'source_ranges', + 'source_tags' or 'source_service_accounts' is required. Possible values: ["INGRESS", "EGRESS"]. + type: string + disabled: + description: |- + Denotes whether the firewall rule is disabled, i.e not applied to the + network it is associated with. When set to true, the firewall rule is + not enforced and the network behaves as if it did not exist. If this + is unspecified, the firewall rule will be enabled. + type: boolean + enableLogging: + description: DEPRECATED. Deprecated in favor of log_config. This field + denotes whether to enable logging for a particular firewall rule. + If logging is enabled, logs will be exported to Stackdriver. + type: boolean + logConfig: + description: |- + This field denotes the logging options for a particular firewall rule. + If defined, logging is enabled, and logs will be exported to Cloud Logging. + properties: + metadata: + description: 'This field denotes whether to include or exclude + metadata for firewall logs. Possible values: ["EXCLUDE_ALL_METADATA", + "INCLUDE_ALL_METADATA"].' + type: string + required: + - metadata + type: object + networkRef: + description: The network to attach this firewall to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + priority: + description: |- + Priority for this rule. This is an integer between 0 and 65535, both + inclusive. When not specified, the value assumed is 1000. Relative + priorities determine precedence of conflicting rules. Lower value of + priority implies higher precedence (eg, a rule with priority 0 has + higher precedence than a rule with priority 1). DENY rules take + precedence over ALLOW rules having equal priority. + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceRanges: + description: |- + If source ranges are specified, the firewall will apply only to + traffic that has source IP address in these ranges. These ranges must + be expressed in CIDR format. One or both of sourceRanges and + sourceTags may be set. If both properties are set, the firewall will + apply to traffic that has source IP address within sourceRanges OR the + source IP that belongs to a tag listed in the sourceTags property. The + connection does not need to match both properties for the firewall to + apply. IPv4 or IPv6 ranges are supported. For INGRESS traffic, one of + 'source_ranges', 'source_tags' or 'source_service_accounts' is required. + items: + type: string + type: array + sourceServiceAccounts: + items: + description: |- + If source service accounts are specified, the firewall will apply only + to traffic originating from an instance with a service account in this + list. Source service accounts cannot be used to control traffic to an + instance's external IP address because service accounts are associated + with an instance, not an IP address. sourceRanges can be set at the + same time as sourceServiceAccounts. If both are set, the firewall will + apply to traffic that has source IP address within sourceRanges OR the + source IP belongs to an instance with service account listed in + sourceServiceAccount. The connection does not need to match both + properties for the firewall to apply. sourceServiceAccounts cannot be + used at the same time as sourceTags or targetTags. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceTags: + description: |- + If source tags are specified, the firewall will apply only to traffic + with source IP that belongs to a tag listed in source tags. Source + tags cannot be used to control traffic to an instance's external IP + address. Because tags are associated with an instance, not an IP + address. One or both of sourceRanges and sourceTags may be set. If + both properties are set, the firewall will apply to traffic that has + source IP address within sourceRanges OR the source IP that belongs to + a tag listed in the sourceTags property. The connection does not need + to match both properties for the firewall to apply. For INGRESS traffic, + one of 'source_ranges', 'source_tags' or 'source_service_accounts' is required. + items: + type: string + type: array + targetServiceAccounts: + items: + description: |- + A list of service accounts indicating sets of instances located in the + network that may make network connections as specified in allowed[]. + targetServiceAccounts cannot be used at the same time as targetTags or + sourceTags. If neither targetServiceAccounts nor targetTags are + specified, the firewall rule applies to all instances on the specified + network. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + targetTags: + description: |- + A list of instance tags indicating sets of instances located in the + network that may make network connections as specified in allowed[]. + If no targetTags are specified, the firewall rule applies to all + instances on the specified network. + items: + type: string + type: array + required: + - networkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeforwardingrules.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeForwardingRule + listKind: ComputeForwardingRuleList + plural: computeforwardingrules + shortNames: + - gcpcomputeforwardingrule + - gcpcomputeforwardingrules + singular: computeforwardingrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: ComputeForwardingRule is the Schema for the compute API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + allPorts: + description: |- + Immutable. This field can only be used: + * If 'IPProtocol' is one of TCP, UDP, or SCTP. + * By internal TCP/UDP load balancers, backend service-based network load + balancers, and internal and external protocol forwarding. + + This option should be set to TRUE when the Forwarding Rule + IPProtocol is set to L3_DEFAULT. + + Set this field to true to allow packets addressed to any port or packets + lacking destination port information (for example, UDP fragments after the + first fragment) to be forwarded to the backends configured with this + forwarding rule. + + The 'ports', 'port_range', and + 'allPorts' fields are mutually exclusive. + type: boolean + allowGlobalAccess: + description: |- + This field is used along with the 'backend_service' field for + internal load balancing or with the 'target' field for internal + TargetInstance. + + If the field is set to 'TRUE', clients can access ILB from all + regions. + + Otherwise only allows access from clients in the same region as the + internal load balancer. + type: boolean + allowPscGlobalAccess: + description: This is used in PSC consumer ForwardingRule to control + whether the PSC endpoint can be accessed from another region. + type: boolean + backendServiceRef: + description: A ComputeBackendService to receive the matched traffic. + This is used only for internal load balancing. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The ComputeBackendService selflink in the form "projects/{{project}}/global/backendServices/{{name}}" + or "projects/{{project}}/regions/{{region}}/backendServices/{{name}}" + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `ComputeBackendService` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeBackendService` + resource. + type: string + type: object + description: + description: Immutable. An optional description of this resource. + Provide this property when you create the resource. + type: string + ipAddress: + description: |- + The IP address that this forwarding rule is serving on behalf of. + + Addresses are restricted based on the forwarding rule's load + balancing scheme (EXTERNAL or INTERNAL) and scope (global or + regional). + + When the load balancing scheme is EXTERNAL, for global forwarding + rules, the address must be a global IP, and for regional forwarding + rules, the address must live in the same region as the forwarding + rule. If this field is empty, an ephemeral IPv4 address from the + same scope (global or regional) will be assigned. A regional + forwarding rule supports IPv4 only. A global forwarding rule + supports either IPv4 or IPv6. + + When the load balancing scheme is INTERNAL, this can only be an RFC + 1918 IP address belonging to the network/subnet configured for the + forwarding rule. By default, if this field is empty, an ephemeral + internal IP address will be automatically allocated from the IP + range of the subnet or network configured for this forwarding rule. + properties: + addressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The ComputeAddress selflink in the form "projects/{{project}}/regions/{{region}}/addresses/{{name}}" + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `ComputeAddress` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeAddress` resource. + type: string + type: object + ip: + type: string + type: object + ipProtocol: + description: |- + Immutable. The IP protocol to which this rule applies. + + For protocol forwarding, valid + options are 'TCP', 'UDP', 'ESP', + 'AH', 'SCTP', 'ICMP' and + 'L3_DEFAULT'. + + The valid IP protocols are different for different load balancing products + as described in [Load balancing + features](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends). + + A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or + backend service with UNSPECIFIED protocol. + A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values: ["TCP", "UDP", "ESP", "AH", "SCTP", "ICMP", "L3_DEFAULT"]. + type: string + ipVersion: + description: |- + Immutable. The IP address version that will be used by this forwarding rule. + Valid options are IPV4 and IPV6. + + If not set, the IPv4 address will be used by default. Possible values: ["IPV4", "IPV6"]. + type: string + isMirroringCollector: + description: |- + Immutable. Indicates whether or not this load balancer can be used as a collector for + packet mirroring. To prevent mirroring loops, instances behind this + load balancer will not have their traffic mirrored even if a + 'PacketMirroring' rule applies to them. + + This can only be set to true for load balancers that have their + 'loadBalancingScheme' set to 'INTERNAL'. + type: boolean + loadBalancingScheme: + description: |- + Immutable. Specifies the forwarding rule type. + + Must set to empty for private service connect forwarding rule. For more information about forwarding rules, refer to + [Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value: "EXTERNAL" Possible values: ["EXTERNAL", "EXTERNAL_MANAGED", "INTERNAL", "INTERNAL_MANAGED", ""]. + type: string + location: + description: 'Location represents the geographical location of the + ComputeForwardingRule. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + metadataFilters: + description: |- + Immutable. Opaque filter criteria used by Loadbalancer to restrict routing + configuration to a limited set xDS compliant clients. In their xDS + requests to Loadbalancer, xDS clients present node metadata. If a + match takes place, the relevant routing configuration is made available + to those proxies. + + For each metadataFilter in this list, if its filterMatchCriteria is set + to MATCH_ANY, at least one of the filterLabels must match the + corresponding label provided in the metadata. If its filterMatchCriteria + is set to MATCH_ALL, then all of its filterLabels must match with + corresponding labels in the provided metadata. + + metadataFilters specified here can be overridden by those specified in + the UrlMap that this ForwardingRule references. + + metadataFilters only applies to Loadbalancers that have their + loadBalancingScheme set to INTERNAL_SELF_MANAGED. + items: + properties: + filterLabels: + description: |- + Immutable. The list of label value pairs that must match labels in the + provided metadata based on filterMatchCriteria + + This list must not be empty and can have at the most 64 entries. + items: + properties: + name: + description: Immutable. Name of the metadata label. The + length must be between 1 and 1024 characters, inclusive. + type: string + value: + description: Immutable. The value that the label must + match. The value has a maximum length of 1024 characters. + type: string + required: + - name + - value + type: object + type: array + filterMatchCriteria: + description: |- + Immutable. Specifies how individual filterLabel matches within the list of + filterLabels contribute towards the overall metadataFilter match. + + MATCH_ANY - At least one of the filterLabels must have a matching + label in the provided metadata. + MATCH_ALL - All filterLabels must have matching labels in the + provided metadata. Possible values: ["MATCH_ANY", "MATCH_ALL"]. + type: string + required: + - filterLabels + - filterMatchCriteria + type: object + type: array + networkRef: + description: This field is not used for external load balancing. For + internal load balancing, this field identifies the network that + the load balanced IP should belong to for this forwarding rule. + If this field is not specified, the default network will be used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed Compute Network + resource. Should be in the format `projects//global/networks/`. + type: string + name: + description: The `name` field of a `ComputeNetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeNetwork` resource. + type: string + type: object + networkTier: + description: |- + Immutable. This signifies the networking tier used for configuring + this load balancer and can only take the following values: + 'PREMIUM', 'STANDARD'. + + For regional ForwardingRule, the valid values are 'PREMIUM' and + 'STANDARD'. For GlobalForwardingRule, the valid value is + 'PREMIUM'. + + If this field is not specified, it is assumed to be 'PREMIUM'. + If 'IPAddress' is specified, this value must be equal to the + networkTier of the Address. Possible values: ["PREMIUM", "STANDARD"]. + type: string + noAutomateDnsZone: + description: Immutable. This is used in PSC consumer ForwardingRule + to control whether it should try to auto-generate a DNS zone or + not. Non-PSC forwarding rules do not use this field. + type: boolean + portRange: + description: |- + Immutable. This field can only be used: + + * If 'IPProtocol' is one of TCP, UDP, or SCTP. + * By backend service-based network load balancers, target pool-based + network load balancers, internal proxy load balancers, external proxy load + balancers, Traffic Director, external protocol forwarding, and Classic VPN. + Some products have restrictions on what ports can be used. See + [port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications) + for details. + + Only packets addressed to ports in the specified range will be forwarded to + the backends configured with this forwarding rule. + + The 'ports' and 'port_range' fields are mutually exclusive. + + For external forwarding rules, two or more forwarding rules cannot use the + same '[IPAddress, IPProtocol]' pair, and cannot have + overlapping 'portRange's. + + For internal forwarding rules within the same VPC network, two or more + forwarding rules cannot use the same '[IPAddress, IPProtocol]' + pair, and cannot have overlapping 'portRange's. + type: string + ports: + description: |- + Immutable. This field can only be used: + + * If 'IPProtocol' is one of TCP, UDP, or SCTP. + * By internal TCP/UDP load balancers, backend service-based network load + balancers, internal protocol forwarding and when protocol is not L3_DEFAULT. + + You can specify a list of up to five ports by number, separated by commas. + The ports can be contiguous or discontiguous. Only packets addressed to + these ports will be forwarded to the backends configured with this + forwarding rule. + + For external forwarding rules, two or more forwarding rules cannot use the + same '[IPAddress, IPProtocol]' pair, and cannot share any values + defined in 'ports'. + + For internal forwarding rules within the same VPC network, two or more + forwarding rules cannot use the same '[IPAddress, IPProtocol]' + pair, and cannot share any values defined in 'ports'. + + The 'ports' and 'port_range' fields are mutually exclusive. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceDirectoryRegistrations: + description: |- + Immutable. Service Directory resources to register this forwarding rule with. + + Currently, only supports a single Service Directory resource. + items: + properties: + namespace: + description: Immutable. Service Directory namespace to register + the forwarding rule under. + type: string + service: + description: Immutable. Service Directory service to register + the forwarding rule under. + type: string + type: object + type: array + serviceLabel: + description: |- + Immutable. An optional prefix to the service name for this Forwarding Rule. + If specified, will be the first label of the fully qualified service + name. + + The label must be 1-63 characters long, and comply with RFC1035. + Specifically, the label must be 1-63 characters long and match the + regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first + character must be a lowercase letter, and all following characters + must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + + This field is only used for INTERNAL load balancing. + type: string + sourceIpRanges: + description: Immutable. If not empty, this Forwarding Rule will only + forward the traffic when the source IP address matches one of the + IP addresses or CIDR ranges set here. Note that a Forwarding Rule + can only have up to 64 source IP ranges, and this field can only + be used with a regional Forwarding Rule whose scheme is EXTERNAL. + Each sourceIpRange entry should be either an IP address (for example, + 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24). + items: + type: string + type: array + subnetworkRef: + description: |- + Immutable. The subnetwork that the load balanced IP should belong to for this + forwarding rule. This field is only used for internal load + balancing. + + If the network specified is in auto subnet mode, this field is + optional. However, if the network is in custom subnet mode, a + subnetwork must be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The ComputeSubnetwork selflink of form "projects/{{project}}/regions/{{region}}/subnetworks/{{name}}", + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `ComputeSubnetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeSubnetwork` resource. + type: string + type: object + target: + description: The target resource to receive the matched traffic. The + forwarded traffic must be of a type appropriate to the target object. + For INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets + are valid. + properties: + googleAPIsBundle: + type: string + serviceAttachmentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The ComputeServiceAttachment selflink in the + form "projects/{{project}}/regions/{{region}}/serviceAttachments/{{name}}" + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `ComputeServiceAttachment` + resource. + type: string + namespace: + description: The `namespace` field of a `ComputeServiceAttachment` + resource. + type: string + type: object + targetGRPCProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The ComputeTargetGrpcProxy selflink in the form + "projects/{{project}}/global/targetGrpcProxies/{{name}}" + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `ComputeTargetGrpcProxy` + resource. + type: string + namespace: + description: The `namespace` field of a `ComputeTargetGrpcProxy` + resource. + type: string + type: object + targetHTTPProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The ComputeTargetHTTPProxy selflink in the form + "projects/{{project}}/global/targetHttpProxies/{{name}}" + or "projects/{{project}}/regions/{{region}}/targetHttpProxies/{{name}}" + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `ComputeTargetHTTPProxy` + resource. + type: string + namespace: + description: The `namespace` field of a `ComputeTargetHTTPProxy` + resource. + type: string + type: object + targetHTTPSProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The ComputeTargetHTTPSProxy selflink in the form + "projects/{{project}}/global/targetHttpProxies/{{name}}" + or "projects/{{project}}/regions/{{region}}/targetHttpProxies/{{name}}" + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `ComputeTargetHTTPSProxy` + resource. + type: string + namespace: + description: The `namespace` field of a `ComputeTargetHTTPSProxy` + resource. + type: string + type: object + targetSSLProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The ComputeTargetSSLProxy selflink in the form + "projects/{{project}}/global/targetSslProxies/{{name}}" + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `ComputeTargetSSLProxy` + resource. + type: string + namespace: + description: The `namespace` field of a `ComputeTargetSSLProxy` + resource. + type: string + type: object + targetTCPProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The ComputeTargetTCPProxy selflink in the form + "projects/{{project}}/global/targetTcpProxies/{{name}}" + or "projects/{{project}}/regions/{{region}}/targetTcpProxies/{{name}}" + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `ComputeTargetTCPProxy` + resource. + type: string + namespace: + description: The `namespace` field of a `ComputeTargetTCPProxy` + resource. + type: string + type: object + targetVPNGatewayRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The ComputeTargetVPNGateway selflink in the form + "projects/{{project}}/regions/{{region}}/targetVpnGateways/{{name}}" + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `ComputeTargetVPNGateway` + resource. + type: string + namespace: + description: The `namespace` field of a `ComputeTargetVPNGateway` + resource. + type: string + type: object + type: object + required: + - location + type: object + status: + properties: + baseForwardingRule: + description: '[Output Only] The URL for the corresponding base Forwarding + Rule. By base Forwarding Rule, we mean the Forwarding Rule that + has the same IP address, protocol, and port settings with the current + Forwarding Rule, but without sourceIPRanges specified. Always empty + if the current Forwarding Rule does not have sourceIPRanges specified.' + type: string + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + externalRef: + description: A unique Config Connector specifier for the resource + in GCP. + type: string + labelFingerprint: + description: The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + pscConnectionId: + description: The PSC connection id of the PSC Forwarding Rule. + type: string + pscConnectionStatus: + description: 'The PSC connection status of the PSC Forwarding Rule. + Possible values: ''STATUS_UNSPECIFIED'', ''PENDING'', ''ACCEPTED'', + ''REJECTED'', ''CLOSED''.' + type: string + selfLink: + type: string + serviceName: + description: |- + The internal fully qualified service name for this Forwarding Rule. + + This field is only used for INTERNAL load balancing. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeglobalnetworkendpointgroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeGlobalNetworkEndpointGroup + plural: computeglobalnetworkendpointgroups + shortNames: + - gcpcomputeglobalnetworkendpointgroup + - gcpcomputeglobalnetworkendpointgroups + singular: computeglobalnetworkendpointgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultPort: + description: |- + Immutable. The default port used if the port number is not specified in the + network endpoint. + type: integer + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + networkEndpointType: + description: 'Immutable. Type of network endpoints in this network + endpoint group. Possible values: ["INTERNET_IP_PORT", "INTERNET_FQDN_PORT"].' + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkEndpointType + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeglobalnetworkendpoints.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeGlobalNetworkEndpoint + plural: computeglobalnetworkendpoints + shortNames: + - gcpcomputeglobalnetworkendpoint + - gcpcomputeglobalnetworkendpoints + singular: computeglobalnetworkendpoint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + fqdn: + description: |- + Immutable. Fully qualified domain name of network endpoint. + This can only be specified when network_endpoint_type of the NEG is INTERNET_FQDN_PORT. + type: string + globalNetworkEndpointGroup: + description: Immutable. The global network endpoint group this endpoint + is part of. + type: string + ipAddress: + description: Immutable. IPv4 address external endpoint. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The port of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - globalNetworkEndpointGroup + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computehealthchecks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeHealthCheck + plural: computehealthchecks + shortNames: + - gcpcomputehealthcheck + - gcpcomputehealthchecks + singular: computehealthcheck + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + grpcHealthCheck: + description: A nested object resource. + properties: + grpcServiceName: + description: |- + The gRPC service name for the health check. + The value of grpcServiceName has the following meanings by convention: + - Empty serviceName means the overall status of all services at the backend. + - Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service. + The grpcServiceName can only be ASCII. + type: string + port: + description: |- + The port number for the health check request. + Must be specified if portName and portSpecification are not set + or if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, gRPC health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + type: object + healthyThreshold: + description: |- + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + http2HealthCheck: + description: A nested object resource. + properties: + host: + description: |- + The value of the host header in the HTTP2 health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTP2 health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTP2 health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTP2 health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + httpHealthCheck: + description: A nested object resource. + properties: + host: + description: |- + The value of the host header in the HTTP health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTP health check request. + The default value is 80. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTP health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTP health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + httpsHealthCheck: + description: A nested object resource. + properties: + host: + description: |- + The value of the host header in the HTTPS health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTPS health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTPS health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTPS health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + location: + description: 'Location represents the geographical location of the + ComputeHealthCheck. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + logConfig: + description: Configure logging on this health check. + properties: + enable: + description: |- + Indicates whether or not to export logs. This is false by default, + which means no health check logging will be done. + type: boolean + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslHealthCheck: + description: A nested object resource. + properties: + port: + description: |- + The TCP port number for the SSL health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, SSL health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + request: + description: |- + The application data to send once the SSL connection has been + established (default value is empty). If both request and response are + empty, the connection establishment alone will indicate health. The request + data can only be ASCII. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + tcpHealthCheck: + description: A nested object resource. + properties: + port: + description: |- + The TCP port number for the TCP health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, TCP health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + request: + description: |- + The application data to send once the TCP connection has been + established (default value is empty). If both request and response are + empty, the connection establishment alone will indicate health. The request + data can only be ASCII. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: + description: The type of the health check. One of HTTP, HTTPS, TCP, + or SSL. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computehttphealthchecks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeHTTPHealthCheck + plural: computehttphealthchecks + shortNames: + - gcpcomputehttphealthcheck + - gcpcomputehttphealthchecks + singular: computehttphealthcheck + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + healthyThreshold: + description: |- + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + host: + description: |- + The value of the host header in the HTTP health check request. If + left empty (default value), the public IP on behalf of which this + health check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTP health check request. + The default value is 80. + type: integer + requestPath: + description: |- + The request path of the HTTP health check request. + The default value is /. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computehttpshealthchecks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeHTTPSHealthCheck + plural: computehttpshealthchecks + shortNames: + - gcpcomputehttpshealthcheck + - gcpcomputehttpshealthchecks + singular: computehttpshealthcheck + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + healthyThreshold: + description: |- + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + host: + description: |- + The value of the host header in the HTTPS health check request. If + left empty (default value), the public IP on behalf of which this + health check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTPS health check request. + The default value is 443. + type: integer + requestPath: + description: |- + The request path of the HTTPS health check request. + The default value is /. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeimages.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeImage + plural: computeimages + shortNames: + - gcpcomputeimage + - gcpcomputeimages + singular: computeimage + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + diskRef: + description: |- + The source disk to create this image based on. + You must provide either this property or the + rawDisk.source property but not both to create an image. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + diskSizeGb: + description: Immutable. Size of the image when restored onto a persistent + disk (in GB). + type: integer + family: + description: |- + Immutable. The name of the image family to which this image belongs. You can + create disks by specifying an image family instead of a specific + image name. The image family always returns its latest image that is + not deprecated. The name of the image family must comply with + RFC1035. + type: string + guestOsFeatures: + description: |- + Immutable. A list of features to enable on the guest operating system. + Applicable only for bootable images. + items: + properties: + type: + description: 'Immutable. The type of supported feature. Read + [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) + to see a list of available options. Possible values: ["MULTI_IP_SUBNET", + "SECURE_BOOT", "SEV_CAPABLE", "UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", + "WINDOWS", "GVNIC", "SEV_LIVE_MIGRATABLE", "SEV_SNP_CAPABLE", + "SUSPEND_RESUME_COMPATIBLE", "TDX_CAPABLE"].' + type: string + required: + - type + type: object + type: array + imageEncryptionKey: + description: |- + Immutable. Encrypts the image using a customer-supplied encryption key. + + After you encrypt an image with a customer-supplied key, you must + provide the same key if you use the image later (e.g. to create a + disk from the image). + properties: + kmsKeySelfLinkRef: + description: |- + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + licenses: + description: Immutable. Any applicable license URI. + items: + type: string + type: array + rawDisk: + description: Immutable. The parameters of the raw disk image. + properties: + containerType: + description: |- + Immutable. The format used to encode and transmit the block device, which + should be TAR. This is just a container and transmission format + and not a runtime format. Provided by the client when the disk + image is created. Default value: "TAR" Possible values: ["TAR"]. + type: string + sha1: + description: |- + Immutable. An optional SHA1 checksum of the disk image before unpackaging. + This is provided by the client when the disk image is created. + type: string + source: + description: |- + Immutable. The full Google Cloud Storage URL where disk storage is stored + You must provide either this property or the sourceDisk property + but not both. + type: string + required: + - source + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceImageRef: + description: The source image used to create this image. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeImage` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceSnapshotRef: + description: The source snapshot used to create this image. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + storageLocations: + description: |- + Immutable. Cloud Storage bucket storage location of the image + (regional or multi-regional). + Reference link: https://cloud.google.com/compute/docs/reference/rest/v1/images. + items: + type: string + type: array + type: object + status: + properties: + archiveSizeBytes: + description: |- + Size of the image tar.gz archive stored in Google Cloud Storage (in + bytes). + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computeinstancegroupmanagers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceGroupManager + plural: computeinstancegroupmanagers + shortNames: + - gcpcomputeinstancegroupmanager + - gcpcomputeinstancegroupmanagers + singular: computeinstancegroupmanager + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoHealingPolicies: + description: The autohealing policy for this managed instance group. + You can specify only one value. + items: + properties: + healthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL for the health check that signals autohealing. + + Allowed value: The `selfLink` field of a `ComputeHealthCheck` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + initialDelaySec: + description: The number of seconds that the managed instance + group waits before it applies autohealing policies to new + instances or recently recreated instances. This initial delay + allows instances to initialize and run their startup scripts + before the instance group determines that they are UNHEALTHY. + This prevents the managed instance group from recreating its + instances prematurely. This value must be from range [0, 3600]. + format: int64 + type: integer + type: object + type: array + baseInstanceName: + description: The base instance name to use for instances in this group. + The value must be 1-58 characters long. Instances are named by appending + a hyphen and a random four-character string to the base instance + name. The base instance name must comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + type: string + description: + description: Immutable. An optional description of this resource. + type: string + distributionPolicy: + description: Policy specifying the intended distribution of managed + instances across zones in a regional managed instance group. + properties: + targetShape: + description: 'The distribution shape to which the group converges + either proactively or on resize events (depending on the value + set in `updatePolicy.instanceRedistributionType`). Possible + values: TARGET_SHAPE_UNSPECIFIED, ANY, BALANCED, ANY_SINGLE_ZONE' + type: string + zones: + description: Immutable. Zones where the regional managed instance + group will create and manage its instances. + items: + properties: + zone: + description: Immutable. The URL of the [zone](/compute/docs/regions-zones/#available). + The zone must exist in the region where the managed instance + group is located. + type: string + type: object + type: array + type: object + failoverAction: + description: 'The action to perform in case of zone failure. Only + one value is supported, `NO_FAILOVER`. The default is `NO_FAILOVER`. + Possible values: UNKNOWN, NO_FAILOVER' + type: string + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of the instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`. + + Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Immutable. The location of this resource. + type: string + namedPorts: + description: Immutable. Named ports configured for the Instance Groups + complementary to this Instance Group Manager. + items: + properties: + name: + description: Immutable. The name for this named port. The name + must be 1-63 characters long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + type: string + port: + description: Immutable. The port number, which can be a value + between 1 and 65535. + format: int64 + type: integer + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The service account to be used as credentials for all operations performed by the managed instance group on instances. The service accounts needs all permissions required to create and delete instances. By default, the service account: {projectNumber}@cloudservices.gserviceaccount.com is used. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + statefulPolicy: + description: Stateful configuration for this Instanced Group Manager + properties: + preservedState: + properties: + disks: + additionalProperties: + properties: + autoDelete: + description: 'These stateful disks will never be deleted + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + disk should be deleted after it is no longer used + by the group, e.g. when the given instance or the + whole group is deleted. Note: disks attached in READ_ONLY + mode cannot be auto-deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string + type: object + description: Disks created on the instances that will be preserved + on instance delete, update, etc. This map is keyed with + the device names of the disks. + type: object + externalIps: + additionalProperties: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + IP reservation should be deleted after it is no longer + used by the group, e.g. when the given instance or + the whole group is deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string + type: object + description: External network IPs assigned to the instances + that will be preserved on instance delete, update, etc. + This map is keyed with the network interface name. + type: object + internalIps: + additionalProperties: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + IP reservation should be deleted after it is no longer + used by the group, e.g. when the given instance or + the whole group is deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string + type: object + description: Internal network IPs assigned to the instances + that will be preserved on instance delete, update, etc. + This map is keyed with the network interface name. + type: object + type: object + type: object + targetPools: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + targetSize: + description: The target number of running instances for this managed + instance group. You can reduce this number by using the instanceGroupManager + deleteInstances or abandonInstances methods. Resizing the group + also changes this number. + format: int64 + type: integer + updatePolicy: + description: The update policy for this managed instance group. + properties: + instanceRedistributionType: + description: 'The [instance redistribution policy](/compute/docs/instance-groups/regional-migs#proactive_instance_redistribution) + for regional managed instance groups. Valid values are: - `PROACTIVE` + (default): The group attempts to maintain an even distribution + of VM instances across zones in the region. - `NONE`: For non-autoscaled + groups, proactive redistribution is disabled.' + type: string + maxSurge: + description: The maximum number of instances that can be created + above the specified `targetSize` during the update process. + This value can be either a fixed number or, if the group has + 10 or more instances, a percentage. If you set a percentage, + the number of instances is rounded if necessary. The default + value for `maxSurge` is a fixed value equal to the number of + zones in which the managed instance group operates. At least + one of either `maxSurge` or `maxUnavailable` must be greater + than 0. Learn more about [`maxSurge`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_surge). + properties: + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between 0 + to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer + type: object + maxUnavailable: + description: 'The maximum number of instances that can be unavailable + during the update process. An instance is considered available + if all of the following conditions are satisfied: - The instance''s + [status](/compute/docs/instances/checking-instance-status) is + `RUNNING`. - If there is a [health check](/compute/docs/instance-groups/autohealing-instances-in-migs) + on the instance group, the instance''s health check status must + be `HEALTHY` at least once. If there is no health check on the + group, then the instance only needs to have a status of `RUNNING` + to be considered available. This value can be either a fixed + number or, if the group has 10 or more instances, a percentage. + If you set a percentage, the number of instances is rounded + if necessary. The default value for `maxUnavailable` is a fixed + value equal to the number of zones in which the managed instance + group operates. At least one of either `maxSurge` or `maxUnavailable` + must be greater than 0. Learn more about [`maxUnavailable`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_unavailable).' + properties: + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between 0 + to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer + type: object + minReadySec: + description: Minimum number of seconds to wait for after a newly + created instance becomes available. This value must be from + range [0, 3600]. + format: int64 + type: integer + minimalAction: + description: Minimal action to be taken on an instance. You can + specify either `RESTART` to restart existing instances or `REPLACE` + to delete and create new instances from the target template. + If you specify a `RESTART`, the Updater will attempt to perform + that action only. However, if the Updater determines that the + minimal action you specify is not enough to perform the update, + it might perform a more disruptive action. + type: string + mostDisruptiveAllowedAction: + description: Most disruptive action that is allowed to be taken + on an instance. You can specify either `NONE` to forbid any + actions, `REFRESH` to allow actions that do not need instance + restart, `RESTART` to allow actions that can be applied without + instance replacing or `REPLACE` to allow all possible actions. + If the Updater determines that the minimal update action needed + is more disruptive than most disruptive allowed action you specify + it will not perform the update at all. + type: string + replacementMethod: + description: 'What action should be used to replace instances. + See minimal_action.REPLACE Possible values: SUBSTITUTE, RECREATE' + type: string + type: + description: The type of update process. You can specify either + `PROACTIVE` so that the instance group manager proactively executes + actions in order to bring instances to their target versions + or `OPPORTUNISTIC` so that no action is proactively executed + but the update will be performed as part of other actions (for + example, resizes or `recreateInstances` calls). + type: string + type: object + versions: + description: Specifies the instance templates used by this managed + instance group to create instances. Each version is defined by an + `instanceTemplate` and a `name`. Every version can appear at most + once per instance group. This field overrides the top-level `instanceTemplate` + field. Read more about the [relationships between these fields](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#relationship_between_versions_and_instancetemplate_properties_for_a_managed_instance_group). + Exactly one `version` must leave the `targetSize` field unset. That + version will be applied to all remaining instances. For more information, + read about [canary updates](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update). + items: + properties: + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of the instance template that is specified for this managed instance group. The group uses this template to create new instances in the managed instance group until the `targetSize` for this version is reached. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`; in those cases, existing instances are updated until the `targetSize` for this version is reached. + + Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: Name of the version. Unique among all versions + in the scope of this managed instance group. + type: string + targetSize: + description: 'Specifies the intended number of instances to + be created from the `instanceTemplate`. The final number of + instances created from the template will be equal to: - If + expressed as a fixed number, the minimum of either `targetSize.fixed` + or `instanceGroupManager.targetSize` is used. - if expressed + as a `percent`, the `targetSize` would be `(targetSize.percent/100 + * InstanceGroupManager.targetSize)` If there is a remainder, + the number is rounded. If unset, this version will update + any remaining instances not updated by another `version`. + Read [Starting a canary update](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update) + for more information.' + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value + is `fixed`, then the `calculated` value is equal to the + `fixed` value. - If the value is a `percent`, then the + `calculated` value is `percent`/100 * `targetSize`. For + example, the `calculated` value of a 80% of a managed + instance group with 150 instances would be (80/100 * 150) + = 120 VM instances. If there is a remainder, the number + is rounded.' + format: int64 + type: integer + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between + 0 to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer + type: object + type: object + type: array + required: + - projectRef + - targetSize + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: The creation timestamp for this managed instance group + in \[RFC3339\](https://www.ietf.org/rfc/rfc3339.txt) text format. + type: string + currentActions: + description: '[Output Only] The list of instance actions and the number + of instances in this managed instance group that are scheduled for + each of those actions.' + properties: + abandoning: + description: '[Output Only] The total number of instances in the + managed instance group that are scheduled to be abandoned. Abandoning + an instance removes it from the managed instance group without + deleting it.' + format: int64 + type: integer + creating: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be created or are currently + being created. If the group fails to create any of these instances, + it tries again until it creates the instance successfully. If + you have disabled creation retries, this field will not be populated; + instead, the `creatingWithoutRetries` field will be populated.' + format: int64 + type: integer + creatingWithoutRetries: + description: '[Output Only] The number of instances that the managed + instance group will attempt to create. The group attempts to + create each instance only once. If the group fails to create + any of these instances, it decreases the group''s `targetSize` + value accordingly.' + format: int64 + type: integer + deleting: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be deleted or are currently + being deleted.' + format: int64 + type: integer + none: + description: '[Output Only] The number of instances in the managed + instance group that are running and have no scheduled actions.' + format: int64 + type: integer + recreating: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be recreated or are currently + being being recreated. Recreating an instance deletes the existing + root persistent disk and creates a new disk from the image that + is defined in the instance template.' + format: int64 + type: integer + refreshing: + description: '[Output Only] The number of instances in the managed + instance group that are being reconfigured with properties that + do not require a restart or a recreate action. For example, + setting or removing target pools for the instance.' + format: int64 + type: integer + restarting: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be restarted or are currently + being restarted.' + format: int64 + type: integer + verifying: + description: '[Output Only] The number of instances in the managed + instance group that are being verified. See the `managedInstances[].currentAction` + property in the `listManagedInstances` method documentation.' + format: int64 + type: integer + type: object + fingerprint: + description: Fingerprint of this resource. This field may be used + in optimistic locking. It will be ignored when inserting an InstanceGroupManager. + An up-to-date fingerprint must be provided in order to update the + InstanceGroupManager, otherwise the request will fail with error + `412 conditionNotMet`. To see the latest fingerprint, make a `get()` + request to retrieve an InstanceGroupManager. + type: string + id: + description: '[Output Only] A unique identifier for this resource + type. The server generates this identifier.' + format: int64 + type: integer + instanceGroup: + description: '[Output Only] The URL of the Instance Group resource.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: '[Output Only] The URL of the [region](/compute/docs/regions-zones/#available) + where the managed instance group resides (for regional resources).' + type: string + selfLink: + description: '[Output Only] The URL for this managed instance group. + The server defines this URL.' + type: string + status: + description: '[Output Only] The status of this managed instance group.' + properties: + autoscaler: + description: '[Output Only] The URL of the [Autoscaler](/compute/docs/autoscaler/) + that targets this instance group manager.' + type: string + isStable: + description: '[Output Only] A bit indicating whether the managed + instance group is in a stable state. A stable state means that: + none of the instances in the managed instance group is currently + undergoing any type of change (for example, creation, restart, + or deletion); no future changes are scheduled for instances + in the managed instance group; and the managed instance group + itself is not being modified.' + type: boolean + stateful: + description: '[Output Only] Stateful status of the given Instance + Group Manager.' + properties: + hasStatefulConfig: + description: '[Output Only] A bit indicating whether the managed + instance group has stateful configuration, that is, if you + have configured any items in a stateful policy or in per-instance + configs. The group might report that it has no stateful + config even when there is still some preserved state on + a managed instance, for example, if you have deleted all + PICs but not yet applied those deletions.' + type: boolean + isStateful: + description: '[Output Only] A bit indicating whether the managed + instance group has stateful configuration, that is, if you + have configured any items in a stateful policy or in per-instance + configs. The group might report that it has no stateful + config even when there is still some preserved state on + a managed instance, for example, if you have deleted all + PICs but not yet applied those deletions. This field is + deprecated in favor of has_stateful_config.' + type: boolean + perInstanceConfigs: + description: '[Output Only] Status of per-instance configs + on the instance.' + properties: + allEffective: + description: A bit indicating if all of the group's per-instance + configs (listed in the output of a listPerInstanceConfigs + API call) have status `EFFECTIVE` or there are no per-instance-configs. + type: boolean + type: object + type: object + versionTarget: + description: '[Output Only] A status of consistency of Instances'' + versions with their target version specified by `version` field + on Instance Group Manager.' + properties: + isReached: + description: '[Output Only] A bit indicating whether version + target has been reached in this managed instance group, + i.e. all instances are in their target version. Instances'' + target version are specified by `version` field on Instance + Group Manager.' + type: boolean + type: object + type: object + updatePolicy: + properties: + maxSurge: + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value is + `fixed`, then the `calculated` value is equal to the `fixed` + value. - If the value is a `percent`, then the `calculated` + value is `percent`/100 * `targetSize`. For example, the + `calculated` value of a 80% of a managed instance group + with 150 instances would be (80/100 * 150) = 120 VM instances. + If there is a remainder, the number is rounded.' + format: int64 + type: integer + type: object + maxUnavailable: + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value is + `fixed`, then the `calculated` value is equal to the `fixed` + value. - If the value is a `percent`, then the `calculated` + value is `percent`/100 * `targetSize`. For example, the + `calculated` value of a 80% of a managed instance group + with 150 instances would be (80/100 * 150) = 120 VM instances. + If there is a remainder, the number is rounded.' + format: int64 + type: integer + type: object + type: object + zone: + description: '[Output Only] The URL of a [zone](/compute/docs/regions-zones/#available) + where the managed instance group is located (for zonal resources).' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstancegroupnamedports.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceGroupNamedPort + plural: computeinstancegroupnamedports + shortNames: + - gcpcomputeinstancegroupnamedport + - gcpcomputeinstancegroupnamedports + singular: computeinstancegroupnamedport + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + groupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInstanceGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + port: + description: Immutable. The port number, which can be a value between + 1 and 65535. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. The zone of the instance group. + type: string + required: + - groupRef + - port + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstancegroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceGroup + plural: computeinstancegroups + shortNames: + - gcpcomputeinstancegroup + - gcpcomputeinstancegroups + singular: computeinstancegroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional textual description of the instance + group. + type: string + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + namedPort: + description: The named port configuration. + items: + properties: + name: + description: The name which the port will be mapped to. + type: string + port: + description: The port number to map the name to. + type: integer + required: + - name + - port + type: object + type: array + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. The zone that this instance group should be + created in. + type: string + required: + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + size: + description: The number of instances in the group. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstances.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstance + plural: computeinstances + shortNames: + - gcpcomputeinstance + - gcpcomputeinstances + singular: computeinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + anyOf: + - required: + - bootDisk + - machineType + - networkInterface + - zone + - required: + - instanceTemplateRef + - zone + properties: + advancedMachineFeatures: + description: Controls for advanced machine-related behavior features. + properties: + enableNestedVirtualization: + description: Whether to enable nested virtualization or not. + type: boolean + threadsPerCore: + description: The number of threads per physical core. To disable + simultaneous multithreading (SMT) set this to 1. If unset, the + maximum number of threads supported per core by the underlying + processor is assumed. + type: integer + visibleCoreCount: + description: The number of physical cores to expose to an instance. + Multiply by the number of threads per core to compute the total + number of virtual CPUs to expose to the instance. If unset, + the number of cores is inferred from the instance\'s nominal + CPU count and the underlying platform\'s SMT width. + type: integer + type: object + attachedDisk: + description: List of disks attached to the instance. + items: + properties: + deviceName: + description: Name with which the attached disk is accessible + under /dev/disk/by-id/. + type: string + diskEncryptionKeyRaw: + description: A 256-bit customer-supplied encryption key, encoded + in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link + and disk_encryption_key_raw may be set. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be + extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + diskEncryptionKeySha256: + description: The RFC 4648 base64 encoded SHA-256 hash of the + customer-supplied encryption key that protects this resource. + type: string + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + mode: + description: Read/write mode for the disk. One of "READ_ONLY" + or "READ_WRITE". + type: string + sourceDiskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - sourceDiskRef + type: object + type: array + bootDisk: + description: Immutable. The boot disk for the instance. + properties: + autoDelete: + description: Immutable. Whether the disk will be auto-deleted + when the instance is deleted. + type: boolean + deviceName: + description: Immutable. Name with which attached disk will be + accessible under /dev/disk/by-id/. + type: string + diskEncryptionKeyRaw: + description: Immutable. A 256-bit customer-supplied encryption + key, encoded in RFC 4648 base64 to encrypt this disk. Only one + of kms_key_self_link and disk_encryption_key_raw may be set. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + diskEncryptionKeySha256: + description: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + initializeParams: + description: Immutable. Parameters with which a disk was created + alongside the instance. + properties: + labels: + description: Immutable. A set of key/value label pairs assigned + to the disk. + type: object + x-kubernetes-preserve-unknown-fields: true + resourceManagerTags: + description: Immutable. A map of resource manager tags. Resource + manager tag keys and values have the same definition as + resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, + and values are in the format tagValues/456. The field is + ignored (both PUT & PATCH) when empty. + type: object + x-kubernetes-preserve-unknown-fields: true + size: + description: Immutable. The size of the image in gigabytes. + type: integer + sourceImageRef: + description: Immutable. The image from which to initialize + this disk. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeImage` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: Immutable. The Google Compute Engine disk type. + Such as pd-standard, pd-ssd or pd-balanced. + type: string + type: object + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + mode: + description: Immutable. Read/write mode for the disk. One of "READ_ONLY" + or "READ_WRITE". + type: string + sourceDiskRef: + description: Immutable. The source disk used to create this disk. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + canIpForward: + description: Whether sending and receiving of packets with non-matching + source or destination IPs is allowed. + type: boolean + confidentialInstanceConfig: + description: Immutable. The Confidential VM config being used by the + instance. on_host_maintenance has to be set to TERMINATE or this + will fail to create. + properties: + enableConfidentialCompute: + description: Defines whether the instance should have confidential + compute enabled. + type: boolean + required: + - enableConfidentialCompute + type: object + deletionProtection: + description: Whether deletion protection is enabled on this instance. + type: boolean + description: + description: Immutable. A brief description of the resource. + type: string + desiredStatus: + description: Desired status of the instance. Either "RUNNING" or "TERMINATED". + type: string + enableDisplay: + description: Whether the instance has virtual displays enabled. + type: boolean + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the guest accelerator + cards exposed to this instance. + type: integer + type: + description: Immutable. The accelerator type resource exposed + to this instance. E.g. nvidia-tesla-t4. + type: string + required: + - count + - type + type: object + type: array + hostname: + description: Immutable. A custom hostname for the instance. Must be + a fully qualified DNS name and RFC-1035-valid. Valid format is a + series of labels 1-63 characters long matching the regular expression + [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire + hostname must not exceed 253 characters. Changing this forces a + new resource to be created. + type: string + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: The machine type to create. + type: string + metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + metadataStartupScript: + description: Immutable. Metadata startup scripts made available within + the instance. + type: string + minCpuPlatform: + description: The minimum CPU platform specified for the VM instance. + type: string + networkInterface: + description: Immutable. The networks attached to the instance. + items: + not: + required: + - networkIp + - networkIpRef + properties: + accessConfig: + description: Access configurations, i.e. IPs via which this + instance can be accessed via the Internet. + items: + properties: + natIpRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of + a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkTier: + description: The networking tier used for configuring + this instance. One of PREMIUM or STANDARD. + type: string + publicPtrDomainName: + description: The DNS domain name for the public PTR record. + type: string + type: object + type: array + aliasIpRange: + description: An array of alias IP ranges for this network interface. + items: + properties: + ipCidrRange: + description: The IP CIDR range represented by this alias + IP range. + type: string + subnetworkRangeName: + description: The subnetwork secondary range name specifying + the secondary range from which to allocate the IP CIDR + range for this alias IP range. + type: string + required: + - ipCidrRange + type: object + type: array + internalIpv6PrefixLength: + description: The prefix length of the primary internal IPv6 + range. + type: integer + ipv6AccessConfig: + description: An array of IPv6 access configurations for this + interface. Currently, only one IPv6 access config, DIRECT_IPV6, + is supported. If there is no ipv6AccessConfig specified, then + this instance will have no external IPv6 Internet access. + items: + properties: + externalIpv6: + description: Immutable. The first IPv6 address of the + external IPv6 range associated with this instance, prefix + length is stored in externalIpv6PrefixLength in ipv6AccessConfig. + To use a static external IP address, it must be unused + and in the same region as the instance's zone. If not + specified, Google Cloud will automatically assign an + external IPv6 address from the instance's subnetwork. + type: string + externalIpv6PrefixLength: + description: Immutable. The prefix length of the external + IPv6 range. + type: string + name: + description: Immutable. The name of this access configuration. + In ipv6AccessConfigs, the recommended name is External + IPv6. + type: string + networkTier: + description: The service-level to be provided for IPv6 + traffic when the subnet has an external subnet. Only + PREMIUM tier is valid for IPv6. + type: string + publicPtrDomainName: + description: The domain name to be used when creating + DNSv6 records for the external IPv6 ranges. + type: string + required: + - networkTier + type: object + type: array + ipv6AccessType: + description: One of EXTERNAL, INTERNAL to indicate whether the + IP can be accessed from the Internet. This field is always + inherited from its subnetwork. + type: string + ipv6Address: + description: An IPv6 internal network address for this network + interface. If not specified, Google Cloud will automatically + assign an internal IPv6 address from the instance's subnetwork. + type: string + name: + description: The name of the interface. + type: string + networkIp: + description: DEPRECATED. Although this field is still available, + there is limited support. We recommend that you use `spec.networkInterface.networkIpRef` + instead. + type: string + networkIpRef: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + kind: + description: 'Kind of the referent. Allowed values: ComputeAddress' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nicType: + description: Immutable. The type of vNIC to be used on this + interface. Possible values:GVNIC, VIRTIO_NET. + type: string + queueCount: + description: Immutable. The networking queue count that's specified + by users for the network interface. Both Rx and Tx queues + will be set to this number. It will be empty if not specified. + type: integer + stackType: + description: The stack type for this network interface to identify + whether the IPv6 feature is enabled or not. If not specified, + IPV4_ONLY will be used. + type: string + subnetworkProject: + description: The project in which the subnetwork belongs. + type: string + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + networkPerformanceConfig: + description: Immutable. Configures network performance settings for + the instance. If not specified, the instance will be created with + its default network performance configuration. + properties: + totalEgressBandwidthTier: + description: Immutable. The egress bandwidth tier to enable. Possible + values:TIER_1, DEFAULT. + type: string + required: + - totalEgressBandwidthTier + type: object + params: + description: Immutable. Stores additional params passed with the request, + but not persisted as part of resource payload. + properties: + resourceManagerTags: + description: Immutable. A map of resource manager tags. Resource + manager tag keys and values have the same definition as resource + manager tags. Keys must be in the format tagKeys/{tag_key_id}, + and values are in the format tagValues/456. The field is ignored + (both PUT & PATCH) when empty. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + reservationAffinity: + description: Immutable. Specifies the reservations that this instance + can consume from. + properties: + specificReservation: + description: Immutable. Specifies the label selector for the reservation + to use. + properties: + key: + description: Immutable. Corresponds to the label key of a + reservation resource. To target a SPECIFIC_RESERVATION by + name, specify compute.googleapis.com/reservation-name as + the key and specify the name of your reservation as the + only value. + type: string + values: + description: Immutable. Corresponds to the label values of + a reservation resource. + items: + type: string + type: array + required: + - key + - values + type: object + type: + description: Immutable. The type of reservation from which this + instance can consume resources. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + scheduling: + description: The scheduling strategy being used by the instance. + properties: + automaticRestart: + description: Specifies if the instance should be restarted if + it was terminated by Compute Engine (not a user). + type: boolean + instanceTerminationAction: + description: Specifies the action GCE should take when SPOT VM + is preempted. + type: string + localSsdRecoveryTimeout: + description: |- + Immutable. Specifies the maximum amount of time a Local Ssd Vm should wait while + recovery of the Local Ssd state is attempted. Its value should be in + between 0 and 168 hours with hour granularity and the default value being 1 + hour. + properties: + nanos: + description: |- + Immutable. Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Immutable. Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + maintenanceInterval: + description: 'Specifies the frequency of planned maintenance events. + The accepted values are: PERIODIC.' + type: string + maxRunDuration: + description: Immutable. The timeout for new network connections + to hosts. + properties: + nanos: + description: |- + Immutable. Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Immutable. Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + minNodeCpus: + type: integer + nodeAffinities: + items: + properties: + value: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + onHostMaintenance: + description: Describes maintenance behavior for the instance. + One of MIGRATE or TERMINATE,. + type: string + preemptible: + description: Immutable. Whether the instance is preemptible. + type: boolean + provisioningModel: + description: Immutable. Whether the instance is spot. If this + is set as SPOT. + type: string + type: object + scratchDisk: + description: Immutable. The scratch disks attached to the instance. + items: + properties: + interface: + description: The disk interface used for attaching this disk. + One of SCSI or NVME. + type: string + size: + description: Immutable. The size of the disk in gigabytes. One + of 375 or 3000. + type: integer + required: + - interface + type: object + type: array + serviceAccount: + description: The service account to attach to the instance. + properties: + scopes: + description: A list of service scopes. + items: + type: string + type: array + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - scopes + type: object + shieldedInstanceConfig: + description: The shielded vm config being used by the instance. + properties: + enableIntegrityMonitoring: + description: Whether integrity monitoring is enabled for the instance. + type: boolean + enableSecureBoot: + description: Whether secure boot is enabled for the instance. + type: boolean + enableVtpm: + description: Whether the instance uses vTPM. + type: boolean + type: object + tags: + description: The list of tags attached to the instance. + items: + type: string + type: array + zone: + description: Immutable. The zone of the instance. If self_link is + provided, this value is ignored. If neither self_link nor zone are + provided, the provider zone is used. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + cpuPlatform: + description: The CPU platform used by this instance. + type: string + currentStatus: + description: "\n\t\t\t\t\tCurrent status of the instance.\n\t\t\t\t\tThis + could be one of the following values: PROVISIONING, STAGING, RUNNING, + STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED.\n\t\t\t\t\tFor + more information about the status of the instance, see [Instance + life cycle](https://cloud.google.com/compute/docs/instances/instance-life-cycle)." + type: string + instanceId: + description: The server-assigned unique identifier of this instance. + type: string + labelFingerprint: + description: The unique fingerprint of the labels. + type: string + metadataFingerprint: + description: The unique fingerprint of the metadata. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + tagsFingerprint: + description: The unique fingerprint of the tags. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstancetemplates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceTemplate + plural: computeinstancetemplates + shortNames: + - gcpcomputeinstancetemplate + - gcpcomputeinstancetemplates + singular: computeinstancetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + advancedMachineFeatures: + description: Immutable. Controls for advanced machine-related behavior + features. + properties: + enableNestedVirtualization: + description: Immutable. Whether to enable nested virtualization + or not. + type: boolean + threadsPerCore: + description: Immutable. The number of threads per physical core. + To disable simultaneous multithreading (SMT) set this to 1. + If unset, the maximum number of threads supported per core by + the underlying processor is assumed. + type: integer + visibleCoreCount: + description: Immutable. The number of physical cores to expose + to an instance. Multiply by the number of threads per core to + compute the total number of virtual CPUs to expose to the instance. + If unset, the number of cores is inferred from the instance\'s + nominal CPU count and the underlying platform\'s SMT width. + type: integer + type: object + canIpForward: + description: Immutable. Whether to allow sending and receiving of + packets with non-matching source or destination IPs. This defaults + to false. + type: boolean + confidentialInstanceConfig: + description: Immutable. The Confidential VM config being used by the + instance. on_host_maintenance has to be set to TERMINATE or this + will fail to create. + properties: + enableConfidentialCompute: + description: Immutable. Defines whether the instance should have + confidential compute enabled. + type: boolean + required: + - enableConfidentialCompute + type: object + description: + description: Immutable. A brief description of this resource. + type: string + disk: + description: Immutable. Disks to attach to instances created from + this template. This can be specified multiple times for multiple + disks. + items: + properties: + autoDelete: + description: Immutable. Whether or not the disk should be auto-deleted. + This defaults to true. + type: boolean + boot: + description: Immutable. Indicates that this is a boot disk. + type: boolean + deviceName: + description: Immutable. A unique device name that is reflected + into the /dev/ tree of a Linux operating system running within + the instance. If not specified, the server chooses a default + device name to apply to this disk. + type: string + diskEncryptionKey: + description: Immutable. Encrypts or decrypts a disk using a + customer-supplied encryption key. + properties: + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + diskName: + description: Immutable. Name of the disk. When not provided, + this defaults to the name of the instance. + type: string + diskSizeGb: + description: Immutable. The size of the image in gigabytes. + If not specified, it will inherit the size of its base image. + For SCRATCH disks, the size must be one of 375 or 3000 GB, + with a default of 375 GB. + type: integer + diskType: + description: Immutable. The Google Compute Engine disk type. + Such as "pd-ssd", "local-ssd", "pd-balanced" or "pd-standard". + type: string + interface: + description: Immutable. Specifies the disk interface to use + for attaching this disk. + type: string + labels: + additionalProperties: + type: string + description: Immutable. A set of key/value label pairs to assign + to disks,. + type: object + mode: + description: Immutable. The mode in which to attach this disk, + either READ_WRITE or READ_ONLY. If you are attaching or creating + a boot disk, this must read-write mode. + type: string + provisionedIops: + description: Immutable. Indicates how many IOPS to provision + for the disk. This sets the number of I/O operations per second + that the disk can handle. Values must be between 10,000 and + 120,000. For more details, see the [Extreme persistent disk + documentation](https://cloud.google.com/compute/docs/disks/extreme-persistent-disk). + type: integer + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeResourcePolicy` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceDiskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceImageEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source + image. Required if the source image is protected by a + customer-supplied encryption key. + + Instance templates do not store customer-supplied + encryption keys, so you cannot create disks for + instances in a managed instance group if the source + images are encrypted with your own keys. + properties: + kmsKeySelfLinkRef: + description: |- + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an + `IAMServiceAccount` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeySelfLinkRef + type: object + sourceImageRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeImage` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceSnapshotEncryptionKey: + description: Immutable. The customer-supplied encryption key + of the source snapshot. + properties: + kmsKeySelfLinkRef: + description: |- + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an + `IAMServiceAccount` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeySelfLinkRef + type: object + sourceSnapshotRef: + description: |- + The source snapshot to create this disk. When creating a new + instance, one of initializeParams.sourceSnapshot, + initializeParams.sourceImage, or disks.source is required except for + local SSD. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: Immutable. The type of Google Compute Engine disk, + can be either "SCRATCH" or "PERSISTENT". + type: string + type: object + type: array + enableDisplay: + description: 'Immutable. Enable Virtual Displays on this instance. + Note: allow_stopping_for_update must be set to true in order to + update this field.' + type: boolean + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the guest accelerator + cards exposed to this instance. + type: integer + type: + description: Immutable. The accelerator type resource to expose + to this instance. E.g. nvidia-tesla-t4. + type: string + required: + - count + - type + type: object + type: array + instanceDescription: + description: Immutable. A description of the instance. + type: string + machineType: + description: Immutable. The machine type to create. To create a machine + with a custom type (such as extended memory), format the value like + custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of + RAM. + type: string + metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + metadataStartupScript: + description: Immutable. An alternative to using the startup-script + metadata key, mostly to match the compute_instance resource. This + replaces the startup-script metadata key on the created instance + and thus the two mechanisms are not allowed to be used simultaneously. + type: string + minCpuPlatform: + description: Immutable. Specifies a minimum CPU platform. Applicable + values are the friendly names of CPU platforms, such as Intel Haswell + or Intel Skylake. + type: string + namePrefix: + description: Immutable. Creates a unique name beginning with the specified + prefix. Conflicts with name. + type: string + networkInterface: + description: Immutable. Networks to attach to instances created from + this template. This can be specified multiple times for multiple + networks. + items: + properties: + accessConfig: + items: + properties: + natIpRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of + a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkTier: + description: 'Immutable. The networking tier used for + configuring this instance template. This field can take + the following values: PREMIUM, STANDARD, FIXED_STANDARD. + If this field is not specified, it is assumed to be + PREMIUM.' + type: string + publicPtrDomainName: + description: The DNS domain name for the public PTR record.The + DNS domain name for the public PTR record. + type: string + type: object + type: array + aliasIpRange: + description: Immutable. An array of alias IP ranges for this + network interface. Can only be specified for network interfaces + on subnet-mode networks. + items: + properties: + ipCidrRange: + description: Immutable. The IP CIDR range represented + by this alias IP range. This IP CIDR range must belong + to the specified subnetwork and cannot contain IP addresses + reserved by system or used by other network interfaces. + At the time of writing only a netmask (e.g. /24) may + be supplied, with a CIDR format resulting in an API + error. + type: string + subnetworkRangeName: + description: Immutable. The subnetwork secondary range + name specifying the secondary range from which to allocate + the IP CIDR range for this alias IP range. If left unspecified, + the primary range of the subnetwork will be used. + type: string + required: + - ipCidrRange + type: object + type: array + internalIpv6PrefixLength: + description: The prefix length of the primary internal IPv6 + range. + type: integer + ipv6AccessConfig: + description: An array of IPv6 access configurations for this + interface. Currently, only one IPv6 access config, DIRECT_IPV6, + is supported. If there is no ipv6AccessConfig specified, then + this instance will have no external IPv6 Internet access. + items: + properties: + externalIpv6: + description: The first IPv6 address of the external IPv6 + range associated with this instance, prefix length is + stored in externalIpv6PrefixLength in ipv6AccessConfig. + The field is output only, an IPv6 address from a subnetwork + associated with the instance will be allocated dynamically. + type: string + externalIpv6PrefixLength: + description: The prefix length of the external IPv6 range. + type: string + name: + description: The name of this access configuration. + type: string + networkTier: + description: The service-level to be provided for IPv6 + traffic when the subnet has an external subnet. Only + PREMIUM tier is valid for IPv6. + type: string + publicPtrDomainName: + description: The domain name to be used when creating + DNSv6 records for the external IPv6 ranges. + type: string + required: + - networkTier + type: object + type: array + ipv6AccessType: + description: One of EXTERNAL, INTERNAL to indicate whether the + IP can be accessed from the Internet. This field is always + inherited from its subnetwork. + type: string + ipv6Address: + description: An IPv6 internal network address for this network + interface. If not specified, Google Cloud will automatically + assign an internal IPv6 address from the instance's subnetwork. + type: string + name: + description: The name of the network_interface. + type: string + networkAttachment: + description: 'Immutable. The URL of the network attachment that + this interface should connect to in the following format: + projects/{projectNumber}/regions/{region_name}/networkAttachments/{network_attachment_name}.' + type: string + networkIp: + description: Immutable. The private IP address to assign to + the instance. If empty, the address will be automatically + assigned. + type: string + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nicType: + description: Immutable. The type of vNIC to be used on this + interface. Possible values:GVNIC, VIRTIO_NET. + type: string + queueCount: + description: Immutable. The networking queue count that's specified + by users for the network interface. Both Rx and Tx queues + will be set to this number. It will be empty if not specified. + type: integer + stackType: + description: The stack type for this network interface to identify + whether the IPv6 feature is enabled or not. If not specified, + IPV4_ONLY will be used. + type: string + subnetworkProject: + description: Immutable. The ID of the project in which the subnetwork + belongs. If it is not provided, the provider project is used. + type: string + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + networkPerformanceConfig: + description: Immutable. Configures network performance settings for + the instance. If not specified, the instance will be created with + its default network performance configuration. + properties: + totalEgressBandwidthTier: + description: Immutable. The egress bandwidth tier to enable. Possible + values:TIER_1, DEFAULT. + type: string + required: + - totalEgressBandwidthTier + type: object + region: + description: Immutable. An instance template is a global resource + that is not bound to a zone or a region. However, you can still + specify some regional resources in an instance template, which restricts + the template to the region where that resource resides. For example, + a custom subnetwork resource is tied to a specific region. Defaults + to the region of the Provider if no value is given. + type: string + reservationAffinity: + description: Immutable. Specifies the reservations that this instance + can consume from. + properties: + specificReservation: + description: Immutable. Specifies the label selector for the reservation + to use. + properties: + key: + description: Immutable. Corresponds to the label key of a + reservation resource. To target a SPECIFIC_RESERVATION by + name, specify compute.googleapis.com/reservation-name as + the key and specify the name of your reservation as the + only value. + type: string + values: + description: Immutable. Corresponds to the label values of + a reservation resource. + items: + type: string + type: array + required: + - key + - values + type: object + type: + description: Immutable. The type of reservation from which this + instance can consume resources. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + scheduling: + description: Immutable. The scheduling strategy to use. + properties: + automaticRestart: + description: Immutable. Specifies whether the instance should + be automatically restarted if it is terminated by Compute Engine + (not terminated by a user). This defaults to true. + type: boolean + instanceTerminationAction: + description: Immutable. Specifies the action GCE should take when + SPOT VM is preempted. + type: string + localSsdRecoveryTimeout: + description: |- + Specifies the maximum amount of time a Local Ssd Vm should wait while + recovery of the Local Ssd state is attempted. Its value should be in + between 0 and 168 hours with hour granularity and the default value being 1 + hour. + items: + properties: + nanos: + description: |- + Immutable. Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Immutable. Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + type: array + maintenanceInterval: + description: 'Specifies the frequency of planned maintenance events. + The accepted values are: PERIODIC.' + type: string + maxRunDuration: + description: Immutable. The timeout for new network connections + to hosts. + properties: + nanos: + description: |- + Immutable. Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Immutable. Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + minNodeCpus: + description: Minimum number of cpus for the instance. + type: integer + nodeAffinities: + items: + properties: + value: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + onHostMaintenance: + description: Immutable. Defines the maintenance behavior for this + instance. + type: string + preemptible: + description: Immutable. Allows instance to be preempted. This + defaults to false. + type: boolean + provisioningModel: + description: Immutable. Whether the instance is spot. If this + is set as SPOT. + type: string + type: object + serviceAccount: + description: Immutable. Service account to attach to the instance. + properties: + scopes: + description: Immutable. A list of service scopes. Both OAuth2 + URLs and gcloud short names are supported. To allow full access + to all Cloud APIs, use the cloud-platform scope. + items: + type: string + type: array + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - scopes + type: object + shieldedInstanceConfig: + description: 'Immutable. Enable Shielded VM on this instance. Shielded + VM provides verifiable integrity to prevent against malware and + rootkits. Defaults to disabled. Note: shielded_instance_config can + only be used with boot images with shielded vm support.' + properties: + enableIntegrityMonitoring: + description: Immutable. Compare the most recent boot measurements + to the integrity policy baseline and return a pair of pass/fail + results depending on whether they match or not. Defaults to + true. + type: boolean + enableSecureBoot: + description: Immutable. Verify the digital signature of all boot + components, and halt the boot process if signature verification + fails. Defaults to false. + type: boolean + enableVtpm: + description: Immutable. Use a virtualized trusted platform module, + which is a specialized computer chip you can use to encrypt + objects like keys and certificates. Defaults to true. + type: boolean + type: object + tags: + description: Immutable. Tags to attach to the instance. + items: + type: string + type: array + required: + - disk + - machineType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + metadataFingerprint: + description: The unique fingerprint of the metadata. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + selfLinkUnique: + description: A special URI of the created resource that uniquely identifies + this instance template. + type: string + tagsFingerprint: + description: The unique fingerprint of the tags. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinterconnectattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInterconnectAttachment + plural: computeinterconnectattachments + shortNames: + - gcpcomputeinterconnectattachment + - gcpcomputeinterconnectattachments + singular: computeinterconnectattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + adminEnabled: + description: |- + Whether the VLAN attachment is enabled or disabled. When using + PARTNER type this will Pre-Activate the interconnect attachment. + type: boolean + bandwidth: + description: |- + Provisioned bandwidth capacity for the interconnect attachment. + For attachments of type DEDICATED, the user can set the bandwidth. + For attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth. + Output only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED, + Defaults to BPS_10G Possible values: ["BPS_50M", "BPS_100M", "BPS_200M", "BPS_300M", "BPS_400M", "BPS_500M", "BPS_1G", "BPS_2G", "BPS_5G", "BPS_10G", "BPS_20G", "BPS_50G"]. + type: string + candidateSubnets: + description: |- + Immutable. Up to 16 candidate prefixes that can be used to restrict the allocation + of cloudRouterIpAddress and customerRouterIpAddress for this attachment. + All prefixes must be within link-local address space (169.254.0.0/16) + and must be /29 or shorter (/28, /27, etc). Google will attempt to select + an unused /29 from the supplied candidate prefix(es). The request will + fail if all possible /29s are in use on Google's edge. If not supplied, + Google will randomly select an unused /29 from all of link-local space. + items: + type: string + type: array + description: + description: An optional description of this resource. + type: string + edgeAvailabilityDomain: + description: |- + Immutable. Desired availability domain for the attachment. Only available for type + PARTNER, at creation time. For improved reliability, customers should + configure a pair of attachments with one per availability domain. The + selected availability domain will be provided to the Partner via the + pairing key so that the provisioned circuit will lie in the specified + domain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY. + type: string + encryption: + description: |- + Immutable. Indicates the user-supplied encryption option of this interconnect + attachment. Can only be specified at attachment creation for PARTNER or + DEDICATED attachments. + + * NONE - This is the default value, which means that the VLAN attachment + carries unencrypted traffic. VMs are able to send traffic to, or receive + traffic from, such a VLAN attachment. + + * IPSEC - The VLAN attachment carries only encrypted traffic that is + encrypted by an IPsec device, such as an HA VPN gateway or third-party + IPsec VPN. VMs cannot directly send traffic to, or receive traffic from, + such a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN + attachment must be created with this option. Default value: "NONE" Possible values: ["NONE", "IPSEC"]. + type: string + interconnect: + description: |- + Immutable. URL of the underlying Interconnect object that this attachment's + traffic will traverse through. Required if type is DEDICATED, must not + be set if type is PARTNER. + type: string + ipsecInternalAddresses: + items: + description: |- + Immutable. The addresses that have been reserved for the + interconnect attachment. Used only for interconnect attachment that + has the encryption option as IPSEC. + + The addresses must be RFC 1918 IP address ranges. When creating HA + VPN gateway over the interconnect attachment, if the attachment is + configured to use an RFC 1918 IP address, then the VPN gateway's IP + address will be allocated from the IP address range specified + here. + + For example, if the HA VPN gateway's interface 0 is paired to this + interconnect attachment, then an RFC 1918 IP address for the VPN + gateway interface 0 will be allocated from the IP address specified + for this interconnect attachment. + + If this field is not specified for interconnect attachment that has + encryption option as IPSEC, later on when creating HA VPN gateway on + this interconnect attachment, the HA VPN gateway's IP address will + be allocated from regional external IP address pool. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + mtu: + description: |- + Maximum Transmission Unit (MTU), in bytes, of packets passing through + this interconnect attachment. Currently, only 1440 and 1500 are allowed. If not specified, the value will default to 1440. + type: string + region: + description: Region where the regional interconnect attachment resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + description: |- + The Cloud Router to be used for dynamic routing. This router must + be in the same region as this ComputeInterconnectAttachment. The + ComputeInterconnectAttachment will automatically connect the + interconnect to the network & region within which the Cloud Router + is configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: |- + Immutable. The type of InterconnectAttachment you wish to create. Defaults to + DEDICATED. Possible values: ["DEDICATED", "PARTNER", "PARTNER_PROVIDER"]. + type: string + vlanTag8021q: + description: |- + Immutable. The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When + using PARTNER type this will be managed upstream. + type: integer + required: + - region + - routerRef + type: object + status: + properties: + cloudRouterIpAddress: + description: |- + IPv4 address + prefix length to be configured on Cloud Router + Interface for this interconnect attachment. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + customerRouterIpAddress: + description: |- + IPv4 address + prefix length to be configured on the customer + router subinterface for this interconnect attachment. + type: string + googleReferenceId: + description: |- + Google reference ID, to be used when raising support tickets with + Google or otherwise to debug backend connectivity issues. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pairingKey: + description: |- + [Output only for type PARTNER. Not present for DEDICATED]. The opaque + identifier of an PARTNER attachment used to initiate provisioning with + a selected partner. Of the form "XXXXX/region/domain". + type: string + partnerAsn: + description: |- + [Output only for type PARTNER. Not present for DEDICATED]. Optional + BGP ASN for the router that should be supplied by a layer 3 Partner if + they configured BGP on behalf of the customer. + type: string + privateInterconnectInfo: + description: |- + Information specific to an InterconnectAttachment. This property + is populated if the interconnect that this is attached to is of type DEDICATED. + properties: + tag8021q: + description: |- + 802.1q encapsulation tag to be used for traffic between + Google and the customer, going to and from this network and region. + type: integer + type: object + selfLink: + type: string + state: + description: '[Output Only] The current state of this attachment''s + functionality.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computemachineimages.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeMachineImage + plural: computemachineimages + shortNames: + - gcpcomputemachineimage + - gcpcomputemachineimages + singular: computemachineimage + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. A text description of the resource. + type: string + guestFlush: + description: |- + Immutable. Specify this to create an application consistent machine image by informing the OS to prepare for the snapshot process. + Currently only supported on Windows instances using the Volume Shadow Copy Service (VSS). + type: boolean + machineImageEncryptionKey: + description: |- + Immutable. Encrypts the machine image using a customer-supplied encryption key. + + After you encrypt a machine image with a customer-supplied key, you must + provide the same key if you use the machine image later (e.g. to create a + instance from the image). + properties: + kmsKeyName: + description: Immutable. The name of the encryption key that is + stored in Google Cloud KMS. + type: string + kmsKeyServiceAccount: + description: |- + Immutable. The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + type: string + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + type: string + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the + customer-supplied encryption key that protects this resource. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceInstanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + - sourceInstanceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + storageLocations: + description: The regional or multi-regional Cloud Storage bucket location + where the machine image is stored. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computemanagedsslcertificates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeManagedSSLCertificate + plural: computemanagedsslcertificates + shortNames: + - gcpcomputemanagedsslcertificate + - gcpcomputemanagedsslcertificates + singular: computemanagedsslcertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + managed: + description: |- + Immutable. Properties relevant to a managed certificate. These will be used if the + certificate is managed (as indicated by a value of 'MANAGED' in 'type'). + properties: + domains: + description: |- + Immutable. Domains for which a managed SSL certificate will be valid. Currently, + there can be up to 100 domains in this list. + items: + type: string + type: array + required: + - domains + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. Enum field whose value is always 'MANAGED' - used to signal to the API + which type this is. Default value: "MANAGED" Possible values: ["MANAGED"]. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + certificateID: + description: The unique identifier for the resource. + type: integer + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + expireTime: + description: Expire time of the certificate in RFC3339 text format. + type: string + selfLink: + type: string + subjectAlternativeNames: + description: Domains associated with the certificate via Subject + Alternative Name. + items: + type: string + type: array + type: object + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + managed: + description: |- + Immutable. Properties relevant to a managed certificate. These will be used if the + certificate is managed (as indicated by a value of 'MANAGED' in 'type'). + properties: + domains: + description: |- + Immutable. Domains for which a managed SSL certificate will be valid. Currently, + there can be up to 100 domains in this list. + items: + type: string + type: array + required: + - domains + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. Enum field whose value is always 'MANAGED' - used to signal to the API + which type this is. Default value: "MANAGED" Possible values: ["MANAGED"]. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + certificateID: + description: The unique identifier for the resource. + type: integer + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + expireTime: + description: Expire time of the certificate in RFC3339 text format. + type: string + selfLink: + type: string + subjectAlternativeNames: + description: Domains associated with the certificate via Subject + Alternative Name. + items: + type: string + type: array + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkendpointgroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkEndpointGroup + plural: computenetworkendpointgroups + shortNames: + - gcpcomputenetworkendpointgroup + - gcpcomputenetworkendpointgroups + singular: computenetworkendpointgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultPort: + description: |- + Immutable. The default port used if the port number is not specified in the + network endpoint. + type: integer + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeNetworkEndpointGroup. Specify a zone name. Reference: GCP + definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + networkEndpointType: + description: |- + Immutable. Type of network endpoints in this network endpoint group. + NON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network + endpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid). + Note that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services + that 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED, + INTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or + CONNECTION balancing modes. + + Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, and NON_GCP_PRIVATE_IP_PORT. Default value: "GCE_VM_IP_PORT" Possible values: ["GCE_VM_IP", "GCE_VM_IP_PORT", "NON_GCP_PRIVATE_IP_PORT"]. + type: string + networkRef: + description: |- + The network to which all network endpoints in the NEG belong. Uses + "default" project network if unspecified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnetworkRef: + description: Optional subnetwork to which all network endpoints in + the NEG belong. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - networkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + size: + description: Number of network endpoints in the network endpoint group. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkendpoints.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkEndpoint + plural: computenetworkendpoints + shortNames: + - gcpcomputenetworkendpoint + - gcpcomputenetworkendpoints + singular: computenetworkendpoint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + instanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipAddress: + description: |- + Immutable. IPv4 address of network endpoint. The IP address must belong + to a VM in GCE (either the primary IP or as part of an aliased IP + range). + type: string + networkEndpointGroupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNetworkEndpointGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The port of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. Zone where the containing network endpoint + group is located. + type: string + required: + - ipAddress + - networkEndpointGroupRef + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkfirewallpolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkFirewallPolicy + plural: computenetworkfirewallpolicies + shortNames: + - gcpcomputenetworkfirewallpolicy + - gcpcomputenetworkfirewallpolicies + singular: computenetworkfirewallpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional description of this resource. Provide this + property when you create the resource. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + fingerprint: + description: Fingerprint of the resource. This field is used internally + during updates of this resource. + type: string + networkFirewallPolicyId: + description: The unique identifier for the resource. This identifier + is defined by the server. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + ruleTupleCount: + description: Total count of all firewall policy rule tuples. A firewall + policy can not exceed a set number of tuples. + type: integer + selfLink: + description: Server-defined URL for the resource. + type: string + selfLinkWithId: + description: Server-defined URL for this resource with the resource + id. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkfirewallpolicyassociations.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkFirewallPolicyAssociation + plural: computenetworkfirewallpolicyassociations + shortNames: + - gcpcomputenetworkfirewallpolicyassociation + - gcpcomputenetworkfirewallpolicyassociations + singular: computenetworkfirewallpolicyassociation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attachmentTargetRef: + description: The target that the firewall policy is attached to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + firewallPolicyRef: + description: The firewall policy ID of the association. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `networkFirewallPolicyId` field + of a `ComputeNetworkFirewallPolicy` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - attachmentTargetRef + - firewallPolicyRef + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + shortName: + description: The short name of the firewall policy of the association. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkfirewallpolicyrules.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkFirewallPolicyRule + plural: computenetworkfirewallpolicyrules + shortNames: + - gcpcomputenetworkfirewallpolicyrule + - gcpcomputenetworkfirewallpolicyrules + singular: computenetworkfirewallpolicyrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: The Action to perform when the client connection triggers + the rule. Valid actions are "allow", "deny" and "goto_next". + type: string + description: + description: An optional description for this resource. + type: string + direction: + description: 'The direction in which this rule applies. Possible values: + INGRESS, EGRESS.' + type: string + disabled: + description: Denotes whether the firewall policy rule is disabled. + When set to true, the firewall policy rule is not enforced and traffic + behaves as if it did not exist. If this is unspecified, the firewall + policy rule will be enabled. + type: boolean + enableLogging: + description: 'Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the configured export + destination in Stackdriver. Logs may be exported to BigQuery or + Pub/Sub. Note: you cannot enable logging on "goto_next" rules.' + type: boolean + firewallPolicyRef: + description: The firewall policy of the resource. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `networkFirewallPolicyId` field + of a `ComputeNetworkFirewallPolicy` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding 'action' is + enforced. + properties: + destAddressGroups: + description: Address groups which should be matched against the + traffic destination. Maximum number of destination address groups + is 10. Destination address groups is only supported in Egress + rules. + items: + type: string + type: array + destFqdns: + description: Domain names that will be used to match against the + resolved domain name of destination of traffic. Can only be + specified if DIRECTION is egress. + items: + type: string + type: array + destIpRanges: + description: CIDR IP address range. Maximum number of destination + CIDR IP ranges allowed is 5000. + items: + type: string + type: array + destRegionCodes: + description: The Unicode country codes whose IP addresses will + be used to match against the source of traffic. Can only be + specified if DIRECTION is egress. + items: + type: string + type: array + destThreatIntelligences: + description: Name of the Google Cloud Threat Intelligence list. + items: + type: string + type: array + layer4Configs: + description: Pairs of IP protocols and ports that the rule should + match. + items: + properties: + ipProtocol: + description: The IP protocol to which this rule applies. + The protocol type is required when creating a firewall + rule. This value can either be one of the following well + known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, + `ipip`, `sctp`), or the IP protocol number. + type: string + ports: + description: 'An optional list of ports to which this rule + applies. This field is only applicable for UDP or TCP + protocol. Each entry must be either an integer or a range. + If not specified, this rule applies to connections through + any port. Example inputs include: ``.' + items: + type: string + type: array + required: + - ipProtocol + type: object + type: array + srcAddressGroups: + description: Address groups which should be matched against the + traffic source. Maximum number of source address groups is 10. + Source address groups is only supported in Ingress rules. + items: + type: string + type: array + srcFqdns: + description: Domain names that will be used to match against the + resolved domain name of source of traffic. Can only be specified + if DIRECTION is ingress. + items: + type: string + type: array + srcIpRanges: + description: CIDR IP address range. Maximum number of source CIDR + IP ranges allowed is 5000. + items: + type: string + type: array + srcRegionCodes: + description: The Unicode country codes whose IP addresses will + be used to match against the source of traffic. Can only be + specified if DIRECTION is ingress. + items: + type: string + type: array + srcSecureTags: + description: List of secure tag values, which should be matched + at the source of the traffic. For INGRESS rule, if all the srcSecureTag + are INEFFECTIVE, and there is no srcIpRange, this + rule will be ignored. Maximum number of source tag values allowed + is 256. + items: + properties: + name: + description: Name of the secure tag, created with TagManager's + TagValue API. @pattern tagValues/[0-9]+. + type: string + state: + description: '[Output Only] State of the secure tag, either + `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` + when it is deleted or its network is deleted.' + type: string + required: + - name + type: object + type: array + srcThreatIntelligences: + description: Name of the Google Cloud Threat Intelligence list. + items: + type: string + type: array + required: + - layer4Configs + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The priority of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + ruleName: + description: An optional name for the rule. This field is not a unique + identifier and can be updated. + type: string + targetSecureTags: + description: A list of secure tags that controls which instances the + firewall rule applies to. If targetSecureTag are specified, + then the firewall rule applies only to instances in the VPC network + that have one of those EFFECTIVE secure tags, if all the target_secure_tag + are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag + may not be set at the same time as targetServiceAccounts. + If neither targetServiceAccounts nor targetSecureTag + are specified, the firewall rule applies to all instances on the + specified network. Maximum number of target label tags allowed is + 256. + items: + properties: + name: + description: Name of the secure tag, created with TagManager's + TagValue API. @pattern tagValues/[0-9]+. + type: string + state: + description: '[Output Only] State of the secure tag, either + `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` + when it is deleted or its network is deleted.' + type: string + required: + - name + type: object + type: array + targetServiceAccountRefs: + items: + description: A list of service accounts indicating the sets of instances + that are applied with this rule + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - action + - direction + - firewallPolicyRef + - match + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + kind: + description: Type of the resource. Always `compute#firewallPolicyRule` + for firewall policy rules. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + ruleTupleCount: + description: Calculation of the complexity of a single firewall policy + rule. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkpeeringroutesconfigs.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkPeeringRoutesConfig + plural: computenetworkpeeringroutesconfigs + shortNames: + - gcpcomputenetworkpeeringroutesconfig + - gcpcomputenetworkpeeringroutesconfigs + singular: computenetworkpeeringroutesconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + exportCustomRoutes: + description: Whether to export the custom routes to the peer network. + type: boolean + importCustomRoutes: + description: Whether to import the custom routes to the peer network. + type: boolean + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The peering of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - exportCustomRoutes + - importCustomRoutes + - networkRef + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkpeerings.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkPeering + plural: computenetworkpeerings + shortNames: + - gcpcomputenetworkpeering + - gcpcomputenetworkpeerings + singular: computenetworkpeering + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + exportCustomRoutes: + description: Whether to export the custom routes to the peer network. + Defaults to false. + type: boolean + exportSubnetRoutesWithPublicIp: + description: Immutable. + type: boolean + importCustomRoutes: + description: Whether to export the custom routes from the peer network. + Defaults to false. + type: boolean + importSubnetRoutesWithPublicIp: + description: Immutable. + type: boolean + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + peerNetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + stackType: + description: 'Which IP version(s) of traffic and routes are allowed + to be imported or exported between peer networks. The default value + is IPV4_ONLY. Possible values: ["IPV4_ONLY", "IPV4_IPV6"].' + type: string + required: + - networkRef + - peerNetworkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: State for the peering, either ACTIVE or INACTIVE. The + peering is ACTIVE when there's a matching configuration in the peer + network. + type: string + stateDetails: + description: Details about the current state of the peering. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetwork + plural: computenetworks + shortNames: + - gcpcomputenetwork + - gcpcomputenetworks + singular: computenetwork + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoCreateSubnetworks: + description: |- + Immutable. When set to 'true', the network is created in "auto subnet mode" and + it will create a subnet for each region automatically across the + '10.128.0.0/9' address range. + + When set to 'false', the network is created in "custom subnet mode" so + the user can explicitly connect subnetwork resources. + type: boolean + deleteDefaultRoutesOnCreate: + description: |- + If set to 'true', default routes ('0.0.0.0/0') will be deleted + immediately after network creation. Defaults to 'false'. + type: boolean + description: + description: |- + Immutable. An optional description of this resource. The resource must be + recreated to modify this field. + type: string + enableUlaInternalIpv6: + description: |- + Enable ULA internal ipv6 on this network. Enabling this feature will assign + a /48 from google defined ULA prefix fd20::/20. + type: boolean + internalIpv6Range: + description: |- + Immutable. When enabling ula internal ipv6, caller optionally can specify the /48 range + they want from the google defined ULA prefix fd20::/20. The input must be a + valid /48 ULA IPv6 address and must be within the fd20::/20. Operation will + fail if the speficied /48 is already in used by another resource. + If the field is not speficied, then a /48 range will be randomly allocated from fd20::/20 and returned via this field. + type: string + mtu: + description: |- + Immutable. Maximum Transmission Unit in bytes. The default value is 1460 bytes. + The minimum value for this field is 1300 and the maximum value is 8896 bytes (jumbo frames). + Note that packets larger than 1500 bytes (standard Ethernet) can be subject to TCP-MSS clamping or dropped + with an ICMP 'Fragmentation-Needed' message if the packets are routed to the Internet or other VPCs + with varying MTUs. + type: integer + networkFirewallPolicyEnforcementOrder: + description: 'Set the order that Firewall Rules and Firewall Policies + are evaluated. Default value: "AFTER_CLASSIC_FIREWALL" Possible + values: ["BEFORE_CLASSIC_FIREWALL", "AFTER_CLASSIC_FIREWALL"].' + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routingMode: + description: |- + The network-wide routing mode to use. If set to 'REGIONAL', this + network's cloud routers will only advertise routes with subnetworks + of this network in the same region as the router. If set to 'GLOBAL', + this network's cloud routers will advertise routes with all + subnetworks of this network, across regions. Possible values: ["REGIONAL", "GLOBAL"]. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + gatewayIpv4: + description: |- + The gateway address for default routing out of the network. This value + is selected by GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenodegroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNodeGroup + plural: computenodegroups + shortNames: + - gcpcomputenodegroup + - gcpcomputenodegroups + singular: computenodegroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscalingPolicy: + description: |- + Immutable. If you use sole-tenant nodes for your workloads, you can use the node + group autoscaler to automatically manage the sizes of your node groups. + properties: + maxNodes: + description: |- + Immutable. Maximum size of the node group. Set to a value less than or equal + to 100 and greater than or equal to min-nodes. + type: integer + minNodes: + description: |- + Immutable. Minimum size of the node group. Must be less + than or equal to max-nodes. The default value is 0. + type: integer + mode: + description: |- + Immutable. The autoscaling mode. Set to one of the following: + - OFF: Disables the autoscaler. + - ON: Enables scaling in and scaling out. + - ONLY_SCALE_OUT: Enables only scaling out. + You must use this mode if your node groups are configured to + restart their hosted VMs on minimal servers. Possible values: ["OFF", "ON", "ONLY_SCALE_OUT"]. + type: string + type: object + description: + description: Immutable. An optional textual description of the resource. + type: string + initialSize: + description: Immutable. The initial number of nodes in the node group. + One of 'initial_size' or 'size' must be specified. + type: integer + maintenancePolicy: + description: 'Immutable. Specifies how to handle instances when a + node in the group undergoes maintenance. Set to one of: DEFAULT, + RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value + is DEFAULT.' + type: string + maintenanceWindow: + description: Immutable. contains properties for the timeframe of maintenance. + properties: + startTime: + description: Immutable. instances.start time of the window. This + must be in UTC format that resolves to one of 00:00, 04:00, + 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and + 08:00 are valid. + type: string + required: + - startTime + type: object + nodeTemplateRef: + description: The node template to which this node group belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNodeTemplate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + shareSettings: + description: Immutable. Share settings for the node group. + properties: + projectMap: + description: Immutable. A map of project id and project config. + This is only valid when shareType's value is SPECIFIC_PROJECTS. + items: + properties: + idRef: + description: The key of this project config in the parent + map. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectIdRef: + description: |- + The project id/number should be the same as the key of this project + config in the project map. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - idRef + - projectIdRef + type: object + type: array + shareType: + description: 'Immutable. Node group sharing type. Possible values: + ["ORGANIZATION", "SPECIFIC_PROJECTS", "LOCAL"].' + type: string + required: + - shareType + type: object + size: + description: Immutable. The total number of nodes in the node group. + One of 'initial_size' or 'size' must be specified. + type: integer + zone: + description: Immutable. Zone where this node group is located. + type: string + required: + - nodeTemplateRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenodetemplates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNodeTemplate + plural: computenodetemplates + shortNames: + - gcpcomputenodetemplate + - gcpcomputenodetemplates + singular: computenodetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cpuOvercommitType: + description: 'Immutable. CPU overcommit. Default value: "NONE" Possible + values: ["ENABLED", "NONE"].' + type: string + description: + description: Immutable. An optional textual description of the resource. + type: string + nodeType: + description: |- + Immutable. Node type to use for nodes group that are created from this template. + Only one of nodeTypeFlexibility and nodeType can be specified. + type: string + nodeTypeFlexibility: + description: |- + Immutable. Flexible properties for the desired node type. Node groups that + use this node template will create nodes of a type that matches + these properties. Only one of nodeTypeFlexibility and nodeType can + be specified. + properties: + cpus: + description: Immutable. Number of virtual CPUs to use. + type: string + localSsd: + description: Use local SSD. + type: string + memory: + description: Immutable. Physical memory available to the node, + defined in MB. + type: string + type: object + region: + description: |- + Immutable. Region where nodes using the node template will be created. + If it is not provided, the provider region is used. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serverBinding: + description: |- + Immutable. The server binding policy for nodes using this template. Determines + where the nodes should restart following a maintenance event. + properties: + type: + description: |- + Immutable. Type of server binding policy. If 'RESTART_NODE_ON_ANY_SERVER', + nodes using this template will restart on any physical server + following a maintenance event. + + If 'RESTART_NODE_ON_MINIMAL_SERVER', nodes using this template + will restart on the same physical server following a maintenance + event, instead of being live migrated to or restarted on a new + physical server. This option may be useful if you are using + software licenses tied to the underlying server characteristics + such as physical sockets or cores, to avoid the need for + additional licenses when maintenance occurs. However, VMs on such + nodes will experience outages while maintenance is applied. Possible values: ["RESTART_NODE_ON_ANY_SERVER", "RESTART_NODE_ON_MINIMAL_SERVERS"]. + type: string + required: + - type + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeorganizationsecuritypolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeOrganizationSecurityPolicy + plural: computeorganizationsecuritypolicies + shortNames: + - gcpcomputeorganizationsecuritypolicy + - gcpcomputeorganizationsecuritypolicies + singular: computeorganizationsecuritypolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A textual description for the organization security policy. + type: string + displayName: + description: Immutable. A textual name of the security policy. + type: string + parent: + description: |- + Immutable. The parent of this OrganizationSecurityPolicy in the Cloud Resource Hierarchy. + Format: organizations/{organization_id} or folders/{folder_id}. + type: string + resourceID: + description: Immutable. Optional. The policyId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The type indicates the intended use of the security policy. + For organization security policies, the only supported type + is "FIREWALL". Default value: "FIREWALL" Possible values: ["FIREWALL"]. + type: string + required: + - displayName + - parent + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + fingerprint: + description: |- + Fingerprint of this resource. This field is used internally during + updates of this resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + policyId: + description: The unique identifier for the resource. This identifier + is defined by the server. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeorganizationsecuritypolicyassociations.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeOrganizationSecurityPolicyAssociation + plural: computeorganizationsecuritypolicyassociations + shortNames: + - gcpcomputeorganizationsecuritypolicyassociation + - gcpcomputeorganizationsecuritypolicyassociations + singular: computeorganizationsecuritypolicyassociation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attachmentId: + description: Immutable. The resource that the security policy is attached + to. + type: string + policyId: + description: Immutable. The security policy ID of the association. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - attachmentId + - policyId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + displayName: + description: The display name of the security policy of the association. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeorganizationsecuritypolicyrules.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeOrganizationSecurityPolicyRule + plural: computeorganizationsecuritypolicyrules + shortNames: + - gcpcomputeorganizationsecuritypolicyrule + - gcpcomputeorganizationsecuritypolicyrules + singular: computeorganizationsecuritypolicyrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: |- + The Action to perform when the client connection triggers the rule. Can currently be either + "allow", "deny" or "goto_next". + type: string + description: + description: A description of the rule. + type: string + direction: + description: 'The direction in which this rule applies. If unspecified + an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"].' + type: string + enableLogging: + description: |- + Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the + configured export destination in Stackdriver. + type: boolean + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding 'action' is + enforced. + properties: + config: + description: The configuration options for matching the rule. + properties: + destIpRanges: + description: |- + Destination IP address range in CIDR format. Required for + EGRESS rules. + items: + type: string + type: array + layer4Config: + description: Pairs of IP protocols and ports that the rule + should match. + items: + properties: + ipProtocol: + description: |- + The IP protocol to which this rule applies. The protocol + type is required when creating a firewall rule. + This value can either be one of the following well + known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), + or the IP protocol number. + type: string + ports: + description: |- + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + items: + type: string + type: array + required: + - ipProtocol + type: object + type: array + srcIpRanges: + description: |- + Source IP address range in CIDR format. Required for + INGRESS rules. + items: + type: string + type: array + required: + - layer4Config + type: object + description: + description: A description of the rule. + type: string + versionedExpr: + description: |- + Preconfigured versioned expression. For organization security policy rules, + the only supported type is "FIREWALL". Default value: "FIREWALL" Possible values: ["FIREWALL"]. + type: string + required: + - config + type: object + policyId: + description: Immutable. The ID of the OrganizationSecurityPolicy this + rule applies to. + type: string + preview: + description: If set to true, the specified action is not enforced. + type: boolean + resourceID: + description: Immutable. Optional. The priority of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + targetResources: + description: |- + A list of network resource URLs to which this rule applies. + This field allows you to control which network's VMs get + this rule. If this field is left blank, all VMs + within the organization will receive the rule. + items: + type: string + type: array + targetServiceAccounts: + description: |- + A list of service accounts indicating the sets of + instances that are applied with this rule. + items: + type: string + type: array + required: + - action + - match + - policyId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computepacketmirrorings.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputePacketMirroring + plural: computepacketmirrorings + shortNames: + - gcpcomputepacketmirroring + - gcpcomputepacketmirrorings + singular: computepacketmirroring + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + collectorIlb: + description: The Forwarding Rule resource of type `loadBalancingScheme=INTERNAL` + that will be used as collector for mirrored traffic. The specified + forwarding rule must have `isMirroringCollector` set to true. + properties: + urlRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the forwarding rule representing the ILB configured as destination of the mirrored traffic. + + Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - urlRef + type: object + description: + description: An optional description of this resource. Provide this + property when you create the resource. + type: string + enable: + description: Indicates whether or not this packet mirroring takes + effect. If set to FALSE, this packet mirroring policy will not be + enforced on the network. The default is TRUE. + type: string + filter: + description: Filter for mirrored traffic. If unspecified, all traffic + is mirrored. + properties: + cidrRanges: + description: IP CIDR ranges that apply as filter on the source + (ingress) or destination (egress) IP in the IP header. Only + IPv4 is supported. If no ranges are specified, all traffic that + matches the specified IPProtocols is mirrored. If neither cidrRanges + nor IPProtocols is specified, all traffic is mirrored. + items: + type: string + type: array + direction: + description: Direction of traffic to mirror, either INGRESS, EGRESS, + or BOTH. The default is BOTH. + type: string + ipProtocols: + description: Protocols that apply as filter on mirrored traffic. + If no protocols are specified, all traffic that matches the + specified CIDR ranges is mirrored. If neither cidrRanges nor + IPProtocols is specified, all traffic is mirrored. + items: + type: string + type: array + type: object + location: + description: Immutable. The location for the resource + type: string + mirroredResources: + description: PacketMirroring mirroredResourceInfos. MirroredResourceInfo + specifies a set of mirrored VM instances, subnetworks and/or tags + for which traffic from/to all VM instances will be mirrored. + properties: + instances: + description: A set of virtual machine instances that are being + mirrored. They must live in zones contained in the same region + as this packetMirroring. Note that this config will apply only + to those network interfaces of the Instances that belong to + the network specified in this packetMirroring. You may specify + a maximum of 50 Instances. + items: + properties: + canonicalUrl: + description: Immutable. Output only. Unique identifier for + the instance; defined by the server. + type: string + urlRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the virtual machine instance which is being mirrored. + + Allowed value: The `selfLink` field of a `ComputeInstance` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + subnetworks: + description: Immutable. A set of subnetworks for which traffic + from/to all VM instances will be mirrored. They must live in + the same region as this packetMirroring. You may specify a maximum + of 5 subnetworks. + items: + properties: + canonicalUrl: + description: Immutable. Output only. Unique identifier for + the subnetwork; defined by the server. + type: string + urlRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the subnetwork for which traffic from/to all VM instances will be mirrored. + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + tags: + description: A set of mirrored tags. Traffic from/to all VM instances + that have one or more of these tags will be mirrored. + items: + type: string + type: array + type: object + network: + description: Immutable. Specifies the mirrored VPC network. Only packets + in this network will be mirrored. All mirrored VMs should have a + NIC in the given network. All mirrored subnetworks should belong + to the given network. + properties: + urlRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + URL of the network resource. + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - urlRef + type: object + priority: + description: The priority of applying this configuration. Priority + is used to break ties in cases where there is more than one matching + rule. In the case of two rules that apply for a given Instance, + the one with the lowest-numbered priority value wins. Default value + is 1000. Valid range is 0 through 65535. + format: int64 + type: integer + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - collectorIlb + - location + - mirroredResources + - network + - projectRef + type: object + status: + properties: + collectorIlb: + properties: + canonicalUrl: + description: Output only. Unique identifier for the forwarding + rule; defined by the server. + type: string + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + id: + description: Output only. The unique identifier for the resource. + This identifier is defined by the server. + format: int64 + type: integer + network: + properties: + canonicalUrl: + description: Output only. Unique identifier for the network; defined + by the server. + type: string + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: URI of the region where the packetMirroring resides. + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeperinstanceconfigs.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputePerInstanceConfig + plural: computeperinstanceconfigs + shortNames: + - gcpcomputeperinstanceconfig + - gcpcomputeperinstanceconfigs + singular: computeperinstanceconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + instanceGroupManagerRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInstanceGroupManager` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + minimalAction: + description: |- + The minimal action to perform on the instance during an update. + Default is 'NONE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + mostDisruptiveAllowedAction: + description: |- + The most disruptive action to perform on the instance during an update. + Default is 'REPLACE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + preservedState: + description: The preserved state for this instance. + properties: + disk: + description: Stateful disks for the instance. + items: + properties: + deleteRule: + description: |- + A value that prescribes what should happen to the stateful disk when the VM instance is deleted. + The available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'. + 'NEVER' - detach the disk when the VM is deleted, but do not delete the disk. + 'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently + deleted from the instance group. Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"]. + type: string + deviceName: + description: A unique device name that is reflected into + the /dev/ tree of a Linux operating system running within + the instance. + type: string + mode: + description: 'The mode of the disk. Default value: "READ_WRITE" + Possible values: ["READ_ONLY", "READ_WRITE"].' + type: string + source: + description: |- + The URI of an existing persistent disk to attach under the specified device-name in the format + 'projects/project-id/zones/zone/disks/disk-name'. + type: string + required: + - deviceName + - source + type: object + type: array + externalIp: + description: Preserved external IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + internalIp: + description: Preserved internal IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + metadata: + additionalProperties: + type: string + description: Preserved metadata defined for this instance. This + is a list of key->value pairs. + type: object + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + removeInstanceStateOnDestroy: + description: |- + When true, deleting this config will immediately remove any specified state from the underlying instance. + When false, deleting this config will *not* immediately remove any state from the underlying instance. + State will be removed on the next instance recreation or update. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. Zone where the containing instance group manager + is located. + type: string + required: + - instanceGroupManagerRef + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeprojectmetadatas.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeProjectMetadata + plural: computeprojectmetadatas + shortNames: + - gcpcomputeprojectmetadata + - gcpcomputeprojectmetadatas + singular: computeprojectmetadata + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + metadata: + additionalProperties: + type: string + description: A series of key value pairs. + type: object + required: + - metadata + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregionautoscalers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionAutoscaler + plural: computeregionautoscalers + shortNames: + - gcpcomputeregionautoscaler + - gcpcomputeregionautoscalers + singular: computeregionautoscaler + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscalingPolicy: + description: |- + The configuration parameters for the autoscaling algorithm. You can + define one or more of the policies for an autoscaler: cpuUtilization, + customMetricUtilizations, and loadBalancingUtilization. + + If none of these are specified, the default will be to autoscale based + on cpuUtilization to 0.6 or 60%. + properties: + cooldownPeriod: + description: |- + The number of seconds that the autoscaler should wait before it + starts collecting information from a new instance. This prevents + the autoscaler from collecting information when the instance is + initializing, during which the collected usage would not be + reliable. The default time autoscaler waits is 60 seconds. + + Virtual machine initialization times might vary because of + numerous factors. We recommend that you test how long an + instance may take to initialize. To do this, create an instance + and time the startup process. + type: integer + cpuUtilization: + description: |- + Defines the CPU utilization policy that allows the autoscaler to + scale based on the average CPU utilization of a managed instance + group. + properties: + predictiveMethod: + description: |- + Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are: + + - NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics. + + - OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand. + type: string + target: + description: |- + The target CPU utilization that the autoscaler should maintain. + Must be a float value in the range (0, 1]. If not specified, the + default is 0.6. + + If the CPU level is below the target utilization, the autoscaler + scales down the number of instances until it reaches the minimum + number of instances you specified or until the average CPU of + your instances reaches the target utilization. + + If the average CPU is above the target utilization, the autoscaler + scales up until it reaches the maximum number of instances you + specified or until the average utilization reaches the target + utilization. + type: number + required: + - target + type: object + loadBalancingUtilization: + description: Configuration parameters of autoscaling based on + a load balancer. + properties: + target: + description: |- + Fraction of backend capacity utilization (set in HTTP(s) load + balancing configuration) that autoscaler should maintain. Must + be a positive float value. If not defined, the default is 0.8. + type: number + required: + - target + type: object + maxReplicas: + description: |- + The maximum number of instances that the autoscaler can scale up + to. This is required when creating or updating an autoscaler. The + maximum number of replicas should not be lower than minimal number + of replicas. + type: integer + metric: + description: Configuration parameters of autoscaling based on + a custom metric. + items: + properties: + filter: + description: |- + A filter string to be used as the filter string for + a Stackdriver Monitoring TimeSeries.list API call. + This filter is used to select a specific TimeSeries for + the purpose of autoscaling and to determine whether the metric + is exporting per-instance or per-group data. + + You can only use the AND operator for joining selectors. + You can only use direct equality comparison operator (=) without + any functions for each selector. + You can specify the metric in both the filter string and in the + metric field. However, if specified in both places, the metric must + be identical. + + The monitored resource type determines what kind of values are + expected for the metric. If it is a gce_instance, the autoscaler + expects the metric to include a separate TimeSeries for each + instance in a group. In such a case, you cannot filter on resource + labels. + + If the resource type is any other value, the autoscaler expects + this metric to contain values that apply to the entire autoscaled + instance group and resource label filtering can be performed to + point autoscaler at the correct TimeSeries to scale upon. + This is called a per-group metric for the purpose of autoscaling. + + If not specified, the type defaults to gce_instance. + + You should provide a filter that is selective enough to pick just + one TimeSeries for the autoscaled group or for each of the instances + (if you are using gce_instance resource type). If multiple + TimeSeries are returned upon the query execution, the autoscaler + will sum their respective values to obtain its scaling value. + type: string + name: + description: |- + The identifier (type) of the Stackdriver Monitoring metric. + The metric cannot have negative values. + + The metric must have a value type of INT64 or DOUBLE. + type: string + singleInstanceAssignment: + description: |- + If scaling is based on a per-group metric value that represents the + total amount of work to be done or resource usage, set this value to + an amount assigned for a single instance of the scaled group. + The autoscaler will keep the number of instances proportional to the + value of this metric, the metric itself should not change value due + to group resizing. + + For example, a good metric to use with the target is + 'pubsub.googleapis.com/subscription/num_undelivered_messages' + or a custom metric exporting the total number of requests coming to + your instances. + + A bad example would be a metric exporting an average or median + latency, since this value can't include a chunk assignable to a + single instance, it could be better used with utilization_target + instead. + type: number + target: + description: |- + The target value of the metric that autoscaler should + maintain. This must be a positive value. A utilization + metric scales number of virtual machines handling requests + to increase or decrease proportionally to the metric. + + For example, a good metric to use as a utilizationTarget is + www.googleapis.com/compute/instance/network/received_bytes_count. + The autoscaler will work to keep this value constant for each + of the instances. + type: number + type: + description: |- + Defines how target utilization value is expressed for a + Stackdriver Monitoring metric. Possible values: ["GAUGE", "DELTA_PER_SECOND", "DELTA_PER_MINUTE"]. + type: string + required: + - name + type: object + type: array + minReplicas: + description: |- + The minimum number of replicas that the autoscaler can scale down + to. This cannot be less than 0. If not provided, autoscaler will + choose a default value depending on maximum number of instances + allowed. + type: integer + mode: + description: Defines operating mode for this policy. + type: string + scaleDownControl: + description: |- + Defines scale down controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledDownReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scaleInControl: + description: |- + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledInReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scalingSchedules: + description: Scaling schedules defined for an autoscaler. Multiple + schedules can be set on an autoscaler and they can overlap. + items: + properties: + description: + description: A description of a scaling schedule. + type: string + disabled: + description: A boolean value that specifies if a scaling + schedule can influence autoscaler recommendations. If + set to true, then a scaling schedule has no effect. + type: boolean + durationSec: + description: The duration of time intervals (in seconds) + for which this scaling schedule will be running. The minimum + allowed value is 300. + type: integer + minRequiredReplicas: + description: Minimum number of VM instances that autoscaler + will recommend in time intervals starting according to + schedule. + type: integer + name: + type: string + schedule: + description: The start timestamps of time intervals when + this scaling schedule should provide a scaling signal. + This field uses the extended cron format (with an optional + year field). + type: string + timeZone: + description: 'The time zone to be used when interpreting + the schedule. The value of this field must be a time zone + name from the tz database: http://en.wikipedia.org/wiki/Tz_database.' + type: string + required: + - durationSec + - minRequiredReplicas + - name + - schedule + type: object + type: array + required: + - maxReplicas + - minReplicas + type: object + description: + description: An optional description of this resource. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. URL of the region where the instance group + resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + target: + description: URL of the managed instance group that this autoscaler + will scale. + type: string + required: + - autoscalingPolicy + - projectRef + - region + - target + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregiondiskresourcepolicyattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionDiskResourcePolicyAttachment + plural: computeregiondiskresourcepolicyattachments + shortNames: + - gcpcomputeregiondiskresourcepolicyattachment + - gcpcomputeregiondiskresourcepolicyattachments + singular: computeregiondiskresourcepolicyattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + diskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. A reference to the region where the disk resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - diskRef + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregionnetworkendpointgroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionNetworkEndpointGroup + plural: computeregionnetworkendpointgroups + shortNames: + - gcpcomputeregionnetworkendpointgroup + - gcpcomputeregionnetworkendpointgroups + singular: computeregionnetworkendpointgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cloudFunction: + description: |- + Immutable. Only valid when networkEndpointType is "SERVERLESS". + Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. + properties: + functionRef: + description: |- + Immutable. A user-defined name of the Cloud Function. + The function name is case-sensitive and must be 1-63 characters long. + Example value: "func1". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudFunctionsFunction` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + urlMask: + description: |- + Immutable. A template to parse function field from a request URL. URL mask allows + for routing to multiple Cloud Functions without having to create + multiple Network Endpoint Groups and backend services. + + For example, request URLs "mydomain.com/function1" and "mydomain.com/function2" + can be backed by the same Serverless NEG with URL mask "/". The URL mask + will parse them to { function = "function1" } and { function = "function2" } respectively. + type: string + type: object + cloudRun: + description: |- + Immutable. Only valid when networkEndpointType is "SERVERLESS". + Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. + properties: + serviceRef: + description: |- + Immutable. Cloud Run service is the main resource of Cloud Run. + The service must be 1-63 characters long, and comply with RFC1035. + Example value: "run-service". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `RunService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tag: + description: |- + Immutable. Cloud Run tag represents the "named-revision" to provide + additional fine-grained traffic routing information. + The tag must be 1-63 characters long, and comply with RFC1035. + Example value: "revision-0010". + type: string + urlMask: + description: |- + Immutable. A template to parse service and tag fields from a request URL. + URL mask allows for routing to multiple Run services without having + to create multiple network endpoint groups and backend services. + + For example, request URLs "foo1.domain.com/bar1" and "foo1.domain.com/bar2" + an be backed by the same Serverless Network Endpoint Group (NEG) with + URL mask ".domain.com/". The URL mask will parse them to { service="bar1", tag="foo1" } + and { service="bar2", tag="foo2" } respectively. + type: string + type: object + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + networkEndpointType: + description: 'Immutable. Type of network endpoints in this network + endpoint group. Defaults to SERVERLESS Default value: "SERVERLESS" + Possible values: ["SERVERLESS", "PRIVATE_SERVICE_CONNECT"].' + type: string + networkRef: + description: |- + Immutable. This field is only used for PSC. + The URL of the network to which all network endpoints in the NEG belong. Uses + "default" project network if unspecified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + pscTargetService: + description: |- + Immutable. The target service url used to set up private service connection to + a Google API or a PSC Producer Service Attachment. + type: string + region: + description: Immutable. A reference to the region where the Serverless + NEGs Reside. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnetworkRef: + description: |- + Immutable. This field is only used for PSC. + Optional URL of the subnetwork to which all network endpoints in the NEG belong. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregionperinstanceconfigs.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionPerInstanceConfig + plural: computeregionperinstanceconfigs + shortNames: + - gcpcomputeregionperinstanceconfig + - gcpcomputeregionperinstanceconfigs + singular: computeregionperinstanceconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + minimalAction: + description: |- + The minimal action to perform on the instance during an update. + Default is 'NONE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + mostDisruptiveAllowedAction: + description: |- + The most disruptive action to perform on the instance during an update. + Default is 'REPLACE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + preservedState: + description: The preserved state for this instance. + properties: + disk: + description: Stateful disks for the instance. + items: + properties: + deleteRule: + description: |- + A value that prescribes what should happen to the stateful disk when the VM instance is deleted. + The available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'. + 'NEVER' - detach the disk when the VM is deleted, but do not delete the disk. + 'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently + deleted from the instance group. Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"]. + type: string + deviceName: + description: A unique device name that is reflected into + the /dev/ tree of a Linux operating system running within + the instance. + type: string + mode: + description: 'The mode of the disk. Default value: "READ_WRITE" + Possible values: ["READ_ONLY", "READ_WRITE"].' + type: string + source: + description: |- + The URI of an existing persistent disk to attach under the specified device-name in the format + 'projects/project-id/zones/zone/disks/disk-name'. + type: string + required: + - deviceName + - source + type: object + type: array + externalIp: + description: Preserved external IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + internalIp: + description: Preserved internal IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + metadata: + additionalProperties: + type: string + description: Preserved metadata defined for this instance. This + is a list of key->value pairs. + type: object + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. Region where the containing instance group + manager is located. + type: string + regionInstanceGroupManagerRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRegionInstanceGroupManager` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + removeInstanceStateOnDestroy: + description: |- + When true, deleting this config will immediately remove any specified state from the underlying instance. + When false, deleting this config will *not* immediately remove any state from the underlying instance. + State will be removed on the next instance recreation or update. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + - region + - regionInstanceGroupManagerRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregionsslpolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionSSLPolicy + plural: computeregionsslpolicies + shortNames: + - gcpcomputeregionsslpolicy + - gcpcomputeregionsslpolicies + singular: computeregionsslpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + customFeatures: + description: |- + A list of features enabled when the selected profile is CUSTOM. The + method returns the set of features that can be specified in this + list. This field must be empty if the profile is not CUSTOM. + + See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) + for which ciphers are available to use. **Note**: this argument + *must* be present when using the 'CUSTOM' profile. This argument + *must not* be present when using any other profile. + items: + type: string + type: array + description: + description: Immutable. An optional description of this resource. + type: string + minTlsVersion: + description: |- + The minimum version of SSL protocol that can be used by the clients + to establish a connection with the load balancer. Default value: "TLS_1_0" Possible values: ["TLS_1_0", "TLS_1_1", "TLS_1_2"]. + type: string + profile: + description: |- + Profile specifies the set of SSL features that can be used by the + load balancer when negotiating SSL with clients. If using 'CUSTOM', + the set of SSL features to enable must be specified in the + 'customFeatures' field. + + See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) + for information on what cipher suites each profile provides. If + 'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: "COMPATIBLE" Possible values: ["COMPATIBLE", "MODERN", "RESTRICTED", "CUSTOM"]. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region where the regional SSL policy resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + enabledFeatures: + description: The list of features enabled in the SSL policy. + items: + type: string + type: array + fingerprint: + description: |- + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computereservations.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeReservation + plural: computereservations + shortNames: + - gcpcomputereservation + - gcpcomputereservations + singular: computereservation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + specificReservation: + description: Reservation for instances with specific machine shapes. + properties: + count: + description: The number of resources that are allocated. + type: integer + inUseCount: + description: How many instances are in use. + type: integer + instanceProperties: + description: Immutable. The instance properties for the reservation. + properties: + guestAccelerators: + description: Immutable. Guest accelerator type and count. + items: + properties: + acceleratorCount: + description: |- + Immutable. The number of the guest accelerator cards exposed to + this instance. + type: integer + acceleratorType: + description: |- + Immutable. The full or partial URL of the accelerator type to + attach to this instance. For example: + 'projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100' + + If you are creating an instance template, specify only the accelerator name. + type: string + required: + - acceleratorCount + - acceleratorType + type: object + type: array + localSsds: + description: |- + Immutable. The amount of local ssd to reserve with each instance. This + reserves disks of type 'local-ssd'. + items: + properties: + diskSizeGb: + description: Immutable. The size of the disk in base-2 + GB. + type: integer + interface: + description: 'Immutable. The disk interface to use for + attaching this disk. Default value: "SCSI" Possible + values: ["SCSI", "NVME"].' + type: string + required: + - diskSizeGb + type: object + type: array + machineType: + description: Immutable. The name of the machine type to reserve. + type: string + minCpuPlatform: + description: |- + Immutable. The minimum CPU platform for the reservation. For example, + '"Intel Skylake"'. See + the CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones) + for information on available CPU platforms. + type: string + required: + - machineType + type: object + required: + - count + - instanceProperties + type: object + specificReservationRequired: + description: |- + Immutable. When set to true, only VMs that target this reservation by name can + consume this reservation. Otherwise, it can be consumed by VMs with + affinity for any reservation. Defaults to false. + type: boolean + zone: + description: Immutable. The zone where the reservation is made. + type: string + required: + - specificReservation + - zone + type: object + status: + properties: + commitment: + description: |- + Full or partial URL to a parent commitment. This field displays for + reservations that are tied to a commitment. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + status: + description: The status of the reservation. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeresourcepolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeResourcePolicy + plural: computeresourcepolicies + shortNames: + - gcpcomputeresourcepolicy + - gcpcomputeresourcepolicies + singular: computeresourcepolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + Provide this property when you create the resource. + type: string + diskConsistencyGroupPolicy: + description: Immutable. Replication consistency group for asynchronous + disk replication. + properties: + enabled: + description: Immutable. Enable disk consistency on the resource + policy. + type: boolean + required: + - enabled + type: object + groupPlacementPolicy: + description: Immutable. Resource policy for instances used for placement + configuration. + properties: + availabilityDomainCount: + description: |- + Immutable. The number of availability domains instances will be spread across. If two instances are in different + availability domain, they will not be put in the same low latency network. + type: integer + collocation: + description: |- + Immutable. Collocation specifies whether to place VMs inside the same availability domain on the same low-latency network. + Specify 'COLLOCATED' to enable collocation. Can only be specified with 'vm_count'. If compute instances are created + with a COLLOCATED policy, then exactly 'vm_count' instances must be created at the same time with the resource policy + attached. Possible values: ["COLLOCATED"]. + type: string + maxDistance: + description: Immutable. Specifies the number of max logical switches. + type: integer + vmCount: + description: |- + Immutable. Number of VMs in this placement group. Google does not recommend that you use this field + unless you use a compact policy and you want your policy to work only if it contains this + exact number of VMs. + type: integer + type: object + instanceSchedulePolicy: + description: Immutable. Resource policy for scheduling instance operations. + properties: + expirationTime: + description: Immutable. The expiration time of the schedule. The + timestamp is an RFC3339 string. + type: string + startTime: + description: Immutable. The start time of the schedule. The timestamp + is an RFC3339 string. + type: string + timeZone: + description: |- + Immutable. Specifies the time zone to be used in interpreting the schedule. The value of this field must be a time zone name + from the tz database: http://en.wikipedia.org/wiki/Tz_database. + type: string + vmStartSchedule: + description: Immutable. Specifies the schedule for starting instances. + properties: + schedule: + description: Immutable. Specifies the frequency for the operation, + using the unix-cron format. + type: string + required: + - schedule + type: object + vmStopSchedule: + description: Immutable. Specifies the schedule for stopping instances. + properties: + schedule: + description: Immutable. Specifies the frequency for the operation, + using the unix-cron format. + type: string + required: + - schedule + type: object + required: + - timeZone + type: object + region: + description: Immutable. Region where resource policy resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + snapshotSchedulePolicy: + description: Immutable. Policy for creating snapshots of persistent + disks. + properties: + retentionPolicy: + description: Immutable. Retention policy applied to snapshots + created by this resource policy. + properties: + maxRetentionDays: + description: Immutable. Maximum age of the snapshot that is + allowed to be kept. + type: integer + onSourceDiskDelete: + description: |- + Immutable. Specifies the behavior to apply to scheduled snapshots when + the source disk is deleted. Default value: "KEEP_AUTO_SNAPSHOTS" Possible values: ["KEEP_AUTO_SNAPSHOTS", "APPLY_RETENTION_POLICY"]. + type: string + required: + - maxRetentionDays + type: object + schedule: + description: Immutable. Contains one of an 'hourlySchedule', 'dailySchedule', + or 'weeklySchedule'. + properties: + dailySchedule: + description: Immutable. The policy will execute every nth + day at the specified time. + properties: + daysInCycle: + description: Immutable. Defines a schedule with units + measured in days. The value determines how many days + pass between the start of each cycle. Days in cycle + for snapshot schedule policy must be 1. + type: integer + startTime: + description: |- + Immutable. This must be in UTC format that resolves to one of + 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, + both 13:00-5 and 08:00 are valid. + type: string + required: + - daysInCycle + - startTime + type: object + hourlySchedule: + description: Immutable. The policy will execute every nth + hour starting at the specified time. + properties: + hoursInCycle: + description: Immutable. The number of hours between snapshots. + type: integer + startTime: + description: |- + Immutable. Time within the window to start the operations. + It must be in an hourly format "HH:MM", + where HH : [00-23] and MM : [00] GMT. + eg: 21:00. + type: string + required: + - hoursInCycle + - startTime + type: object + weeklySchedule: + description: Immutable. Allows specifying a snapshot time + for each day of the week. + properties: + dayOfWeeks: + description: Immutable. May contain up to seven (one for + each day of the week) snapshot times. + items: + properties: + day: + description: 'Immutable. The day of the week to + create the snapshot. e.g. MONDAY Possible values: + ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", + "FRIDAY", "SATURDAY", "SUNDAY"].' + type: string + startTime: + description: |- + Immutable. Time within the window to start the operations. + It must be in format "HH:MM", where HH : [00-23] and MM : [00-00] GMT. + type: string + required: + - day + - startTime + type: object + type: array + required: + - dayOfWeeks + type: object + type: object + snapshotProperties: + description: Immutable. Properties with which the snapshots are + created, such as labels. + properties: + chainName: + description: |- + Immutable. Creates the new snapshot in the snapshot chain labeled with the + specified name. The chain name must be 1-63 characters long and comply + with RFC1035. + type: string + guestFlush: + description: Immutable. Whether to perform a 'guest aware' + snapshot. + type: boolean + labels: + additionalProperties: + type: string + description: Immutable. A set of key-value pairs. + type: object + storageLocations: + description: |- + Immutable. Cloud Storage bucket location to store the auto snapshot + (regional or multi-regional). + items: + type: string + type: array + type: object + required: + - schedule + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouterinterfaces.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterInterface + plural: computerouterinterfaces + shortNames: + - gcpcomputerouterinterface + - gcpcomputerouterinterfaces + singular: computerouterinterface + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + interconnectAttachmentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInterconnectAttachment` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipRange: + description: Immutable. The IP address and range of the interface. + The IP range must be in the RFC3927 link-local IP space. Changing + this forces a new interface to be created. + type: string + privateIpAddressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + redundantInterfaceRef: + description: The interface the BGP peer is associated with. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouterInterface` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region this interface's router sits in. + If not specified, the project region will be used. Changing this + forces a new interface to be created. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + vpnTunnelRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + - routerRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouternats.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterNAT + plural: computerouternats + shortNames: + - gcpcomputerouternat + - gcpcomputerouternats + singular: computerouternat + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + drainNatIps: + items: + description: |- + A list of IP resources to be drained. These IPs must be valid + static external IPs that have been assigned to the NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + enableDynamicPortAllocation: + description: |- + Enable Dynamic Port Allocation. + If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. + If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. + If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. + If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. + + Mutually exclusive with enableEndpointIndependentMapping. + type: boolean + enableEndpointIndependentMapping: + description: |- + Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information + see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs). + type: boolean + icmpIdleTimeoutSec: + description: Timeout (in seconds) for ICMP connections. Defaults to + 30s if not set. + type: integer + logConfig: + description: Configuration for logging on NAT. + properties: + enable: + description: Indicates whether or not to export logs. + type: boolean + filter: + description: 'Specifies the desired filtering of logs on this + NAT. Possible values: ["ERRORS_ONLY", "TRANSLATIONS_ONLY", "ALL"].' + type: string + required: + - enable + - filter + type: object + maxPortsPerVm: + description: |- + Maximum number of ports allocated to a VM from this NAT. + This field can only be set when enableDynamicPortAllocation is enabled. + type: integer + minPortsPerVm: + description: Minimum number of ports allocated to a VM from this NAT. + type: integer + natIpAllocateOption: + description: |- + How external IPs should be allocated for this NAT. Valid values are + 'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud + Platform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: ["MANUAL_ONLY", "AUTO_ONLY"]. + type: string + natIps: + items: + description: NAT IPs. Only valid if natIpAllocateOption is set to + MANUAL_ONLY. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + region: + description: Immutable. Region where the router and NAT reside. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + description: The Cloud Router in which this NAT will be configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rules: + description: A list of rules associated with this NAT. + items: + properties: + action: + description: The action to be enforced for traffic that matches + this rule. + properties: + sourceNatActiveIpsRefs: + items: + description: |- + A list of URLs of the IP resources used for this NAT rule. These IP + addresses must be valid static external IP addresses assigned to the + project. This field is used for public NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceNatDrainIpsRefs: + items: + description: |- + A list of URLs of the IP resources to be drained. These IPs must be + valid static external IPs that have been assigned to the NAT. These + IPs should be used for updating/patching a NAT rule only. This field + is used for public NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + description: + description: An optional description of this rule. + type: string + match: + description: |- + CEL expression that specifies the match condition that egress traffic from a VM is evaluated against. + If it evaluates to true, the corresponding action is enforced. + + The following examples are valid match expressions for public NAT: + + "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')" + + "destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'" + + The following example is a valid match expression for private NAT: + + "nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'". + type: string + ruleNumber: + description: |- + An integer uniquely identifying a rule in the list. + The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT. + type: integer + required: + - match + - ruleNumber + type: object + type: array + sourceSubnetworkIpRangesToNat: + description: |- + How NAT should be configured per Subnetwork. + If 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the + IP ranges in every Subnetwork are allowed to Nat. + If 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP + ranges in every Subnetwork are allowed to Nat. + 'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat + (specified in the field subnetwork below). Note that if this field + contains ALL_SUBNETWORKS_ALL_IP_RANGES or + ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any + other RouterNat section in any Router for this network in this region. Possible values: ["ALL_SUBNETWORKS_ALL_IP_RANGES", "ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES", "LIST_OF_SUBNETWORKS"]. + type: string + subnetwork: + description: |- + One or more subnetwork NAT configurations. Only used if + 'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'. + items: + properties: + secondaryIpRangeNames: + description: |- + List of the secondary ranges of the subnetwork that are allowed + to use NAT. This can be populated only if + 'LIST_OF_SECONDARY_IP_RANGES' is one of the values in + sourceIpRangesToNat. + items: + type: string + type: array + sourceIpRangesToNat: + description: |- + List of options for which source IPs in the subnetwork + should have NAT enabled. Supported values include: + 'ALL_IP_RANGES', 'LIST_OF_SECONDARY_IP_RANGES', + 'PRIMARY_IP_RANGE'. + items: + type: string + type: array + subnetworkRef: + description: The subnetwork to NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - sourceIpRangesToNat + - subnetworkRef + type: object + type: array + tcpEstablishedIdleTimeoutSec: + description: |- + Timeout (in seconds) for TCP established connections. + Defaults to 1200s if not set. + type: integer + tcpTimeWaitTimeoutSec: + description: |- + Timeout (in seconds) for TCP connections that are in TIME_WAIT state. + Defaults to 120s if not set. + type: integer + tcpTransitoryIdleTimeoutSec: + description: |- + Timeout (in seconds) for TCP transitory connections. + Defaults to 30s if not set. + type: integer + udpIdleTimeoutSec: + description: Timeout (in seconds) for UDP connections. Defaults to + 30s if not set. + type: integer + required: + - natIpAllocateOption + - region + - routerRef + - sourceSubnetworkIpRangesToNat + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouterpeers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterPeer + plural: computerouterpeers + shortNames: + - gcpcomputerouterpeer + - gcpcomputerouterpeers + singular: computerouterpeer + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + advertiseMode: + description: |- + User-specified flag to indicate which mode to use for advertisement. + Valid values of this enum field are: 'DEFAULT', 'CUSTOM' Default value: "DEFAULT" Possible values: ["DEFAULT", "CUSTOM"]. + type: string + advertisedGroups: + description: |- + User-specified list of prefix groups to advertise in custom + mode, which currently supports the following option: + + * 'ALL_SUBNETS': Advertises all of the router's own VPC subnets. + This excludes any routes learned for subnets that use VPC Network + Peering. + + + Note that this field can only be populated if advertiseMode is 'CUSTOM' + and overrides the list defined for the router (in the "bgp" message). + These groups are advertised in addition to any specified prefixes. + Leave this field blank to advertise no custom groups. + items: + type: string + type: array + advertisedIpRanges: + description: |- + User-specified list of individual IP ranges to advertise in + custom mode. This field can only be populated if advertiseMode + is 'CUSTOM' and is advertised to all peers of the router. These IP + ranges will be advertised in addition to any specified groups. + Leave this field blank to advertise no custom IP ranges. + items: + properties: + description: + description: User-specified description for the IP range. + type: string + range: + description: |- + The IP range to advertise. The value must be a + CIDR-formatted string. + type: string + required: + - range + type: object + type: array + advertisedRoutePriority: + description: |- + The priority of routes advertised to this BGP peer. + Where there is more than one matching route of maximum + length, the routes with the lowest priority value win. + type: integer + bfd: + description: BFD configuration for the BGP peering. + properties: + minReceiveInterval: + description: |- + The minimum interval, in milliseconds, between BFD control packets + received from the peer router. The actual value is negotiated + between the two routers and is equal to the greater of this value + and the transmit interval of the other router. If set, this value + must be between 1000 and 30000. + type: integer + minTransmitInterval: + description: |- + The minimum interval, in milliseconds, between BFD control packets + transmitted to the peer router. The actual value is negotiated + between the two routers and is equal to the greater of this value + and the corresponding receive interval of the other router. If set, + this value must be between 1000 and 30000. + type: integer + multiplier: + description: |- + The number of consecutive BFD packets that must be missed before + BFD declares that a peer is unavailable. If set, the value must + be a value between 5 and 16. + type: integer + sessionInitializationMode: + description: |- + The BFD session initialization mode for this BGP peer. + If set to 'ACTIVE', the Cloud Router will initiate the BFD session + for this BGP peer. If set to 'PASSIVE', the Cloud Router will wait + for the peer router to initiate the BFD session for this BGP peer. + If set to 'DISABLED', BFD is disabled for this BGP peer. Possible values: ["ACTIVE", "DISABLED", "PASSIVE"]. + type: string + required: + - sessionInitializationMode + type: object + enable: + description: |- + The status of the BGP peer connection. If set to false, any active session + with the peer is terminated and all associated routing information is removed. + If set to true, the peer connection can be established with routing information. + The default is true. + type: boolean + enableIpv6: + description: Enable IPv6 traffic over BGP Peer. If not specified, + it is disabled by default. + type: boolean + ipAddress: + description: |- + IP address of the interface inside Google Cloud Platform. + Only IPv4 is supported. + properties: + external: + type: string + type: object + ipv6NexthopAddress: + description: |- + IPv6 address of the interface inside Google Cloud Platform. + The address must be in the range 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64. + If you do not specify the next hop addresses, Google Cloud automatically + assigns unused addresses from the 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64 range for you. + type: string + peerAsn: + description: |- + Peer BGP Autonomous System Number (ASN). + Each BGP interface may use a different value. + type: integer + peerIpAddress: + description: |- + IP address of the BGP interface outside Google Cloud Platform. + Only IPv4 is supported. Required if 'ip_address' is set. + type: string + peerIpv6NexthopAddress: + description: |- + IPv6 address of the BGP interface outside Google Cloud Platform. + The address must be in the range 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64. + If you do not specify the next hop addresses, Google Cloud automatically + assigns unused addresses from the 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64 range for you. + type: string + region: + description: |- + Immutable. Region where the router and BgpPeer reside. + If it is not provided, the provider region is used. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerApplianceInstanceRef: + description: |- + The URI of the VM instance that is used as third-party router + appliances such as Next Gen Firewalls, Virtual Routers, or Router + Appliances. The VM instance must be located in zones contained in + the same region as this Cloud Router. The VM instance is the peer + side of the BGP session. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + routerInterfaceRef: + description: The interface the BGP peer is associated with. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouterInterface` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + routerRef: + description: The Cloud Router in which this BGP peer will be configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - peerAsn + - region + - routerInterfaceRef + - routerRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + managementType: + description: |- + The resource that configures and manages this BGP peer. + + * 'MANAGED_BY_USER' is the default value and can be managed by + you or other users + * 'MANAGED_BY_ATTACHMENT' is a BGP peer that is configured and + managed by Cloud Interconnect, specifically by an + InterconnectAttachment of type PARTNER. Google automatically + creates, updates, and deletes this type of BGP peer when the + PARTNER InterconnectAttachment is created, updated, + or deleted. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouters.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouter + plural: computerouters + shortNames: + - gcpcomputerouter + - gcpcomputerouters + singular: computerouter + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bgp: + description: BGP information specific to this router. + properties: + advertiseMode: + description: 'User-specified flag to indicate which mode to use + for advertisement. Default value: "DEFAULT" Possible values: + ["DEFAULT", "CUSTOM"].' + type: string + advertisedGroups: + description: |- + User-specified list of prefix groups to advertise in custom mode. + This field can only be populated if advertiseMode is CUSTOM and + is advertised to all peers of the router. These groups will be + advertised in addition to any specified prefixes. Leave this field + blank to advertise no custom groups. + + This enum field has the one valid value: ALL_SUBNETS. + items: + type: string + type: array + advertisedIpRanges: + description: |- + User-specified list of individual IP ranges to advertise in + custom mode. This field can only be populated if advertiseMode + is CUSTOM and is advertised to all peers of the router. These IP + ranges will be advertised in addition to any specified groups. + Leave this field blank to advertise no custom IP ranges. + items: + properties: + description: + description: User-specified description for the IP range. + type: string + range: + description: |- + The IP range to advertise. The value must be a + CIDR-formatted string. + type: string + required: + - range + type: object + type: array + asn: + description: |- + Local BGP Autonomous System Number (ASN). Must be an RFC6996 + private ASN, either 16-bit or 32-bit. The value will be fixed for + this router resource. All VPN tunnels that link to this router + will have the same local ASN. + type: integer + keepaliveInterval: + description: |- + The interval in seconds between BGP keepalive messages that are sent + to the peer. Hold time is three times the interval at which keepalive + messages are sent, and the hold time is the maximum number of seconds + allowed to elapse between successive keepalive messages that BGP + receives from a peer. + + BGP will use the smaller of either the local hold time value or the + peer's hold time value as the hold time for the BGP connection + between the two peers. If set, this value must be between 20 and 60. + The default is 20. + type: integer + required: + - asn + type: object + description: + description: An optional description of this resource. + type: string + encryptedInterconnectRouter: + description: |- + Immutable. Indicates if a router is dedicated for use with encrypted VLAN + attachments (interconnectAttachments). + type: boolean + networkRef: + description: A reference to the network to which this router belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. Region where the router resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeroutes.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRoute + plural: computeroutes + shortNames: + - gcpcomputeroute + - gcpcomputeroutes + singular: computeroute + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Immutable. An optional description of this resource. Provide this property + when you create the resource. + type: string + destRange: + description: |- + Immutable. The destination range of outgoing packets that this route applies to. + Only IPv4 is supported. + type: string + networkRef: + description: The network that this route applies to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopGateway: + description: |- + Immutable. URL to a gateway that should handle matching packets. + Currently, you can only specify the internet gateway, using a full or + partial valid URL: + * 'https://www.googleapis.com/compute/v1/projects/project/global/gateways/default-internet-gateway' + * 'projects/project/global/gateways/default-internet-gateway' + * 'global/gateways/default-internet-gateway' + * The string 'default-internet-gateway'. + type: string + nextHopILBRef: + description: |- + A forwarding rule of type loadBalancingScheme=INTERNAL that should + handle matching packets. Note that this can only be used when the + destinationRange is a public (non-RFC 1918) IP CIDR range. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeForwardingRule` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopInstanceRef: + description: Instance that should handle matching packets. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopIp: + description: Immutable. Network IP address of an instance that should + handle matching packets. + type: string + nextHopVPNTunnelRef: + description: The ComputeVPNTunnel that should handle matching packets + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + priority: + description: |- + Immutable. The priority of this route. Priority is used to break ties in cases + where there is more than one matching route of equal prefix length. + + In the case of two routes with equal prefix length, the one with the + lowest-numbered priority value wins. + + Default value is 1000. Valid range is 0 through 65535. + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tags: + description: Immutable. A list of instance tags to which this route + applies. + items: + type: string + type: array + required: + - destRange + - networkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + nextHopNetwork: + description: URL to a Network that should handle matching packets. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesecuritypolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSecurityPolicy + plural: computesecuritypolicies + shortNames: + - gcpcomputesecuritypolicy + - gcpcomputesecuritypolicies + singular: computesecuritypolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + adaptiveProtectionConfig: + description: Adaptive Protection Config of this security policy. + properties: + autoDeployConfig: + description: Auto Deploy Config of this security policy. + properties: + confidenceThreshold: + description: Rules are only automatically deployed for alerts + on potential attacks with confidence scores greater than + this threshold. + type: number + expirationSec: + description: Google Cloud Armor stops applying the action + in the automatically deployed rule to an identified attacker + after this duration. The rule continues to operate against + new requests. + type: integer + impactedBaselineThreshold: + description: Rules are only automatically deployed when the + estimated impact to baseline traffic from the suggested + mitigation is below this threshold. + type: number + loadThreshold: + description: Identifies new attackers only when the load to + the backend service that is under attack exceeds this threshold. + type: number + type: object + layer7DdosDefenseConfig: + description: Layer 7 DDoS Defense Config of this security policy. + properties: + enable: + description: If set to true, enables CAAP for L7 DDoS detection. + type: boolean + ruleVisibility: + description: 'Rule visibility. Supported values include: "STANDARD", + "PREMIUM".' + type: string + type: object + type: object + advancedOptionsConfig: + description: Advanced Options Config of this security policy. + properties: + jsonCustomConfig: + description: Custom configuration to apply the JSON parsing. Only + applicable when JSON parsing is set to STANDARD. + properties: + contentTypes: + description: A list of custom Content-Type header values to + apply the JSON parsing. + items: + type: string + type: array + required: + - contentTypes + type: object + jsonParsing: + description: 'JSON body parsing. Supported values include: "DISABLED", + "STANDARD".' + type: string + logLevel: + description: 'Logging level. Supported values include: "NORMAL", + "VERBOSE".' + type: string + userIpRequestHeaders: + description: An optional list of case-insensitive request header + names to use for resolving the callers client IP address. + items: + type: string + type: array + type: object + description: + description: An optional description of this security policy. Max + size is 2048. + type: string + recaptchaOptionsConfig: + description: reCAPTCHA configuration options to be applied for the + security policy. + properties: + redirectSiteKeyRef: + description: |- + A field to supply a reCAPTCHA site key to be used for all the rules + using the redirect action with the type of GOOGLE_RECAPTCHA under + the security policy. The specified site key needs to be created from + the reCAPTCHA API. The user is responsible for the validity of the + specified site key. If not specified, a Google-managed site key is + used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `RecaptchaEnterpriseKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - redirectSiteKeyRef + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rule: + description: The set of rules that belong to this policy. There must + always be a default rule (rule with priority 2147483647 and match + "*"). If no rules are provided when creating a security policy, + a default rule with action "allow" will be added. + items: + properties: + action: + description: Action to take when match matches the request. + type: string + description: + description: An optional description of this rule. Max size + is 64. + type: string + headerAction: + description: Additional actions that are performed on headers. + properties: + requestHeadersToAdds: + description: The list of request headers to add or overwrite + if they're already present. + items: + properties: + headerName: + description: The name of the header to set. + type: string + headerValue: + description: The value to set the named header to. + type: string + required: + - headerName + type: object + type: array + required: + - requestHeadersToAdds + type: object + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding action + is enforced. + properties: + config: + description: The configuration options available when specifying + versioned_expr. This field must be specified if versioned_expr + is specified and cannot be specified if versioned_expr + is not specified. + properties: + srcIpRanges: + description: Set of IP addresses or ranges (IPV4 or + IPV6) in CIDR notation to match against inbound traffic. + There is a limit of 10 IP ranges per rule. A value + of '*' matches all IPs (can be used to override the + default behavior). + items: + type: string + type: array + required: + - srcIpRanges + type: object + expr: + description: User defined CEVAL expression. A CEVAL expression + is used to specify match criteria such as origin.ip, source.region_code + and contents in the request header. + properties: + expression: + description: Textual representation of an expression + in Common Expression Language syntax. The application + context of the containing message determines which + well-known feature set of CEL is supported. + type: string + required: + - expression + type: object + versionedExpr: + description: 'Predefined rule expression. If this field + is specified, config must also be specified. Available + options: SRC_IPS_V1: Must specify the corresponding + src_ip_ranges field in config.' + type: string + type: object + preconfiguredWafConfig: + description: Preconfigured WAF configuration to be applied for + the rule. If the rule does not evaluate preconfigured WAF + rules, i.e., if evaluatePreconfiguredWaf() is not used, this + field will have no effect. + properties: + exclusion: + description: An exclusion to apply during preconfigured + WAF evaluation. + items: + properties: + requestCookie: + description: Request cookie whose value will be excluded + from inspection during preconfigured WAF evaluation. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestHeader: + description: Request header whose value will be excluded + from inspection during preconfigured WAF evaluation. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestQueryParam: + description: Request query parameter whose value will + be excluded from inspection during preconfigured + WAF evaluation. Note that the parameter can be + in the query string or in the POST body. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestUri: + description: Request URI from the request line to + be excluded from inspection during preconfigured + WAF evaluation. When specifying this field, the + query or fragment part should be excluded. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + targetRuleIds: + description: A list of target rule IDs under the WAF + rule set to apply the preconfigured WAF exclusion. + If omitted, it refers to all the rule IDs under + the WAF rule set. + items: + type: string + type: array + targetRuleSet: + description: Target WAF rule set to apply the preconfigured + WAF exclusion. + type: string + required: + - targetRuleSet + type: object + type: array + type: object + preview: + description: When set to true, the action specified above is + not enforced. Stackdriver logs for requests that trigger a + preview action are annotated as such. + type: boolean + priority: + description: An unique positive integer indicating the priority + of evaluation for a rule. Rules are evaluated from highest + priority (lowest numerically) to lowest priority (highest + numerically) in order. + type: integer + rateLimitOptions: + description: Rate limit threshold for this security policy. + Must be specified if the action is "rate_based_ban" or "throttle". + Cannot be specified for any other actions. + properties: + banDurationSec: + description: Can only be specified if the action for the + rule is "rate_based_ban". If specified, determines the + time (in seconds) the traffic will continue to be banned + by the rate limit after the rate falls below the threshold. + type: integer + banThreshold: + description: Can only be specified if the action for the + rule is "rate_based_ban". If specified, the key will be + banned for the configured 'banDurationSec' when the number + of requests that exceed the 'rateLimitThreshold' also + exceed this 'banThreshold'. + properties: + count: + description: Number of HTTP(S) requests for calculating + the threshold. + type: integer + intervalSec: + description: Interval over which the threshold is computed. + type: integer + required: + - count + - intervalSec + type: object + conformAction: + description: Action to take for requests that are under + the configured rate limit threshold. Valid option is "allow" + only. + type: string + enforceOnKey: + description: Determines the key to enforce the rateLimitThreshold + on. + type: string + enforceOnKeyConfigs: + description: Enforce On Key Config of this security policy. + items: + properties: + enforceOnKeyName: + description: 'Rate limit key name applicable only + for the following key types: HTTP_HEADER -- Name + of the HTTP header whose value is taken as the key + value. HTTP_COOKIE -- Name of the HTTP cookie whose + value is taken as the key value.' + type: string + enforceOnKeyType: + description: Determines the key to enforce the rate_limit_threshold + on. + type: string + type: object + type: array + enforceOnKeyName: + description: 'Rate limit key name applicable only for the + following key types: HTTP_HEADER -- Name of the HTTP header + whose value is taken as the key value. HTTP_COOKIE -- + Name of the HTTP cookie whose value is taken as the key + value.' + type: string + exceedAction: + description: Action to take for requests that are above + the configured rate limit threshold, to either deny with + a specified HTTP response code, or redirect to a different + endpoint. Valid options are "deny()" where valid values + for status are 403, 404, 429, and 502, and "redirect" + where the redirect parameters come from exceedRedirectOptions + below. + type: string + exceedRedirectOptions: + description: Parameters defining the redirect action that + is used as the exceed action. Cannot be specified if the + exceed action is not redirect. + properties: + target: + description: Target for the redirect action. This is + required if the type is EXTERNAL_302 and cannot be + specified for GOOGLE_RECAPTCHA. + type: string + type: + description: Type of the redirect action. + type: string + required: + - type + type: object + rateLimitThreshold: + description: Threshold at which to begin ratelimiting. + properties: + count: + description: Number of HTTP(S) requests for calculating + the threshold. + type: integer + intervalSec: + description: Interval over which the threshold is computed. + type: integer + required: + - count + - intervalSec + type: object + required: + - conformAction + - exceedAction + - rateLimitThreshold + type: object + redirectOptions: + description: Parameters defining the redirect action. Cannot + be specified for any other actions. + properties: + target: + description: Target for the redirect action. This is required + if the type is EXTERNAL_302 and cannot be specified for + GOOGLE_RECAPTCHA. + type: string + type: + description: 'Type of the redirect action. Available options: + EXTERNAL_302: Must specify the corresponding target field + in config. GOOGLE_RECAPTCHA: Cannot specify target field + in config.' + type: string + required: + - type + type: object + required: + - action + - match + - priority + type: object + type: array + type: + description: The type indicates the intended use of the security policy. + CLOUD_ARMOR - Cloud Armor backend security policies can be configured + to filter incoming HTTP requests targeting backend services. They + filter requests before they hit the origin servers. CLOUD_ARMOR_EDGE + - Cloud Armor edge security policies can be configured to filter + incoming HTTP requests targeting backend services (including Cloud + CDN-enabled) as well as backend buckets (Cloud Storage). They filter + requests before the request is served from Google's cache. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + fingerprint: + description: Fingerprint of this resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computeserviceattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeServiceAttachment + plural: computeserviceattachments + shortNames: + - gcpcomputeserviceattachment + - gcpcomputeserviceattachments + singular: computeserviceattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + connectionPreference: + description: 'The connection preference of service attachment. The + value can be set to `ACCEPT_AUTOMATIC`. An `ACCEPT_AUTOMATIC` service + attachment is one that always accepts the connection from consumer + forwarding rules. Possible values: CONNECTION_PREFERENCE_UNSPECIFIED, + ACCEPT_AUTOMATIC, ACCEPT_MANUAL' + type: string + consumerAcceptLists: + description: Projects that are allowed to connect to this service + attachment. + items: + properties: + connectionLimit: + description: The value of the limit to set. + format: int64 + type: integer + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project id or number for the project to set the limit for. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + type: object + type: array + consumerRejectLists: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + description: + description: An optional description of this resource. Provide this + property when you create the resource. + type: string + enableProxyProtocol: + description: Immutable. If true, enable the proxy protocol which is + for supplying client TCP/IP address data in TCP connections that + traverse proxies on their way to destination servers. + type: boolean + location: + description: Immutable. The location for the resource + type: string + natSubnets: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + targetServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of a service serving the endpoint identified by this service attachment. + + Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - connectionPreference + - location + - natSubnets + - projectRef + - targetServiceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + connectedEndpoints: + description: An array of connections for all the consumers connected + to this service attachment. + items: + properties: + endpoint: + description: The url of a connected endpoint. + type: string + pscConnectionId: + description: The PSC connection id of the connected endpoint. + format: int64 + type: integer + status: + description: 'The status of a connected endpoint to this service + attachment. Possible values: PENDING, RUNNING, DONE' + type: string + type: object + type: array + fingerprint: + description: Fingerprint of this resource. This field is used internally + during updates of this resource. + type: string + id: + description: The unique identifier for the resource type. The server + generates this identifier. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pscServiceAttachmentId: + description: An 128-bit global unique ID of the PSC service attachment. + properties: + high: + format: int64 + type: integer + low: + format: int64 + type: integer + type: object + region: + description: URL of the region where the service attachment resides. + This field applies only to the region resource. You must specify + this field as part of the HTTP request URL. It is not settable as + a field in the request body. + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesharedvpchostprojects.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSharedVPCHostProject + plural: computesharedvpchostprojects + shortNames: + - gcpcomputesharedvpchostproject + - gcpcomputesharedvpchostprojects + singular: computesharedvpchostproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesharedvpcserviceprojects.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSharedVPCServiceProject + plural: computesharedvpcserviceprojects + shortNames: + - gcpcomputesharedvpcserviceproject + - gcpcomputesharedvpcserviceprojects + singular: computesharedvpcserviceproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deletionPolicy: + description: "The deletion policy for the shared VPC service. Setting + ABANDON allows the resource\n\t\t\t\tto be abandoned rather than + deleted. Possible values are: \"ABANDON\"." + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesnapshots.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSnapshot + plural: computesnapshots + shortNames: + - gcpcomputesnapshot + - gcpcomputesnapshots + singular: computesnapshot + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + chainName: + description: |- + Immutable. Creates the new snapshot in the snapshot chain labeled with the + specified name. The chain name must be 1-63 characters long and + comply with RFC1035. This is an uncommon option only for advanced + service owners who needs to create separate snapshot chains, for + example, for chargeback tracking. When you describe your snapshot + resource, this field is visible only if it has a non-empty value. + type: string + description: + description: Immutable. An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + snapshotEncryptionKey: + description: |- + Immutable. Encrypts the snapshot using a customer-supplied encryption key. + + After you encrypt a snapshot using a customer-supplied key, you must + provide the same key if you use the snapshot later. For example, you + must provide the encryption key when you create a disk from the + encrypted snapshot in a future request. + + Customer-supplied encryption keys do not protect access to metadata of + the snapshot. + + If you do not provide an encryption key when creating the snapshot, + then the snapshot will be encrypted using an automatically generated + key and you do not need to provide a key to use the snapshot later. + properties: + kmsKeyRef: + description: The encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + sourceDiskEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source snapshot. Required + if the source snapshot is protected by a customer-supplied encryption + key. + properties: + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + type: object + sourceDiskRef: + description: A reference to the disk used to create this snapshot. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + storageLocations: + description: Immutable. Cloud Storage bucket storage location of the + snapshot (regional or multi-regional). + items: + type: string + type: array + zone: + description: Immutable. A reference to the zone where the disk is + hosted. + type: string + required: + - sourceDiskRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + diskSizeGb: + description: Size of the snapshot, specified in GB. + type: integer + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + licenses: + description: |- + A list of public visible licenses that apply to this snapshot. This + can be because the original image had licenses attached (such as a + Windows image). snapshotEncryptionKey nested object Encrypts the + snapshot using a customer-supplied encryption key. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + snapshotId: + description: The unique identifier for the resource. + type: integer + storageBytes: + description: |- + A size of the storage used by the snapshot. As snapshots share + storage, this number is expected to change with snapshot + creation/deletion. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesslcertificates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSSLCertificate + plural: computesslcertificates + shortNames: + - gcpcomputesslcertificate + - gcpcomputesslcertificates + singular: computesslcertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificate: + description: |- + Immutable. The certificate in PEM format. + The certificate chain must be no greater than 5 certs long. + The chain must include at least one intermediate cert. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - key + - name + type: object + type: object + type: object + description: + description: Immutable. An optional description of this resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeSSLCertificate. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + privateKey: + description: Immutable. The write-only private key in PEM format. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - key + - name + type: object + type: object + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - certificate + - location + - privateKey + type: object + status: + properties: + certificateId: + description: The unique identifier for the resource. + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + expireTime: + description: Expire time of the certificate in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesslpolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSSLPolicy + plural: computesslpolicies + shortNames: + - gcpcomputesslpolicy + - gcpcomputesslpolicies + singular: computesslpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + customFeatures: + description: |- + Profile specifies the set of SSL features that can be used by the + load balancer when negotiating SSL with clients. This can be one of + 'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM', + the set of SSL features to enable must be specified in the + 'customFeatures' field. + + See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) + for which ciphers are available to use. **Note**: this argument + *must* be present when using the 'CUSTOM' profile. This argument + *must not* be present when using any other profile. + items: + type: string + type: array + description: + description: Immutable. An optional description of this resource. + type: string + minTlsVersion: + description: |- + The minimum version of SSL protocol that can be used by the clients + to establish a connection with the load balancer. Default value: "TLS_1_0" Possible values: ["TLS_1_0", "TLS_1_1", "TLS_1_2"]. + type: string + profile: + description: |- + Profile specifies the set of SSL features that can be used by the + load balancer when negotiating SSL with clients. If using 'CUSTOM', + the set of SSL features to enable must be specified in the + 'customFeatures' field. + + See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) + for information on what cipher suites each profile provides. If + 'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: "COMPATIBLE" Possible values: ["COMPATIBLE", "MODERN", "RESTRICTED", "CUSTOM"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + enabledFeatures: + description: The list of features enabled in the SSL policy. + items: + type: string + type: array + fingerprint: + description: |- + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesubnetworks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSubnetwork + plural: computesubnetworks + shortNames: + - gcpcomputesubnetwork + - gcpcomputesubnetworks + singular: computesubnetwork + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. This field can be set only at resource + creation time. + type: string + ipCidrRange: + description: |- + The range of internal addresses that are owned by this subnetwork. + Provide this property when you create the subnetwork. For example, + 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and + non-overlapping within a network. Only IPv4 is supported. + type: string + ipv6AccessType: + description: |- + The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation + or the first time the subnet is updated into IPV4_IPV6 dual stack. If the ipv6_type is EXTERNAL then this subnet + cannot enable direct path. Possible values: ["EXTERNAL", "INTERNAL"]. + type: string + logConfig: + description: |- + This field denotes the VPC flow logging options for this subnetwork. If + logging is enabled, logs are exported to Cloud Logging. Flow logging + isn't supported if the subnet 'purpose' field is set to subnetwork is + 'REGIONAL_MANAGED_PROXY' or 'GLOBAL_MANAGED_PROXY'. + properties: + aggregationInterval: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + Toggles the aggregation interval for collecting flow logs. Increasing the + interval time will reduce the amount of generated flow logs for long + lasting connections. Default is an interval of 5 seconds per connection. Default value: "INTERVAL_5_SEC" Possible values: ["INTERVAL_5_SEC", "INTERVAL_30_SEC", "INTERVAL_1_MIN", "INTERVAL_5_MIN", "INTERVAL_10_MIN", "INTERVAL_15_MIN"]. + type: string + filterExpr: + description: |- + Export filter used to define which VPC flow logs should be logged, as as CEL expression. See + https://cloud.google.com/vpc/docs/flow-logs#filtering for details on how to format this field. + The default value is 'true', which evaluates to include everything. + type: string + flowSampling: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + The value of the field must be in [0, 1]. Set the sampling rate of VPC + flow logs within the subnetwork where 1.0 means all collected logs are + reported and 0.0 means no logs are reported. Default is 0.5 which means + half of all collected logs are reported. + type: number + metadata: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + Configures whether metadata fields should be added to the reported VPC + flow logs. Default value: "INCLUDE_ALL_METADATA" Possible values: ["EXCLUDE_ALL_METADATA", "INCLUDE_ALL_METADATA", "CUSTOM_METADATA"]. + type: string + metadataFields: + description: |- + List of metadata fields that should be added to reported logs. + Can only be specified if VPC flow logs for this subnetwork is enabled and "metadata" is set to CUSTOM_METADATA. + items: + type: string + type: array + type: object + networkRef: + description: |- + The network this subnet belongs to. Only networks that are in the + distributed mode can have subnetworks. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + privateIpGoogleAccess: + description: |- + When enabled, VMs in this subnetwork without external IP addresses can + access Google APIs and services by using Private Google Access. + type: boolean + privateIpv6GoogleAccess: + description: The private IPv6 google access type for the VMs in this + subnet. + type: string + purpose: + description: |- + Immutable. The purpose of the resource. This field can be either 'PRIVATE_RFC_1918', 'REGIONAL_MANAGED_PROXY', 'GLOBAL_MANAGED_PROXY', or 'PRIVATE_SERVICE_CONNECT'. + A subnet with purpose set to 'REGIONAL_MANAGED_PROXY' is a user-created subnetwork that is reserved for regional Envoy-based load balancers. + A subnetwork in a given region with purpose set to 'GLOBAL_MANAGED_PROXY' is a proxy-only subnet and is shared between all the cross-regional Envoy-based load balancers. + A subnetwork with purpose set to 'PRIVATE_SERVICE_CONNECT' reserves the subnet for hosting a Private Service Connect published service. + Note that 'REGIONAL_MANAGED_PROXY' is the preferred setting for all regional Envoy load balancers. + If unspecified, the purpose defaults to 'PRIVATE_RFC_1918'. + type: string + region: + description: Immutable. The GCP region for this subnetwork. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + role: + description: |- + The role of subnetwork. + Currently, this field is only used when 'purpose' is 'REGIONAL_MANAGED_PROXY'. + The value can be set to 'ACTIVE' or 'BACKUP'. + An 'ACTIVE' subnetwork is one that is currently being used for Envoy-based load balancers in a region. + A 'BACKUP' subnetwork is one that is ready to be promoted to 'ACTIVE' or is currently draining. Possible values: ["ACTIVE", "BACKUP"]. + type: string + secondaryIpRange: + items: + properties: + ipCidrRange: + description: |- + The range of IP addresses belonging to this subnetwork secondary + range. Provide this property when you create the subnetwork. + Ranges must be unique and non-overlapping with all primary and + secondary IP ranges within a network. Only IPv4 is supported. + type: string + rangeName: + description: |- + The name associated with this subnetwork secondary range, used + when adding an alias IP range to a VM instance. The name must + be 1-63 characters long, and comply with RFC1035. The name + must be unique within the subnetwork. + type: string + required: + - ipCidrRange + - rangeName + type: object + type: array + stackType: + description: |- + The stack type for this subnet to identify whether the IPv6 feature is enabled or not. + If not specified IPV4_ONLY will be used. Possible values: ["IPV4_ONLY", "IPV4_IPV6"]. + type: string + required: + - ipCidrRange + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + externalIpv6Prefix: + description: The range of external IPv6 addresses that are owned by + this subnetwork. + type: string + fingerprint: + description: DEPRECATED. This field is not useful for users, and has + been removed as an output. Fingerprint of this resource. This field + is used internally during updates of this resource. + type: string + gatewayAddress: + description: |- + The gateway address for default routes to reach destination addresses + outside this subnetwork. + type: string + internalIpv6Prefix: + description: The internal IPv6 address range that is assigned to this + subnetwork. + type: string + ipv6CidrRange: + description: The range of internal IPv6 addresses that are owned by + this subnetwork. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetgrpcproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetGRPCProxy + plural: computetargetgrpcproxies + shortNames: + - gcpcomputetargetgrpcproxy + - gcpcomputetargetgrpcproxies + singular: computetargetgrpcproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + urlMapRef: + description: |- + The UrlMap resource that defines the mapping from URL to the BackendService. + The protocol field in the BackendService must be set to GRPC. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + validateForProxyless: + description: |- + Immutable. If true, indicates that the BackendServices referenced by + the urlMap may be accessed by gRPC applications without using + a sidecar proxy. This will enable configuration checks on urlMap + and its referenced BackendServices to not allow unsupported features. + A gRPC application must use "xds:///" scheme in the target URI + of the service it is connecting to. If false, indicates that the + BackendServices referenced by the urlMap will be accessed by gRPC + applications via a sidecar proxy. In this case, a gRPC application + must not use "xds:///" scheme in the target URI of the service + it is connecting to. + type: boolean + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + fingerprint: + description: |- + Fingerprint of this resource. A hash of the contents stored in + this object. This field is used in optimistic locking. This field + will be ignored when inserting a TargetGrpcProxy. An up-to-date + fingerprint must be provided in order to patch/update the + TargetGrpcProxy; otherwise, the request will fail with error + 412 conditionNotMet. To see the latest fingerprint, make a get() + request to retrieve the TargetGrpcProxy. A base64-encoded string. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + selfLinkWithId: + description: Server-defined URL with id for the resource. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargethttpproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetHTTPProxy + plural: computetargethttpproxies + shortNames: + - gcpcomputetargethttpproxy + - gcpcomputetargethttpproxies + singular: computetargethttpproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + httpKeepAliveTimeoutSec: + description: |- + Immutable. Specifies how long to keep a connection open, after completing a response, + while there is no matching traffic (in seconds). If an HTTP keepalive is + not specified, a default value (610 seconds) will be used. For Global + external HTTP(S) load balancer, the minimum allowed value is 5 seconds and + the maximum allowed value is 1200 seconds. For Global external HTTP(S) + load balancer (classic), this option is not available publicly. + type: integer + location: + description: 'Location represents the geographical location of the + ComputeTargetHTTPProxy. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + proxyBind: + description: |- + Immutable. This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + urlMapRef: + description: |- + A reference to the ComputeURLMap resource that defines the mapping + from URL to the BackendService. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - urlMapRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargethttpsproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetHTTPSProxy + plural: computetargethttpsproxies + shortNames: + - gcpcomputetargethttpsproxy + - gcpcomputetargethttpsproxies + singular: computetargethttpsproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificateManagerCertificates: + items: + description: |- + URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer. + Currently, you may specify up to 15 certificates. Certificate manager certificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. + sslCertificates and certificateManagerCertificates fields cannot be defined together. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/locations/global/certificates/{{value}}`, + where {{value}} is the `name` field of a `CertificateManagerCertificate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + certificateMapRef: + description: |- + A reference to the CertificateMap resource uri that identifies a + certificate map associated with the given target proxy. This field + can only be set for global target proxies. This field is only supported + for EXTERNAL and EXTERNAL_MANAGED load balancing schemes. + For INTERNAL_MANAGED, use certificateManagerCertificates instead. + sslCertificates and certificateMap fields cannot be defined together. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `//certificatemanager.googleapis.com/projects/{{project}}/locations/global/certificateMaps/{{value}}`, + where {{value}} is the `name` field of a `CertificateManagerCertificateMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + httpKeepAliveTimeoutSec: + description: |- + Immutable. Specifies how long to keep a connection open, after completing a response, + while there is no matching traffic (in seconds). If an HTTP keepalive is + not specified, a default value (610 seconds) will be used. For Global + external HTTP(S) load balancer, the minimum allowed value is 5 seconds and + the maximum allowed value is 1200 seconds. For Global external HTTP(S) + load balancer (classic), this option is not available publicly. + type: integer + location: + description: 'Location represents the geographical location of the + ComputeTargetHTTPSProxy. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + proxyBind: + description: |- + Immutable. This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: boolean + quicOverride: + description: |- + Specifies the QUIC override policy for this resource. This determines + whether the load balancer will attempt to negotiate QUIC with clients + or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is + specified, Google manages whether QUIC is used. Default value: "NONE" Possible values: ["NONE", "ENABLE", "DISABLE"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serverTlsPolicyRef: + description: |- + Immutable. A URL referring to a networksecurity.ServerTlsPolicy + resource that describes how the proxy should authenticate inbound + traffic. serverTlsPolicy only applies to a global TargetHttpsProxy + attached to globalForwardingRules with the loadBalancingScheme + set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. + For details which ServerTlsPolicy resources are accepted with + INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED + loadBalancingScheme consult ServerTlsPolicy documentation. + If left blank, communications are not encrypted. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{value}}`, + where {{value}} is the `name` field of a `NetworkSecurityServerTLSPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sslCertificates: + items: + description: |- + A list of ComputeSSLCertificate resources that are used to + authenticate connections between users and the load balancer. At + least one SSL certificate must be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sslPolicyRef: + description: |- + A reference to the ComputeSSLPolicy resource that will be + associated with the ComputeTargetHTTPSProxy resource. If not set, + the ComputeTargetHTTPSProxy resource will not have any SSL policy + configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + urlMapRef: + description: |- + A reference to the ComputeURLMap resource that defines the mapping + from URL to the BackendService. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - urlMapRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetinstances.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetInstance + plural: computetargetinstances + shortNames: + - gcpcomputetargetinstance + - gcpcomputetargetinstances + singular: computetargetinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + instanceRef: + description: The ComputeInstance handling traffic for this target + instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + natPolicy: + description: |- + Immutable. NAT option controlling how IPs are NAT'ed to the instance. + Currently only NO_NAT (default value) is supported. Default value: "NO_NAT" Possible values: ["NO_NAT"]. + type: string + networkRef: + description: |- + The network this target instance uses to forward + traffic. If not specified, the traffic will be forwarded to the network + that the default network interface belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + securityPolicyRef: + description: The resource URL for the security policy associated with + this target instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + zone: + description: Immutable. URL of the zone where the target instance + resides. + type: string + required: + - instanceRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetpools.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetPool + plural: computetargetpools + shortNames: + - gcpcomputetargetpool + - gcpcomputetargetpools + singular: computetargetpool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backupTargetPoolRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. Textual description field. + type: string + failoverRatio: + description: Immutable. Ratio (0 to 1) of failed nodes before using + the backup pool (which must also be set). + type: number + healthChecks: + items: + properties: + httpHealthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + region: + description: Immutable. Where the target pool resides. Defaults to + project region. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + securityPolicyRef: + description: The resource URL for the security policy associated with + this target pool. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sessionAffinity: + description: Immutable. How to distribute load. Options are "NONE" + (no affinity). "CLIENT_IP" (hash of the source/dest addresses / + ports), and "CLIENT_IP_PROTO" also includes the protocol (default + "NONE"). + type: string + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetsslproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetSSLProxy + plural: computetargetsslproxies + shortNames: + - gcpcomputetargetsslproxy + - gcpcomputetargetsslproxies + singular: computetargetsslproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backendServiceRef: + description: A reference to the ComputeBackendService resource. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateMapRef: + description: |- + A reference to the CertificateMap resource uri that identifies a + certificate map associated with the given target proxy. This + field can only be set for global target proxies. Accepted format is + '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CertificateManagerCertificateMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to + the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslCertificates: + items: + description: |- + A list of ComputeSSLCertificate resources that are used to + authenticate connections between users and the load balancer. + Currently, exactly one SSL certificate must be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sslPolicyRef: + description: |- + A reference to the ComputeSSLPolicy resource that will be + associated with the TargetSslProxy resource. If not set, the + ComputeTargetSSLProxy resource will not have any SSL policy + configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargettcpproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetTCPProxy + listKind: ComputeTargetTCPProxyList + plural: computetargettcpproxies + shortNames: + - gcpcomputetargettcpproxy + - gcpcomputetargettcpproxies + singular: computetargettcpproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: ComputeTargetTCPProxy is the Schema for the ComputeTargetTCPProxy + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ComputeTargetTCPProxySpec defines the desired state of ComputeTargetTCPProxy + properties: + backendServiceRef: + description: A reference to the ComputeBackendService resource. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The ComputeBackendService selflink in the form "projects/{{project}}/global/backendServices/{{name}}" + or "projects/{{project}}/regions/{{region}}/backendServices/{{name}}" + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `ComputeBackendService` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeBackendService` + resource. + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + x-kubernetes-validations: + - message: Description is immutable + rule: self == oldSelf + location: + description: 'The geographical location of the ComputeTargetTCPProxy. + Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + proxyBind: + description: Immutable. This field only applies when the forwarding + rule that references this target proxy has a loadBalancingScheme + set to INTERNAL_SELF_MANAGED. + type: boolean + x-kubernetes-validations: + - message: ProxyBind is immutable + rule: self == oldSelf + proxyHeader: + description: 'Specifies the type of proxy header to append before + sending data to the backend. Default value: "NONE" Possible values: + ["NONE", "PROXY_V1"].' + type: string + resourceID: + description: Immutable. The ComputeTargetTCPProxy name. If not given, + the metadata.name will be used. + type: string + x-kubernetes-validations: + - message: ResourceID is immutable + rule: self == oldSelf + required: + - backendServiceRef + type: object + status: + description: ComputeTargetTCPProxyStatus defines the config connector + machine state of ComputeTargetTCPProxy + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + externalRef: + description: A unique specifier for the ComputeTargetTCPProxy resource + in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + proxyId: + description: The unique identifier for the resource. + format: int64 + type: integer + selfLink: + description: The SelfLink for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetvpngateways.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetVPNGateway + plural: computetargetvpngateways + shortNames: + - gcpcomputetargetvpngateway + - gcpcomputetargetvpngateways + singular: computetargetvpngateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + networkRef: + description: The network this VPN gateway is accepting traffic for. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region this gateway should sit in. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + gatewayId: + description: The unique identifier for the resource. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeurlmaps.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeURLMap + plural: computeurlmaps + shortNames: + - gcpcomputeurlmap + - gcpcomputeurlmaps + singular: computeurlmap + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultRouteAction: + description: |- + defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + Only one of defaultRouteAction or defaultUrlRedirect must be set. + URL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within defaultRouteAction. + defaultRouteAction has no effect when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see + [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header. + Default is false. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regualar expression patterns that match allowed origins. For regular expression grammar + please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + disabled: + description: If true, the setting specifies the CORS policy + is disabled. The default value of false, which indicates + that the CORS policy is in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached in seconds. + This translates to the Access-Control-Max-Age header. + type: integer + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. + As part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service. + Similarly requests from clients can be aborted by the load balancer for a percentage of requests. + timeout and retryPolicy is ignored by clients that are configured with a faultInjectionPolicy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection. + Fault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: [Routing and traffic management features](https://cloud.google.com/load-balancing/docs/features#routing-traffic-management). + properties: + abort: + description: The specification for how client requests are + aborted as part of fault injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. + The value must be between 200 and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + delay: + description: The specification for how client requests are + delayed as part of fault injection, before being sent to + a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed delay interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. + The load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow. + Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + backendServiceRef: + description: |- + The backend service resource being mirrored to. + The backend service configured for a mirroring policy must reference + backends that are of the same type as the original backend service + matched in the URL map. + Serverless NEG backends are not currently supported as a mirrored + backend service. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + retryPolicy: + description: Specifies the retry policy associated with this route. + properties: + numRetries: + description: Specifies the allowed number retries. This number + must be > 0. If not specified, defaults to 1. + type: integer + perTryTimeout: + description: |- + Specifies a non-zero timeout per retry attempt. + + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, + will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + retryConditions: + description: |- + Specifies one or more conditions when this retry policy applies. + Valid values are listed below. Only the following codes are supported when the URL map is bound to target gRPC proxy that has validateForProxyless field set to true: cancelled, deadline-exceeded, internal, resource-exhausted, unavailable. + - 5xx : retry is attempted if the instance or endpoint responds with any 5xx response code, or if the instance or endpoint does not respond at all. For example, disconnects, reset, read timeout, connection failure, and refused streams. + - gateway-error : Similar to 5xx, but only applies to response codes 502, 503 or 504. + - connect-failure : a retry is attempted on failures connecting to the instance or endpoint. For example, connection timeouts. + - retriable-4xx : a retry is attempted if the instance or endpoint responds with a 4xx response code. The only error that you can retry is error code 409. + - refused-stream : a retry is attempted if the instance or endpoint resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + - cancelled : a retry is attempted if the gRPC status code in the response header is set to cancelled. + - deadline-exceeded : a retry is attempted if the gRPC status code in the response header is set to deadline-exceeded. + - internal : a retry is attempted if the gRPC status code in the response header is set to internal. + - resource-exhausted : a retry is attempted if the gRPC status code in the response header is set to resource-exhausted. + - unavailable : a retry is attempted if the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as end-of-stream) up until the response has been processed. Timeout includes all retries. + If not specified, this field uses the largest timeout among all backend services associated with the route. + Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. + properties: + nanos: + description: Span of time that's a fraction of a second at + nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos + field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: 'Span of time at a resolution of a second. Must + be from 0 to 315,576,000,000 inclusive. Note: these bounds + are computed from: 60 sec/min * 60 min/hr * 24 hr/day * + 365.25 days/year * 10000 years.' + type: string + type: object + urlRewrite: + description: |- + The spec to modify the URL of the request, before forwarding the request to the matched service. + urlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers. + Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + hostRewrite: + description: |- + Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite. + The value must be from 1 to 255 characters. + type: string + pathPrefixRewrite: + description: |- + Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite. + The value must be from 1 to 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number. + After a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + The default backend service resource. + Before forwarding the request to backendService, the loadbalancer + applies any relevant headerActions specified as part of this + backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for the selected backendService. + headerAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + headerAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL. + Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. + properties: + requestHeadersToAdd: + description: Headers to add to a matching request before + forwarding the request to the backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. + The default value is false. + type: boolean + type: object + type: array + requestHeadersToRemove: + description: A list of header names for headers that + need to be removed from the request before forwarding + the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response before sending + the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. + The default value is false. + type: boolean + type: object + type: array + responseHeadersToRemove: + description: A list of header names for headers that + need to be removed from the response before sending + the response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to a backend service, computed as weight / (sum of all weightedBackendService weights in routeAction) . + The selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backend service, subsequent requests are sent to the same backend service as determined by the backend service's session affinity policy. + The value must be from 0 to 1000. + type: integer + type: object + type: array + type: object + defaultService: + description: |- + The defaultService resource to which traffic is directed if none of + the hostRules match. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + If defaultRouteAction is additionally specified, advanced routing + actions like URL Rewrites, etc. take effect prior to sending the + request to the backend. However, if defaultService is specified, + defaultRouteAction cannot contain any weightedBackendServices. + Conversely, if routeAction specifies any weightedBackendServices, + service must not be specified. Only one of defaultService, + defaultUrlRedirect or defaultRouteAction.weightedBackendService + must be set. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + defaultUrlRedirect: + description: |- + When none of the specified hostRules match, the request is redirected to a URL specified + by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or + defaultRouteAction must not be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. If set to + false, the URL scheme of the redirected request will remain the same as that of the + request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this + true for TargetHttpsProxy is not permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one that was + supplied in the request. pathRedirect cannot be supplied together with + prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the + original request will be used for the redirect. The value must be between 1 and 1024 + characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or + neither. If neither is supplied, the path of the original request will be used for + the redirect. The value must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed prior + to redirecting the request. If set to false, the query portion of the original URL is + retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. The headerAction specified here take effect after + headerAction specified under pathMatcher. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to sending the + response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + hostRule: + description: The list of HostRules to use against the URL. + items: + properties: + description: + description: |- + An optional description of this HostRule. Provide this property + when you create the resource. + type: string + hosts: + description: |- + The list of host patterns to match. They must be valid + hostnames, except * will match any string of ([a-z0-9-.]*). In + that case, * must be the first character and must be followed in + the pattern by either - or .. + items: + type: string + type: array + pathMatcher: + description: |- + The name of the PathMatcher to use to match the path portion of + the URL if the hostRule matches the URL's host portion. + type: string + required: + - hosts + - pathMatcher + type: object + type: array + location: + description: 'Location represents the geographical location of the + ComputeURLMap. Specify a region name or "global" for global resources. + Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + pathMatcher: + description: The list of named PathMatchers to use against the URL. + items: + properties: + defaultRouteAction: + description: |- + defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs + advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request + to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. + Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + + Only one of defaultRouteAction or defaultUrlRedirect must be set. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see + [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. + This translates to the Access-Control-Allow-Credentials header. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regular expression patterns that match allowed origins. For regular expression grammar + please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy is disabled. + The default value is false, which indicates that the + CORS policy is in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached in seconds. + This translates to the Access-Control-Max-Age header. + type: integer + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. + As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a + percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted + by the Loadbalancer for a percentage of requests. + + timeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy. + properties: + abort: + description: The specification for how client requests + are aborted as part of fault injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. + The value must be between 200 and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + delay: + description: The specification for how client requests + are delayed as part of fault injection, before being + sent to a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed delay + interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. + Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, + the host / authority header is suffixed with -shadow. + properties: + backendServiceRef: + description: Required. The backend service resource + being mirrored to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + retryPolicy: + description: Specifies the retry policy associated with + this route. + properties: + numRetries: + description: Specifies the allowed number retries. This + number must be > 0. If not specified, defaults to + 1. + type: integer + perTryTimeout: + description: |- + Specifies a non-zero timeout per retry attempt. + + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, + will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + retryConditions: + description: |- + Specfies one or more conditions when this retry rule applies. Valid values are: + + * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, + or if the backend service does not respond at all, example: disconnects, reset, read timeout, + * connection failure, and refused streams. + * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. + * connect-failure: Loadbalancer will retry on failures connecting to backend services, + for example due to connection timeouts. + * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + * refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. + This reset type indicates that it is safe to retry. + * cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled + * deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded + * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted + * unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time the request has been + fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. + + If not specified, will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + urlRewrite: + description: The spec to modify the URL of the request, + prior to forwarding the request to the matched service. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected service, the request's host header is replaced + with contents of hostRewrite. + + The value must be between 1 and 255 characters. + type: string + pathPrefixRewrite: + description: |- + Prior to forwarding the request to the selected backend service, the matching portion of the + request's path is replaced by pathPrefixRewrite. + + The value must be between 1 and 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match occurs. + The weights determine the fraction of traffic that flows to their corresponding backend service. + If all traffic needs to go to a single backend service, there must be one weightedBackendService + with weight set to a non 0 number. + + Once a backendService is identified and before forwarding the request to the backend service, + advanced routing actions like Url rewrites and header transformations are applied depending on + additional settings specified in this HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + The default backend service resource. + Before forwarding the request to backendService, the loadbalancer + applies any relevant headerActions specified as part of this + backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. + + headerAction specified here take effect before headerAction in the enclosing + HttpRouteRule, PathMatcher and UrlMap. + properties: + requestHeadersToAdd: + description: Headers to add to a matching request + prior to forwarding the request to the backendService. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + type: boolean + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request prior to + forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior + to sending the response back to the client. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + type: boolean + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response prior to sending the + response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to backendService, computed as + weight / (sum of all weightedBackendService weights in routeAction) . + + The selection of a backend service is determined only for new traffic. Once a user's request + has been directed to a backendService, subsequent requests will be sent to the same backendService + as determined by the BackendService's session affinity policy. + + The value must be between 0 and 1000. + type: integer + type: object + type: array + type: object + defaultService: + description: |- + The default service to use if none of the pathRules defined by this + PathMatcher is matched by the URL's path portion. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + defaultUrlRedirect: + description: |- + When none of the specified hostRules match, the request is redirected to a URL specified + by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or + defaultRouteAction must not be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. If set to + false, the URL scheme of the redirected request will remain the same as that of the + request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this + true for TargetHttpsProxy is not permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one that was + supplied in the request. pathRedirect cannot be supplied together with + prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the + original request will be used for the redirect. The value must be between 1 and 1024 + characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or + neither. If neither is supplied, the path of the original request will be used for + the redirect. The value must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed prior + to redirecting the request. If set to false, the query portion of the original URL is + retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + description: + description: An optional description of this resource. + type: string + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. HeaderAction specified here are applied after the + matching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to sending + the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + name: + description: The name to which this PathMatcher is referred + by the HostRule. + type: string + pathRule: + description: |- + The list of path rules. Use this list instead of routeRules when routing based + on simple path matching is all that's required. The order by which path rules + are specified does not matter. Matches are always done on the longest-path-first + basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* + irrespective of the order in which those paths appear in this list. Within a + given pathMatcher, only one of pathRules or routeRules must be set. + items: + properties: + paths: + description: |- + The list of path patterns to match. Each must start with / and the only place a + \* is allowed is at the end following a /. The string fed to the path matcher + does not include any text after the first ? or #, and those chars are not + allowed here. + items: + type: string + type: array + routeAction: + description: |- + In response to a matching path, the load balancer performs advanced routing + actions like URL rewrites, header transformations, etc. prior to forwarding the + request to the selected backend. If routeAction specifies any + weightedBackendServices, service must not be set. Conversely if service is set, + routeAction cannot contain any weightedBackendServices. Only one of routeAction + or urlRedirect must be set. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see W3C + Recommendation for Cross Origin Resource Sharing. + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the + actual request can include user credentials. This translates to the Access- + Control-Allow-Credentials header. Defaults to false. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regular expression patterns that match allowed origins. For + regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. An + origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy + is disabled. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long the results of a preflight request can be cached. This + translates to the content for the Access-Control-Max-Age header. + type: integer + required: + - disabled + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the + resiliency of clients to backend service failure. As part of fault injection, + when clients send requests to a backend service, delays can be introduced by + Loadbalancer on a percentage of requests before sending those request to the + backend service. Similarly requests from clients can be aborted by the + Loadbalancer for a percentage of requests. timeout and retry_policy will be + ignored by clients that are configured with a fault_injection_policy. + properties: + abort: + description: |- + The specification for how client requests are aborted as part of fault + injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. The value must be between 200 + and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be + aborted as part of fault injection. The value must be between 0.0 and 100.0 + inclusive. + type: number + required: + - httpStatus + - percentage + type: object + delay: + description: |- + The specification for how client requests are delayed as part of fault + injection, before being sent to a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed + delay interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will + be introduced as part of fault injection. The value must be between 0.0 and + 100.0 inclusive. + type: number + required: + - fixedDelay + - percentage + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are + shadowed to a separate mirrored backend service. Loadbalancer does not wait for + responses from the shadow service. Prior to sending traffic to the shadow + service, the host / authority header is suffixed with -shadow. + properties: + backendServiceRef: + description: Required. The backend service resource + being mirrored to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + retryPolicy: + description: Specifies the retry policy associated + with this route. + properties: + numRetries: + description: Specifies the allowed number retries. + This number must be > 0. + type: integer + perTryTimeout: + description: Specifies a non-zero timeout per + retry attempt. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + retryConditions: + description: |- + Specifies one or more conditions when this retry rule applies. Valid values are: + + - 5xx: Loadbalancer will attempt a retry if the backend service responds with + any 5xx response code, or if the backend service does not respond at all, + example: disconnects, reset, read timeout, connection failure, and refused + streams. + - gateway-error: Similar to 5xx, but only applies to response codes + 502, 503 or 504. + - connect-failure: Loadbalancer will retry on failures + connecting to backend services, for example due to connection timeouts. + - retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + - refused-stream: Loadbalancer will retry if the backend service resets the stream with a + REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + - cancelled: Loadbalancer will retry if the gRPC status code in the response + header is set to cancelled + - deadline-exceeded: Loadbalancer will retry if the + gRPC status code in the response header is set to deadline-exceeded + - resource-exhausted: Loadbalancer will retry if the gRPC status code in the response + header is set to resource-exhausted + - unavailable: Loadbalancer will retry if + the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time + the request is has been fully processed (i.e. end-of-stream) up until the + response has been completely processed. Timeout includes all retries. If not + specified, the default value is 15 seconds. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + urlRewrite: + description: |- + The spec to modify the URL of the request, prior to forwarding the request to + the matched service. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected service, the request's host + header is replaced with contents of hostRewrite. The value must be between 1 and + 255 characters. + type: string + pathPrefixRewrite: + description: |- + Prior to forwarding the request to the selected backend service, the matching + portion of the request's path is replaced by pathPrefixRewrite. The value must + be between 1 and 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match + occurs. The weights determine the fraction of traffic that flows to their + corresponding backend service. If all traffic needs to go to a single backend + service, there must be one weightedBackendService with weight set to a non 0 + number. Once a backendService is identified and before forwarding the request to + the backend service, advanced routing actions like Url rewrites and header + transformations are applied depending on additional settings specified in this + HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + Required. The default backend service resource. Before forwarding + the request to backendService, the loadbalancer applies any relevant + headerActions specified as part of this backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. headerAction specified here take effect before + headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response + prior to sending the response back to + the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to backendService, computed as weight / + (sum of all weightedBackendService weights in routeAction) . The selection of a + backend service is determined only for new traffic. Once a user's request has + been directed to a backendService, subsequent requests will be sent to the same + backendService as determined by the BackendService's session affinity policy. + The value must be between 0 and 1000. + type: integer + required: + - backendServiceRef + - weight + type: object + type: array + type: object + service: + description: |- + The backend service to which traffic is directed if this rule is + matched. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + If routeAction is additionally specified, advanced routing actions + like URL Rewrites, etc. take effect prior to sending the request to + the backend. However, if service is specified, routeAction cannot + contain any weightedBackendServices. Conversely, if routeAction + specifies any weightedBackendServices, service must not be + specified. Only one of urlRedirect, service or + routeAction.weightedBackendService must be set. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + urlRedirect: + description: |- + When a path pattern is matched, the request is redirected to a URL specified + by urlRedirect. If urlRedirect is specified, service or routeAction must not + be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one + that was supplied in the request. The value must be between 1 and 255 + characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. + If set to false, the URL scheme of the redirected request will remain the + same as that of the request. This must only be set for UrlMaps used in + TargetHttpProxys. Setting this true for TargetHttpsProxy is not + permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one + that was supplied in the request. pathRedirect cannot be supplied + together with prefixRedirect. Supply one alone or neither. If neither is + supplied, the path of the original request will be used for the redirect. + The value must be between 1 and 1024 characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the + HttpRouteRuleMatch, retaining the remaining portion of the URL before + redirecting the request. prefixRedirect cannot be supplied together with + pathRedirect. Supply one alone or neither. If neither is supplied, the + path of the original request will be used for the redirect. The value + must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed + prior to redirecting the request. If set to false, the query portion of the + original URL is retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + required: + - paths + type: object + type: array + routeRules: + description: |- + The list of ordered HTTP route rules. Use this list instead of pathRules when + advanced route matching and routing actions are desired. The order of specifying + routeRules matters: the first rule that matches will cause its specified routing + action to take effect. Within a given pathMatcher, only one of pathRules or + routeRules must be set. routeRules are not supported in UrlMaps intended for + External load balancers. + items: + properties: + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. The headerAction specified here are applied before + the matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r + outeAction.weightedBackendService.backendServiceWeightAction[].headerAction. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to + sending the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + matchRules: + description: The rules for determining a match. + items: + properties: + fullPathMatch: + description: |- + For satisfying the matchRule condition, the path of the request must exactly + match the value specified in fullPathMatch after removing any query parameters + and anchor that may be part of the original URL. FullPathMatch must be between 1 + and 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must + be specified. + type: string + headerMatches: + description: |- + Specifies a list of header match criteria, all of which must match corresponding + headers in the request. + items: + properties: + exactMatch: + description: |- + The value should exactly match contents of exactMatch. Only one of exactMatch, + prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. + type: string + headerName: + description: |- + The name of the HTTP header to match. For matching against the HTTP request's + authority, use a headerMatch with the header name ":authority". For matching a + request's method, use the headerName ":method". + type: string + invertMatch: + description: |- + If set to false, the headerMatch is considered a match if the match criteria + above are met. If set to true, the headerMatch is considered a match if the + match criteria above are NOT met. Defaults to false. + type: boolean + prefixMatch: + description: |- + The value of the header must start with the contents of prefixMatch. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + type: string + presentMatch: + description: |- + A header with the contents of headerName must exist. The match takes place + whether or not the request's header has a value or not. Only one of exactMatch, + prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. + type: boolean + rangeMatch: + description: |- + The header value must be an integer and its value must be in the range specified + in rangeMatch. If the header does not contain an integer, number or is empty, + the match fails. For example for a range [-5, 0] + + * -3 will match + * 0 will not match + * 0.25 will not match + * -3someString will not match. + + Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or + rangeMatch must be set. + properties: + rangeEnd: + description: The end of the range (exclusive). + type: integer + rangeStart: + description: The start of the range (inclusive). + type: integer + required: + - rangeEnd + - rangeStart + type: object + regexMatch: + description: |- + The value of the header must match the regular expression specified in + regexMatch. For regular expression grammar, please see: + en.cppreference.com/w/cpp/regex/ecmascript For matching against a port + specified in the HTTP request, use a headerMatch with headerName set to PORT and + a regular expression that satisfies the RFC2616 Host header's port specifier. + Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or + rangeMatch must be set. + type: string + suffixMatch: + description: |- + The value of the header must end with the contents of suffixMatch. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + type: string + required: + - headerName + type: object + type: array + ignoreCase: + description: |- + Specifies that prefixMatch and fullPathMatch matches are case sensitive. + Defaults to false. + type: boolean + metadataFilters: + description: |- + Opaque filter criteria used by Loadbalancer to restrict routing configuration to + a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS + clients present node metadata. If a match takes place, the relevant routing + configuration is made available to those proxies. For each metadataFilter in + this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the + filterLabels must match the corresponding label provided in the metadata. If its + filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match + with corresponding labels in the provided metadata. metadataFilters specified + here can be overrides those specified in ForwardingRule that refers to this + UrlMap. metadataFilters only applies to Loadbalancers that have their + loadBalancingScheme set to INTERNAL_SELF_MANAGED. + items: + properties: + filterLabels: + description: |- + The list of label value pairs that must match labels in the provided metadata + based on filterMatchCriteria This list must not be empty and can have at the + most 64 entries. + items: + properties: + name: + description: |- + Name of metadata label. The name can have a maximum length of 1024 characters + and must be at least 1 character long. + type: string + value: + description: |- + The value of the label must match the specified value. value can have a maximum + length of 1024 characters. + type: string + required: + - name + - value + type: object + type: array + filterMatchCriteria: + description: |- + Specifies how individual filterLabel matches within the list of filterLabels + contribute towards the overall metadataFilter match. Supported values are: + + * MATCH_ANY: At least one of the filterLabels must have a matching label in the + provided metadata. + * MATCH_ALL: All filterLabels must have matching labels in + the provided metadata. Possible values: ["MATCH_ALL", "MATCH_ANY"]. + type: string + required: + - filterLabels + - filterMatchCriteria + type: object + type: array + pathTemplateMatch: + description: |- + For satisfying the matchRule condition, the path of the request + must match the wildcard pattern specified in pathTemplateMatch + after removing any query parameters and anchor that may be part + of the original URL. + + pathTemplateMatch must be between 1 and 255 characters + (inclusive). The pattern specified by pathTemplateMatch may + have at most 5 wildcard operators and at most 5 variable + captures in total. + type: string + prefixMatch: + description: |- + For satisfying the matchRule condition, the request's path must begin with the + specified prefixMatch. prefixMatch must begin with a /. The value must be + between 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or + regexMatch must be specified. + type: string + queryParameterMatches: + description: |- + Specifies a list of query parameter match criteria, all of which must match + corresponding query parameters in the request. + items: + properties: + exactMatch: + description: |- + The queryParameterMatch matches if the value of the parameter exactly matches + the contents of exactMatch. Only one of presentMatch, exactMatch and regexMatch + must be set. + type: string + name: + description: |- + The name of the query parameter to match. The query parameter must exist in the + request, in the absence of which the request match fails. + type: string + presentMatch: + description: |- + Specifies that the queryParameterMatch matches if the request contains the query + parameter, irrespective of whether the parameter has a value or not. Only one of + presentMatch, exactMatch and regexMatch must be set. + type: boolean + regexMatch: + description: |- + The queryParameterMatch matches if the value of the parameter matches the + regular expression specified by regexMatch. For the regular expression grammar, + please see en.cppreference.com/w/cpp/regex/ecmascript Only one of presentMatch, + exactMatch and regexMatch must be set. + type: string + required: + - name + type: object + type: array + regexMatch: + description: |- + For satisfying the matchRule condition, the path of the request must satisfy the + regular expression specified in regexMatch after removing any query parameters + and anchor supplied with the original URL. For regular expression grammar please + see en.cppreference.com/w/cpp/regex/ecmascript Only one of prefixMatch, + fullPathMatch or regexMatch must be specified. + type: string + type: object + type: array + priority: + description: |- + For routeRules within a given pathMatcher, priority determines the order + in which load balancer will interpret routeRules. RouteRules are evaluated + in order of priority, from the lowest to highest number. The priority of + a rule decreases as its number increases (1, 2, 3, N+1). The first rule + that matches the request is applied. + + You cannot configure two or more routeRules with the same priority. + Priority for each rule must be set to a number between 0 and + 2147483647 inclusive. + + Priority numbers can have gaps, which enable you to add or remove rules + in the future without affecting the rest of the rules. For example, + 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which + you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the + future without any impact on existing rules. + type: integer + routeAction: + description: |- + In response to a matching matchRule, the load balancer performs advanced routing + actions like URL rewrites, header transformations, etc. prior to forwarding the + request to the selected backend. If routeAction specifies any + weightedBackendServices, service must not be set. Conversely if service is set, + routeAction cannot contain any weightedBackendServices. Only one of routeAction + or urlRedirect must be set. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see W3C + Recommendation for Cross Origin Resource Sharing. + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the + actual request can include user credentials. This translates to the Access- + Control-Allow-Credentials header. Defaults to false. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regular expression patterns that match allowed origins. For + regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. An + origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + disabled: + description: |- + If true, specifies the CORS policy is disabled. + which indicates that the CORS policy is in effect. Defaults to false. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long the results of a preflight request can be cached. This + translates to the content for the Access-Control-Max-Age header. + type: integer + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the + resiliency of clients to backend service failure. As part of fault injection, + when clients send requests to a backend service, delays can be introduced by + Loadbalancer on a percentage of requests before sending those request to the + backend service. Similarly requests from clients can be aborted by the + Loadbalancer for a percentage of requests. timeout and retry_policy will be + ignored by clients that are configured with a fault_injection_policy. + properties: + abort: + description: |- + The specification for how client requests are aborted as part of fault + injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. The value must be between 200 + and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be + aborted as part of fault injection. The value must be between 0.0 and 100.0 + inclusive. + type: number + type: object + delay: + description: |- + The specification for how client requests are delayed as part of fault + injection, before being sent to a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed + delay interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will + be introduced as part of fault injection. The value must be between 0.0 and + 100.0 inclusive. + type: number + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are + shadowed to a separate mirrored backend service. Loadbalancer does not wait for + responses from the shadow service. Prior to sending traffic to the shadow + service, the host / authority header is suffixed with -shadow. + properties: + backendServiceRef: + description: Required. The backend service resource + being mirrored to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + retryPolicy: + description: Specifies the retry policy associated + with this route. + properties: + numRetries: + description: Specifies the allowed number retries. + This number must be > 0. + type: integer + perTryTimeout: + description: Specifies a non-zero timeout per + retry attempt. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + retryConditions: + description: |- + Specifies one or more conditions when this retry rule applies. Valid values are: + + * 5xx: Loadbalancer will attempt a retry if the backend service responds with + any 5xx response code, or if the backend service does not respond at all, + example: disconnects, reset, read timeout, connection failure, and refused + streams. + * gateway-error: Similar to 5xx, but only applies to response codes + 502, 503 or 504. + * connect-failure: Loadbalancer will retry on failures + connecting to backend services, for example due to connection timeouts. + * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + * refused-stream: Loadbalancer will retry if the backend service resets the stream with a + REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + * cancelled: Loadbalancer will retry if the gRPC status code in the response + header is set to cancelled + * deadline-exceeded: Loadbalancer will retry if the + gRPC status code in the response header is set to deadline-exceeded + * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response + header is set to resource-exhausted + * unavailable: Loadbalancer will retry if the gRPC status code in + the response header is set to unavailable. + items: + type: string + type: array + required: + - numRetries + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time + the request is has been fully processed (i.e. end-of-stream) up until the + response has been completely processed. Timeout includes all retries. If not + specified, the default value is 15 seconds. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + urlRewrite: + description: |- + The spec to modify the URL of the request, prior to forwarding the request to + the matched service. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected service, the request's host + header is replaced with contents of hostRewrite. The value must be between 1 and + 255 characters. + type: string + pathPrefixRewrite: + description: |- + Prior to forwarding the request to the selected backend service, the matching + portion of the request's path is replaced by pathPrefixRewrite. The value must + be between 1 and 1024 characters. + type: string + pathTemplateRewrite: + description: |- + Prior to forwarding the request to the selected origin, if the + request matched a pathTemplateMatch, the matching portion of the + request's path is replaced re-written using the pattern specified + by pathTemplateRewrite. + + pathTemplateRewrite must be between 1 and 255 characters + (inclusive), must start with a '/', and must only use variables + captured by the route's pathTemplate matchers. + + pathTemplateRewrite may only be used when all of a route's + MatchRules specify pathTemplate. + + Only one of pathPrefixRewrite and pathTemplateRewrite may be + specified. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match + occurs. The weights determine the fraction of traffic that flows to their + corresponding backend service. If all traffic needs to go to a single backend + service, there must be one weightedBackendService with weight set to a non 0 + number. Once a backendService is identified and before forwarding the request to + the backend service, advanced routing actions like Url rewrites and header + transformations are applied depending on additional settings specified in this + HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + Required. The default backend service resource. Before forwarding + the request to backendService, the loadbalancer applies any relevant + headerActions specified as part of this backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. headerAction specified here take effect before + headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response + prior to sending the response back to + the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to backendService, computed as weight / + (sum of all weightedBackendService weights in routeAction) . The selection of a + backend service is determined only for new traffic. Once a user's request has + been directed to a backendService, subsequent requests will be sent to the same + backendService as determined by the BackendService's session affinity policy. + The value must be between 0 and 1000. + type: integer + required: + - backendServiceRef + - weight + type: object + type: array + type: object + service: + description: |- + The region backend service resource to which traffic is + directed if this rule is matched. If routeAction is additionally specified, + advanced routing actions like URL Rewrites, etc. take effect prior to sending + the request to the backend. However, if service is specified, routeAction cannot + contain any weightedBackendService s. Conversely, if routeAction specifies any + weightedBackendServices, service must not be specified. Only one of urlRedirect, + service or routeAction.weightedBackendService must be set. + type: string + urlRedirect: + description: |- + When this rule is matched, the request is redirected to a URL specified by + urlRedirect. If urlRedirect is specified, service or routeAction must not be + set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one + that was supplied in the request. The value must be between 1 and 255 + characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. + If set to false, the URL scheme of the redirected request will remain the + same as that of the request. This must only be set for UrlMaps used in + TargetHttpProxys. Setting this true for TargetHttpsProxy is not + permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one + that was supplied in the request. pathRedirect cannot be supplied + together with prefixRedirect. Supply one alone or neither. If neither is + supplied, the path of the original request will be used for the redirect. + The value must be between 1 and 1024 characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the + HttpRouteRuleMatch, retaining the remaining portion of the URL before + redirecting the request. prefixRedirect cannot be supplied together with + pathRedirect. Supply one alone or neither. If neither is supplied, the + path of the original request will be used for the redirect. The value + must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is + removed prior to redirecting the request. If set to false, the query + portion of the original URL is retained. The default value is false. + type: boolean + type: object + required: + - priority + type: object + type: array + required: + - name + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + test: + description: |- + The list of expected URL mappings. Requests to update this UrlMap will + succeed only if all of the test cases pass. + items: + properties: + description: + description: Description of this test case. + type: string + host: + description: Host portion of the URL. + type: string + path: + description: Path portion of the URL. + type: string + service: + description: |- + The backend service resource that should be matched by this test. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + required: + - host + - path + - service + type: object + type: array + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + fingerprint: + description: |- + Fingerprint of this resource. This field is used internally during + updates of this resource. + type: string + mapId: + description: The unique identifier for the resource. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computevpngateways.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeVPNGateway + plural: computevpngateways + shortNames: + - gcpcomputevpngateway + - gcpcomputevpngateways + singular: computevpngateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + networkRef: + description: The network this VPN gateway is accepting traffic for. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region this gateway should sit in. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + stackType: + description: |- + Immutable. The stack type for this VPN gateway to identify the IP protocols that are enabled. + If not specified, IPV4_ONLY will be used. Default value: "IPV4_ONLY" Possible values: ["IPV4_ONLY", "IPV4_IPV6"]. + type: string + vpnInterfaces: + description: Immutable. A list of interfaces on this VPN gateway. + items: + properties: + id: + description: Immutable. The numeric ID of this VPN gateway interface. + type: integer + interconnectAttachmentRef: + description: |- + Immutable. When this value is present, the VPN Gateway will be used + for IPsec-encrypted Cloud Interconnect; all Egress or Ingress + traffic for this VPN Gateway interface will go through the specified + interconnect attachment resource. Not currently available publicly. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInterconnectAttachment` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipAddress: + description: The external IP address for this VPN gateway interface. + type: string + type: object + type: array + required: + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computevpntunnels.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeVPNTunnel + plural: computevpntunnels + shortNames: + - gcpcomputevpntunnel + - gcpcomputevpntunnels + singular: computevpntunnel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + ikeVersion: + description: |- + Immutable. IKE protocol version to use when establishing the VPN tunnel with + peer VPN gateway. + Acceptable IKE versions are 1 or 2. Default version is 2. + type: integer + localTrafficSelector: + description: |- + Immutable. Local traffic selector to use when establishing the VPN tunnel with + peer VPN gateway. The value should be a CIDR formatted string, + for example '192.168.0.0/16'. The ranges should be disjoint. + Only IPv4 is supported. + items: + type: string + type: array + peerExternalGatewayInterface: + description: Immutable. The interface ID of the external VPN gateway + to which this VPN tunnel is connected. + type: integer + peerExternalGatewayRef: + description: |- + The peer side external VPN gateway to which this VPN tunnel + is connected. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeExternalVPNGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + peerGCPGatewayRef: + description: |- + The peer side HA GCP VPN gateway to which this VPN tunnel is + connected. If provided, the VPN tunnel will automatically use the + same VPN gateway interface ID in the peer GCP VPN gateway. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + peerIp: + description: Immutable. IP address of the peer VPN gateway. Only IPv4 + is supported. + type: string + region: + description: Immutable. The region where the tunnel is located. If + unset, is set to the region of 'target_vpn_gateway'. + type: string + remoteTrafficSelector: + description: |- + Immutable. Remote traffic selector to use when establishing the VPN tunnel with + peer VPN gateway. The value should be a CIDR formatted string, + for example '192.168.0.0/16'. The ranges should be disjoint. + Only IPv4 is supported. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + description: The router to be used for dynamic routing. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sharedSecret: + description: |- + Immutable. Shared secret used to set the secure session between the Cloud VPN + gateway and the peer VPN gateway. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + targetVPNGatewayRef: + description: |- + The ComputeTargetVPNGateway with which this VPN tunnel is + associated. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetVPNGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + vpnGatewayInterface: + description: Immutable. The interface ID of the VPN gateway with which + this VPN tunnel is associated. + type: integer + vpnGatewayRef: + description: |- + The ComputeVPNGateway with which this VPN tunnel is associated. + This must be used if a High Availability VPN gateway resource is + created. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + - sharedSecret + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + detailedStatus: + description: Detailed status message for the VPN tunnel. + type: string + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + sharedSecretHash: + description: Hash of the shared secret. + type: string + tunnelId: + description: The unique identifier for the resource. This identifier + is defined by the server. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + name: configcontrollerinstances.configcontroller.cnrm.cloud.google.com +spec: + group: configcontroller.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ConfigControllerInstance + plural: configcontrollerinstances + shortNames: + - gcpconfigcontrollerinstance + - gcpconfigcontrollerinstances + singular: configcontrollerinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: + description: Immutable. The location for the resource + type: string + managementConfig: + description: Immutable. Configuration of the cluster management + properties: + fullManagementConfig: + description: Immutable. Configuration of the full (Autopilot) + cluster management + properties: + clusterCidrBlock: + description: Immutable. The IP address range for the cluster + pod IPs. Set to blank to have a range chosen with the default + size. Set to /netmask (e.g. /14) to have a range chosen + with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) + from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, + 192.168.0.0/16) to pick a specific range to use. + type: string + clusterNamedRange: + description: Immutable. The name of the existing secondary + range in the cluster's subnetwork to use for pod IP addresses. + Alternatively, cluster_cidr_block can be used to automatically + create a GKE-managed one. + type: string + manBlock: + description: Immutable. Master Authorized Network. Allows + access to the k8s master from this block. + type: string + masterIPv4CidrBlock: + description: Immutable. The /28 network that the masters will + use. + type: string + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Existing VPC Network to put the GKE cluster and nodes in. + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + servicesCidrBlock: + description: Immutable. The IP address range for the cluster + service IPs. Set to blank to have a range chosen with the + default size. Set to /netmask (e.g. /14) to have a range + chosen with a specific netmask. Set to a CIDR notation (e.g. + 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, + 172.16.0.0/12, 192.168.0.0/16) to pick a specific range + to use. + type: string + servicesNamedRange: + description: Immutable. The name of the existing secondary + range in the cluster's subnetwork to use for service ClusterIPs. + Alternatively, services_cidr_block can be used to automatically + create a GKE-managed one. + type: string + type: object + standardManagementConfig: + description: Immutable. Configuration of the standard (GKE) cluster + management + properties: + clusterCidrBlock: + description: Immutable. The IP address range for the cluster + pod IPs. Set to blank to have a range chosen with the default + size. Set to /netmask (e.g. /14) to have a range chosen + with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) + from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, + 192.168.0.0/16) to pick a specific range to use. + type: string + clusterNamedRange: + description: Immutable. The name of the existing secondary + range in the cluster's subnetwork to use for pod IP addresses. + Alternatively, cluster_cidr_block can be used to automatically + create a GKE-managed one. + type: string + manBlock: + description: Immutable. Master Authorized Network. Allows + access to the k8s master from this block. + type: string + masterIPv4CidrBlock: + description: Immutable. The /28 network that the masters will + use. + type: string + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Existing VPC Network to put the GKE cluster and nodes in. + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + servicesCidrBlock: + description: Immutable. The IP address range for the cluster + service IPs. Set to blank to have a range chosen with the + default size. Set to /netmask (e.g. /14) to have a range + chosen with a specific netmask. Set to a CIDR notation (e.g. + 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, + 172.16.0.0/12, 192.168.0.0/16) to pick a specific range + to use. + type: string + servicesNamedRange: + description: Immutable. The name of the existing secondary + range in the cluster's subnetwork to use for service ClusterIPs. + Alternatively, services_cidr_block can be used to automatically + create a GKE-managed one. + type: string + required: + - masterIPv4CidrBlock + type: object + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + usePrivateEndpoint: + description: Immutable. Only allow access to the master's private + endpoint IP. + type: boolean + required: + - location + - managementConfig + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + gkeResourceLink: + description: Output only. KrmApiHost GCP self link used for identifying + the underlying endpoint (GKE cluster currently). + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The current state of the internal state + machine for the KrmApiHost. Possible values: STATE_UNSPECIFIED, + CREATING, RUNNING, DELETING, SUSPENDED, READ_ONLY' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: containeranalysisnotes.containeranalysis.cnrm.cloud.google.com +spec: + group: containeranalysis.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerAnalysisNote + plural: containeranalysisnotes + shortNames: + - gcpcontaineranalysisnote + - gcpcontaineranalysisnotes + singular: containeranalysisnote + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attestation: + description: A note describing an attestation role. + properties: + hint: + description: Hint hints at the purpose of the attestation authority. + properties: + humanReadableName: + description: Required. The human readable name of this attestation + authority, for example "qa". + type: string + required: + - humanReadableName + type: object + type: object + build: + description: A note describing build provenance for a verifiable build. + properties: + builderVersion: + description: Required. Immutable. Version of the builder which + produced this build. + type: string + required: + - builderVersion + type: object + deployment: + description: A note describing something that can be deployed. + properties: + resourceUri: + description: Required. Resource URI for the artifact being deployed. + items: + type: string + type: array + required: + - resourceUri + type: object + discovery: + description: A note describing the initial analysis of a resource. + properties: + analysisKind: + description: 'The kind of analysis that is handled by this discovery. + Possible values: NOTE_KIND_UNSPECIFIED, VULNERABILITY, BUILD, + IMAGE, PACKAGE, DEPLOYMENT, DISCOVERY, ATTESTATION, UPGRADE' + type: string + required: + - analysisKind + type: object + expirationTime: + description: Time of expiration for this note. Empty if note does + not expire. + format: date-time + type: string + image: + description: A note describing a base image. + properties: + fingerprint: + description: Required. Immutable. The fingerprint of the base + image. + properties: + v1Name: + description: Required. The layer ID of the final layer in + the Docker image's v1 representation. + type: string + v2Blob: + description: Required. The ordered list of v2 blobs that represent + a given image. + items: + type: string + type: array + required: + - v1Name + - v2Blob + type: object + resourceUrl: + description: Required. Immutable. The resource_url for the resource + representing the basis of associated occurrence images. + type: string + required: + - fingerprint + - resourceUrl + type: object + longDescription: + description: A detailed description of this note. + type: string + package: + description: Required for non-Windows OS. The package this Upgrade + is for. + properties: + distribution: + description: The various channels by which a package is distributed. + items: + properties: + architecture: + description: 'The CPU architecture for which packages in + this distribution channel were built Possible values: + ARCHITECTURE_UNSPECIFIED, X86, X64' + type: string + cpeUri: + description: The cpe_uri in [cpe format](https://cpe.mitre.org/specification/) + denoting the package manager version distributing a package. + type: string + description: + description: The distribution channel-specific description + of this package. + type: string + latestVersion: + description: The latest available version of this package + in this distribution channel. + properties: + epoch: + description: Used to correct mistakes in the version + numbering scheme. + format: int64 + type: integer + fullName: + description: Human readable version string. This string + is of the form :- and is only set when kind is NORMAL. + type: string + kind: + description: 'Distinguish between sentinel MIN/MAX versions + and normal versions. If kind is not NORMAL, then the + other fields are ignored. Possible values: VERSION_KIND_UNSPECIFIED, + NORMAL, MINIMUM, MAXIMUM' + type: string + name: + description: The main part of the version name. + type: string + revision: + description: The iteration of the package build from + the above version. + type: string + required: + - kind + type: object + maintainer: + description: A freeform string denoting the maintainer of + this package. + type: string + url: + description: The distribution channel-specific homepage + for this package. + type: string + required: + - cpeUri + type: object + type: array + name: + description: The name of the package. + type: string + required: + - name + type: object + relatedNoteNames: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `ContainerAnalysisNote` resource (format: `projects/{{project}}/notes/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + relatedUrl: + description: URLs associated with this note. + items: + properties: + label: + description: Label to describe usage of the URL + type: string + url: + description: Specific URL to associate with the note + type: string + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + shortDescription: + description: A one sentence description of this note. + type: string + vulnerability: + description: A note describing a package vulnerability. + properties: + cvssScore: + description: The CVSS score of this vulnerability. CVSS score + is on a scale of 0 - 10 where 0 indicates low severity and 10 + indicates high severity. + format: double + type: number + cvssV3: + description: The full description of the CVSSv3 for this vulnerability. + properties: + attackComplexity: + description: ' Possible values: ATTACK_COMPLEXITY_UNSPECIFIED, + ATTACK_COMPLEXITY_LOW, ATTACK_COMPLEXITY_HIGH' + type: string + attackVector: + description: 'Base Metrics Represents the intrinsic characteristics + of a vulnerability that are constant over time and across + user environments. Possible values: ATTACK_VECTOR_UNSPECIFIED, + ATTACK_VECTOR_NETWORK, ATTACK_VECTOR_ADJACENT, ATTACK_VECTOR_LOCAL, + ATTACK_VECTOR_PHYSICAL' + type: string + availabilityImpact: + description: ' Possible values: IMPACT_UNSPECIFIED, IMPACT_HIGH, + IMPACT_LOW, IMPACT_NONE' + type: string + baseScore: + description: The base score is a function of the base metric + scores. + format: double + type: number + confidentialityImpact: + description: ' Possible values: IMPACT_UNSPECIFIED, IMPACT_HIGH, + IMPACT_LOW, IMPACT_NONE' + type: string + exploitabilityScore: + format: double + type: number + impactScore: + format: double + type: number + integrityImpact: + description: ' Possible values: IMPACT_UNSPECIFIED, IMPACT_HIGH, + IMPACT_LOW, IMPACT_NONE' + type: string + privilegesRequired: + description: ' Possible values: PRIVILEGES_REQUIRED_UNSPECIFIED, + PRIVILEGES_REQUIRED_NONE, PRIVILEGES_REQUIRED_LOW, PRIVILEGES_REQUIRED_HIGH' + type: string + scope: + description: ' Possible values: SCOPE_UNSPECIFIED, SCOPE_UNCHANGED, + SCOPE_CHANGED' + type: string + userInteraction: + description: ' Possible values: USER_INTERACTION_UNSPECIFIED, + USER_INTERACTION_NONE, USER_INTERACTION_REQUIRED' + type: string + type: object + details: + description: Details of all known distros and packages affected + by this vulnerability. + items: + properties: + affectedCpeUri: + description: Required. The (https://cpe.mitre.org/specification/) + this vulnerability affects. + type: string + affectedPackage: + description: Required. The package this vulnerability affects. + type: string + affectedVersionEnd: + description: 'The version number at the end of an interval + in which this vulnerability exists. A vulnerability can + affect a package between version numbers that are disjoint + sets of intervals (example: ) each of which will be represented + in its own Detail. If a specific affected version is provided + by a vulnerability database, affected_version_start and + affected_version_end will be the same in that Detail.' + properties: + epoch: + description: Used to correct mistakes in the version + numbering scheme. + format: int64 + type: integer + fullName: + description: Human readable version string. This string + is of the form :- and is only set when kind is NORMAL. + type: string + kind: + description: 'Required. Distinguishes between sentinel + MIN/MAX versions and normal versions. Possible values: + NOTE_KIND_UNSPECIFIED, VULNERABILITY, BUILD, IMAGE, + PACKAGE, DEPLOYMENT, DISCOVERY, ATTESTATION, UPGRADE' + type: string + name: + description: Required only when version kind is NORMAL. + The main part of the version name. + type: string + revision: + description: The iteration of the package build from + the above version. + type: string + required: + - kind + type: object + affectedVersionStart: + description: 'The version number at the start of an interval + in which this vulnerability exists. A vulnerability can + affect a package between version numbers that are disjoint + sets of intervals (example: ) each of which will be represented + in its own Detail. If a specific affected version is provided + by a vulnerability database, affected_version_start and + affected_version_end will be the same in that Detail.' + properties: + epoch: + description: Used to correct mistakes in the version + numbering scheme. + format: int64 + type: integer + fullName: + description: Human readable version string. This string + is of the form :- and is only set when kind is NORMAL. + type: string + kind: + description: 'Required. Distinguishes between sentinel + MIN/MAX versions and normal versions. Possible values: + NOTE_KIND_UNSPECIFIED, VULNERABILITY, BUILD, IMAGE, + PACKAGE, DEPLOYMENT, DISCOVERY, ATTESTATION, UPGRADE' + type: string + name: + description: Required only when version kind is NORMAL. + The main part of the version name. + type: string + revision: + description: The iteration of the package build from + the above version. + type: string + required: + - kind + type: object + description: + description: A vendor-specific description of this vulnerability. + type: string + fixedCpeUri: + description: The distro recommended (https://cpe.mitre.org/specification/) + to update to that contains a fix for this vulnerability. + It is possible for this to be different from the affected_cpe_uri. + type: string + fixedPackage: + description: The distro recommended package to update to + that contains a fix for this vulnerability. It is possible + for this to be different from the affected_package. + type: string + fixedVersion: + description: The distro recommended version to update to + that contains a fix for this vulnerability. Setting this + to VersionKind.MAXIMUM means no such version is yet available. + properties: + epoch: + description: Used to correct mistakes in the version + numbering scheme. + format: int64 + type: integer + fullName: + description: Human readable version string. This string + is of the form :- and is only set when kind is NORMAL. + type: string + kind: + description: 'Required. Distinguishes between sentinel + MIN/MAX versions and normal versions. Possible values: + NOTE_KIND_UNSPECIFIED, VULNERABILITY, BUILD, IMAGE, + PACKAGE, DEPLOYMENT, DISCOVERY, ATTESTATION, UPGRADE' + type: string + name: + description: Required only when version kind is NORMAL. + The main part of the version name. + type: string + revision: + description: The iteration of the package build from + the above version. + type: string + required: + - kind + type: object + isObsolete: + description: Whether this detail is obsolete. Occurrences + are expected not to point to obsolete details. + type: boolean + packageType: + description: The type of package; whether native or non + native (e.g., ruby gems, node.js packages, etc.). + type: string + severityName: + description: The distro assigned severity of this vulnerability. + type: string + sourceUpdateTime: + description: The time this information was last changed + at the source. This is an upstream timestamp from the + underlying information source - e.g. Ubuntu security tracker. + format: date-time + type: string + required: + - affectedCpeUri + - affectedPackage + type: object + type: array + severity: + description: 'The note provider assigned severity of this vulnerability. + Possible values: SEVERITY_UNSPECIFIED, MINIMAL, LOW, MEDIUM, + HIGH, CRITICAL' + type: string + sourceUpdateTime: + description: The time this information was last changed at the + source. This is an upstream timestamp from the underlying information + source - e.g. Ubuntu security tracker. + format: date-time + type: string + windowsDetails: + description: Windows details get their own format because the + information format and model don't match a normal detail. Specifically + Windows updates are done as patches, thus Windows vulnerabilities + really are a missing package, rather than a package being at + an incorrect version. + items: + properties: + cpeUri: + description: Required. The (https://cpe.mitre.org/specification/) + this vulnerability affects. + type: string + description: + description: The description of this vulnerability. + type: string + fixingKbs: + description: Required. The names of the KBs which have hotfixes + to mitigate this vulnerability. Note that there may be + multiple hotfixes (and thus multiple KBs) that mitigate + a given vulnerability. Currently any listed KBs presence + is considered a fix. + items: + properties: + name: + description: The KB name (generally of the form KB+ + (e.g., KB123456)). + type: string + url: + description: A link to the KB in the (https://www.catalog.update.microsoft.com/). + type: string + type: object + type: array + name: + description: Required. The name of this vulnerability. + type: string + required: + - cpeUri + - fixingKbs + - name + type: object + type: array + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time this note was created. This field + can be used as a filter in list requests. + format: date-time + type: string + image: + properties: + fingerprint: + properties: + v2Name: + description: 'Output only. The name of the image''s v2 blobs + computed via: ) Only the name of the final blob is kept.' + type: string + type: object + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The time this note was last updated. This + field can be used as a filter in list requests. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: containeranalysisoccurrences.containeranalysis.cnrm.cloud.google.com +spec: + group: containeranalysis.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerAnalysisOccurrence + plural: containeranalysisoccurrences + shortNames: + - gcpcontaineranalysisoccurrence + - gcpcontaineranalysisoccurrences + singular: containeranalysisoccurrence + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attestation: + description: |- + Occurrence that represents a single "attestation". The authenticity + of an attestation can be verified using the attached signature. + If the verifier trusts the public key of the signer, then verifying + the signature is sufficient to establish trust. In this circumstance, + the authority to which this attestation is attached is primarily + useful for lookup (how to find this attestation if you already + know the authority and artifact to be verified) and intent (for + which authority this attestation was intended to sign. + properties: + serializedPayload: + description: |- + The serialized payload that is verified by one or + more signatures. A base64-encoded string. + type: string + signatures: + description: |- + One or more signatures over serializedPayload. + Verifier implementations should consider this attestation + message verified if at least one signature verifies + serializedPayload. See Signature in common.proto for more + details on signature structure and verification. + items: + properties: + publicKeyId: + description: |- + The identifier for the public key that verifies this + signature. MUST be an RFC3986 conformant + URI. * When possible, the key id should be an + immutable reference, such as a cryptographic digest. + Examples of valid values: + + * OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr + for more details on this scheme. + * 'openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA' + * RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization): + * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU". + type: string + signature: + description: |- + The content of the signature, an opaque bytestring. + The payload that this signature verifies MUST be + unambiguously provided with the Signature during + verification. A wrapper message might provide the + payload explicitly. Alternatively, a message might + have a canonical serialization that can always be + unambiguously computed to derive the payload. + type: string + required: + - publicKeyId + type: object + type: array + required: + - serializedPayload + - signatures + type: object + noteName: + description: |- + Immutable. The analysis note associated with this occurrence, in the form of + projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a + filter in list requests. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + remediation: + description: A description of actions that can be taken to remedy + the note. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + resourceUri: + description: |- + Immutable. Required. Immutable. A URI that represents the resource for which + the occurrence applies. For example, + https://gcr.io/project/image@sha256:123abc for a Docker image. + type: string + required: + - attestation + - noteName + - projectRef + - resourceUri + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the repository was created. + type: string + kind: + description: |- + The note kind which explicitly denotes which of the occurrence + details are specified. This field can be used as a filter in list + requests. + type: string + name: + description: The name of the occurrence. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: The time when the repository was last updated. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: containerattachedclusters.containerattached.cnrm.cloud.google.com +spec: + group: containerattached.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerAttachedCluster + listKind: ContainerAttachedClusterList + plural: containerattachedclusters + shortNames: + - gcpcontainerattachedcluster + - gcpcontainerattachedclusters + singular: containerattachedcluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: ContainerAttachedCluster is the Schema for the ContainerAttachedCluster + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ContainerAttachedClusterSpec defines the desired state of + ContainerAttachedCluster + properties: + annotations: + additionalProperties: + type: string + description: |- + Optional. Annotations on the cluster. + + This field has the same restrictions as Kubernetes annotations. + The total size of all keys and values combined is limited to 256k. + Key can have 2 segments: prefix (optional) and name (required), + separated by a slash (/). + Prefix must be a DNS subdomain. + Name must be 63 characters or less, begin and end with alphanumerics, + with dashes (-), underscores (_), dots (.), and alphanumerics between. + type: object + authorization: + description: Optional. Configuration related to the cluster RBAC settings. + properties: + adminUsers: + description: |- + Optional. Users that can perform operations as a cluster admin. A managed + ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole + to the users. Up to ten admin users can be provided. + + For more info on RBAC, see + https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + items: + type: string + type: array + type: object + binaryAuthorization: + description: Optional. Binary Authorization configuration for this + cluster. + properties: + evaluationMode: + description: 'Mode of operation for binauthz policy evaluation. + If unspecified, defaults to DISABLED. Possible values: ["DISABLED", + "PROJECT_SINGLETON_POLICY_ENFORCE"].' + type: string + type: object + deletionPolicy: + description: Optional. Policy to determine what flags to send on delete. + type: string + description: + description: Optional. A human readable description of this Attached + cluster. Cannot be longer than 255 UTF-8 encoded bytes. + type: string + distribution: + description: |- + Immutable. The Kubernetes distribution of the underlying attached cluster. + + Supported values: ["eks", "aks", "generic"]. + type: string + x-kubernetes-validations: + - message: Distribution field is immutable + rule: self == oldSelf + fleet: + description: Required. Fleet configuration. + properties: + membership: + description: |- + Output only. The name of the managed Hub Membership resource associated to + this cluster. + + Membership names are formatted as + `projects//locations/global/membership/`. + type: string + projectRef: + description: The id of the Fleet host project where this cluster + will be registered. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'The project of the fleet. Allowed value: The + Google Cloud resource name of a `Project` resource (format: + `projects/{{name}}`).' + type: string + name: + description: 'Name of the project resource. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the project resource. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + type: object + location: + description: Immutable. The location for the resource. + type: string + x-kubernetes-validations: + - message: Location field is immutable + rule: self == oldSelf + loggingConfig: + description: Optional. Logging configuration for this cluster. + properties: + componentConfig: + description: The configuration of the logging components; + properties: + enableComponents: + description: 'The components to be enabled. Possible values: + ["SYSTEM_COMPONENTS", "WORKLOADS"].' + items: + type: string + type: array + type: object + type: object + monitoringConfig: + description: Optional. Monitoring configuration for this cluster. + properties: + managedPrometheusConfig: + description: Enable Google Cloud Managed Service for Prometheus + in the cluster. + properties: + enabled: + description: Enable Managed Collection. + type: boolean + type: object + type: object + oidcConfig: + description: "Required. OpenID Connect (OIDC) discovery information + of the target cluster.\n\nKubernetes Service Account (KSA) tokens + are JWT tokens signed by the cluster\nAPI server. This field indicates + how GCP services\tvalidate KSA tokens in order\nto allow system + workloads (such as GKE Connect and telemetry agents) to\nauthenticate + back to GCP.\n\nBoth clusters with public and private issuer URLs + are supported.\nClusters with public issuers only need to specify + the 'issuerUrl' field\nwhile clusters with private issuers need + to provide both 'issuerUrl' and 'jwks'." + properties: + issuerUrl: + description: Immutable. A JSON Web Token (JWT) issuer URI. `issuer` + must start with `https://`. + type: string + x-kubernetes-validations: + - message: IssuerURL field is immutable + rule: self == oldSelf + jwks: + description: |- + Immutable, Optional. OIDC verification keys in JWKS format (RFC 7517). + It contains a list of OIDC verification keys that can be used to verify + OIDC JWTs. + + This field is required for cluster that doesn't have a publicly available + discovery endpoint. When provided, it will be directly used + to verify the OIDC JWT asserted by the IDP. + format: byte + type: string + x-kubernetes-validations: + - message: Jwks field is immutable + rule: self == oldSelf + required: + - issuerUrl + type: object + x-kubernetes-validations: + - message: OidcConfig field is immutable + rule: self == oldSelf + platformVersion: + description: Required. The platform version for the cluster (e.g. + `1.30.0-gke.1`). + type: string + projectRef: + description: The ID of the project in which the resource belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: Immutable, Optional. The ContainerAttachedCluster name. + If not given, the metadata.name will be used. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + required: + - distribution + - fleet + - location + - oidcConfig + - platformVersion + - projectRef + type: object + status: + description: ContainerAttachedClusterStatus defines the config connector + machine state of ContainerAttachedCluster + properties: + clusterRegion: + description: |- + The region where this cluster runs. + + For EKS clusters, this is an AWS region. For AKS clusters, + this is an Azure region. + type: string + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time at which this cluster was registered. + type: string + errors: + description: A set of errors found in the cluster. + items: + properties: + message: + description: Human-friendly description of the error. + type: string + type: object + type: array + kubernetesVersion: + description: The Kubernetes version of the cluster. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + fleetMembership: + description: |- + Output only. The name of the managed Hub Membership resource associated to + this cluster. + + Membership names are formatted as + `projects//locations/global/membership/`. + This field mirrors the Spec.Fleet.Membership field. + type: string + type: object + reconciling: + description: If set, there are currently changes in flight to the + cluster. + type: boolean + state: + description: "The current state of the cluster. Possible values:\tSTATE_UNSPECIFIED, + PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR,\tDEGRADED." + type: string + uid: + description: A globally unique identifier for the cluster. + type: string + updateTime: + description: The time at which this cluster was last updated. + type: string + workloadIdentityConfig: + description: Workload Identity settings. + items: + properties: + identityProvider: + description: The ID of the OIDC Identity Provider (IdP) associated + to the Workload Identity Pool. + type: string + issuerUri: + description: The OIDC issuer URL for this cluster. + type: string + workloadPool: + description: The Workload Identity Pool associated to the cluster. + type: string + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: containerclusters.container.cnrm.cloud.google.com +spec: + group: container.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerCluster + plural: containerclusters + shortNames: + - gcpcontainercluster + - gcpcontainerclusters + singular: containercluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addonsConfig: + description: The configuration for addons supported by GKE. + properties: + cloudrunConfig: + description: The status of the CloudRun addon. It is disabled + by default. Set disabled = false to enable. + properties: + disabled: + type: boolean + loadBalancerType: + type: string + required: + - disabled + type: object + configConnectorConfig: + description: The of the Config Connector addon. + properties: + enabled: + type: boolean + required: + - enabled + type: object + dnsCacheConfig: + description: The status of the NodeLocal DNSCache addon. It is + disabled by default. Set enabled = true to enable. + properties: + enabled: + type: boolean + required: + - enabled + type: object + gcePersistentDiskCsiDriverConfig: + description: 'Whether this cluster should enable the Google Compute + Engine Persistent Disk Container Storage Interface (CSI) Driver. + Set enabled = true to enable. The Compute Engine persistent + disk CSI Driver is enabled by default on newly created clusters + for the following versions: Linux clusters: GKE version 1.18.10-gke.2100 + or later, or 1.19.3-gke.2100 or later.' + properties: + enabled: + type: boolean + required: + - enabled + type: object + gcpFilestoreCsiDriverConfig: + description: The status of the Filestore CSI driver addon, which + allows the usage of filestore instance as volumes. Defaults + to disabled; set enabled = true to enable. + properties: + enabled: + type: boolean + required: + - enabled + type: object + gcsFuseCsiDriverConfig: + description: The status of the GCS Fuse CSI driver addon, which + allows the usage of gcs bucket as volumes. Defaults to disabled; + set enabled = true to enable. + properties: + enabled: + type: boolean + required: + - enabled + type: object + gkeBackupAgentConfig: + description: The status of the Backup for GKE Agent addon. It + is disabled by default. Set enabled = true to enable. + properties: + enabled: + type: boolean + required: + - enabled + type: object + horizontalPodAutoscaling: + description: The status of the Horizontal Pod Autoscaling addon, + which increases or decreases the number of replica pods a replication + controller has based on the resource usage of the existing pods. + It ensures that a Heapster pod is running in the cluster, which + is also used by the Cloud Monitoring service. It is enabled + by default; set disabled = true to disable. + properties: + disabled: + type: boolean + required: + - disabled + type: object + httpLoadBalancing: + description: The status of the HTTP (L7) load balancing controller + addon, which makes it easy to set up HTTP load balancers for + services in a cluster. It is enabled by default; set disabled + = true to disable. + properties: + disabled: + type: boolean + required: + - disabled + type: object + istioConfig: + description: The status of the Istio addon. + properties: + auth: + description: The authentication type between services in Istio. + Available options include AUTH_MUTUAL_TLS. + type: string + disabled: + description: The status of the Istio addon, which makes it + easy to set up Istio for services in a cluster. It is disabled + by default. Set disabled = false to enable. + type: boolean + required: + - disabled + type: object + kalmConfig: + description: Configuration for the KALM addon, which manages the + lifecycle of k8s. It is disabled by default; Set enabled = true + to enable. + properties: + enabled: + type: boolean + required: + - enabled + type: object + networkPolicyConfig: + description: Whether we should enable the network policy addon + for the master. This must be enabled in order to enable network + policy for the nodes. To enable this, you must also define a + network_policy block, otherwise nothing will happen. It can + only be disabled if the nodes already do not have network policies + enabled. Defaults to disabled; set disabled = false to enable. + properties: + disabled: + type: boolean + required: + - disabled + type: object + type: object + allowNetAdmin: + description: Enable NET_ADMIN for this cluster. + type: boolean + authenticatorGroupsConfig: + description: Configuration for the Google Groups for GKE feature. + properties: + securityGroup: + description: The name of the RBAC security group for use with + Google security groups in Kubernetes RBAC. Group name must be + in format gke-security-groups@yourdomain.com. + type: string + required: + - securityGroup + type: object + binaryAuthorization: + description: Configuration options for the Binary Authorization feature. + properties: + enabled: + description: DEPRECATED. Deprecated in favor of evaluation_mode. + Enable Binary Authorization for this cluster. + type: boolean + evaluationMode: + description: Mode of operation for Binary Authorization policy + evaluation. + type: string + type: object + clusterAutoscaling: + description: Per-cluster configuration of Node Auto-Provisioning with + Cluster Autoscaler to automatically adjust the size of the cluster + and create/delete node pools based on the current needs of the cluster's + workload. See the guide to using Node Auto-Provisioning for more + details. + properties: + autoProvisioningDefaults: + description: Contains defaults for a node pool created by NAP. + properties: + bootDiskKMSKeyRef: + description: |- + Immutable. The Customer Managed Encryption Key used to encrypt the + boot disk attached to each node in the node pool. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + diskSize: + description: Size of the disk attached to each node, specified + in GB. The smallest allowed disk size is 10GB. + type: integer + imageType: + description: The default image type used by NAP once a new + node pool is being created. + type: string + management: + description: NodeManagement configuration for this NodePool. + properties: + autoRepair: + description: Specifies whether the node auto-repair is + enabled for the node pool. If enabled, the nodes in + this node pool will be monitored and, if they fail health + checks too many times, an automatic repair action will + be triggered. + type: boolean + autoUpgrade: + description: Specifies whether node auto-upgrade is enabled + for the node pool. If enabled, node auto-upgrade helps + keep the nodes in your node pool up to date with the + latest release version of Kubernetes. + type: boolean + upgradeOptions: + description: Specifies the Auto Upgrade knobs for the + node pool. + items: + properties: + autoUpgradeStartTime: + description: This field is set when upgrades are + about to commence with the approximate start time + for the upgrades, in RFC3339 text format. + type: string + description: + description: This field is set when upgrades are + about to commence with the description of the + upgrade. + type: string + type: object + type: array + type: object + minCpuPlatform: + description: Minimum CPU platform to be used by this instance. + The instance may be scheduled on the specified or newer + CPU platform. Applicable values are the friendly names of + CPU platforms, such as Intel Haswell. + type: string + oauthScopes: + description: Scopes that are used by NAP when creating node + pools. + items: + type: string + type: array + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + shieldedInstanceConfig: + description: Shielded Instance options. + properties: + enableIntegrityMonitoring: + description: Defines whether the instance has integrity + monitoring enabled. + type: boolean + enableSecureBoot: + description: Defines whether the instance has Secure Boot + enabled. + type: boolean + type: object + upgradeSettings: + description: Specifies the upgrade settings for NAP created + node pools. + properties: + blueGreenSettings: + description: Settings for blue-green upgrade strategy. + properties: + nodePoolSoakDuration: + description: "Time needed after draining entire blue + pool. After this period, blue pool will be cleaned + up.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA duration + in seconds with up to nine fractional digits, ending + with 's'. Example: \"3.5s\"." + type: string + standardRolloutPolicy: + description: Standard policy for the blue-green upgrade. + properties: + batchNodeCount: + description: Number of blue nodes to drain in + a batch. + type: integer + batchPercentage: + description: Percentage of the bool pool nodes + to drain in a batch. The range of this field + should be (0.0, 1.0]. + type: number + batchSoakDuration: + description: "Soak time after each batch gets + drained.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA + duration in seconds with up to nine fractional + digits, ending with 's'. Example: \"3.5s\"." + type: string + type: object + type: object + maxSurge: + description: The maximum number of nodes that can be created + beyond the current size of the node pool during the + upgrade process. + type: integer + maxUnavailable: + description: The maximum number of nodes that can be simultaneously + unavailable during the upgrade process. + type: integer + strategy: + description: Update strategy of the node pool. + type: string + type: object + type: object + autoscalingProfile: + description: Configuration options for the Autoscaling profile + feature, which lets you choose whether the cluster autoscaler + should optimize for resource utilization or resource availability + when deciding to remove nodes from a cluster. Can be BALANCED + or OPTIMIZE_UTILIZATION. Defaults to BALANCED. + type: string + enabled: + description: Whether node auto-provisioning is enabled. Resource + limits for cpu and memory must be defined to enable node auto-provisioning. + type: boolean + resourceLimits: + description: Global constraints for machine resources in the cluster. + Configuring the cpu and memory types is required if node auto-provisioning + is enabled. These limits will apply to node pool autoscaling + in addition to node auto-provisioning. + items: + properties: + maximum: + description: Maximum amount of the resource in the cluster. + type: integer + minimum: + description: Minimum amount of the resource in the cluster. + type: integer + resourceType: + description: The type of the resource. For example, cpu + and memory. See the guide to using Node Auto-Provisioning + for a list of types. + type: string + required: + - resourceType + type: object + type: array + type: object + clusterIpv4Cidr: + description: Immutable. The IP address range of the Kubernetes pods + in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank + to have one automatically chosen or specify a /14 block in 10.0.0.0/8. + This field will only work for routes-based clusters, where ip_allocation_policy + is not defined. + type: string + clusterTelemetry: + description: Telemetry integration for the cluster. + properties: + type: + description: Type of the integration. + type: string + required: + - type + type: object + confidentialNodes: + description: 'Immutable. Configuration for the confidential nodes + feature, which makes nodes run on confidential VMs. Warning: This + configuration can''t be changed (or added/removed) after cluster + creation without deleting and recreating the entire cluster.' + properties: + enabled: + description: Immutable. Whether Confidential Nodes feature is + enabled for all nodes in this cluster. + type: boolean + required: + - enabled + type: object + costManagementConfig: + description: Cost management configuration for the cluster. + properties: + enabled: + description: Whether to enable GKE cost allocation. When you enable + GKE cost allocation, the cluster name and namespace of your + GKE workloads appear in the labels field of the billing export + to BigQuery. Defaults to false. + type: boolean + required: + - enabled + type: object + databaseEncryption: + description: 'Application-layer Secrets Encryption settings. The object + format is {state = string, key_name = string}. Valid values of state + are: "ENCRYPTED"; "DECRYPTED". key_name is the name of a CloudKMS + key.' + properties: + keyName: + description: The key to use to encrypt/decrypt secrets. + type: string + state: + description: ENCRYPTED or DECRYPTED. + type: string + required: + - state + type: object + datapathProvider: + description: Immutable. The desired datapath provider for this cluster. + By default, uses the IPTables-based kube-proxy implementation. + type: string + defaultMaxPodsPerNode: + description: Immutable. The default maximum number of pods per node + in this cluster. This doesn't work on "routes-based" clusters, clusters + that don't have IP Aliasing enabled. + type: integer + defaultSnatStatus: + description: Whether the cluster disables default in-node sNAT rules. + In-node sNAT rules will be disabled when defaultSnatStatus is disabled. + properties: + disabled: + description: When disabled is set to false, default IP masquerade + rules will be applied to the nodes to prevent sNAT on cluster + internal traffic. + type: boolean + required: + - disabled + type: object + description: + description: Immutable. Description of the cluster. + type: string + dnsConfig: + description: Immutable. Configuration for Cloud DNS for Kubernetes + Engine. + properties: + clusterDns: + description: Which in-cluster DNS provider should be used. + type: string + clusterDnsDomain: + description: The suffix used for all cluster service records. + type: string + clusterDnsScope: + description: The scope of access to cluster DNS records. + type: string + type: object + enableAutopilot: + description: Immutable. Enable Autopilot for this cluster. + type: boolean + enableBinaryAuthorization: + description: DEPRECATED. Deprecated in favor of binary_authorization. + Enable Binary Authorization for this cluster. If enabled, all container + images will be validated by Google Binary Authorization. + type: boolean + enableFqdnNetworkPolicy: + description: Whether FQDN Network Policy is enabled on this cluster. + type: boolean + enableIntranodeVisibility: + description: Whether Intra-node visibility is enabled for this cluster. + This makes same node pod to pod traffic visible for VPC network. + type: boolean + enableK8sBetaApis: + description: Configuration for Kubernetes Beta APIs. + properties: + enabledApis: + description: Enabled Kubernetes Beta APIs. + items: + type: string + type: array + required: + - enabledApis + type: object + enableKubernetesAlpha: + description: Immutable. Whether to enable Kubernetes Alpha features + for this cluster. Note that when this option is enabled, the cluster + cannot be upgraded and will be automatically deleted after 30 days. + type: boolean + enableL4IlbSubsetting: + description: Whether L4ILB Subsetting is enabled for this cluster. + type: boolean + enableLegacyAbac: + description: Whether the ABAC authorizer is enabled for this cluster. + When enabled, identities in the system, including service accounts, + nodes, and controllers, will have statically granted permissions + beyond those provided by the RBAC configuration or IAM. Defaults + to false. + type: boolean + enableMultiNetworking: + description: Immutable. Whether multi-networking is enabled for this + cluster. + type: boolean + enableShieldedNodes: + description: Enable Shielded Nodes features on all nodes in this cluster. + Defaults to true. + type: boolean + enableTpu: + description: Immutable. Whether to enable Cloud TPU resources in this + cluster. + type: boolean + gatewayApiConfig: + description: Configuration for GKE Gateway API controller. + properties: + channel: + description: The Gateway API release channel to use for Gateway + API. + type: string + required: + - channel + type: object + identityServiceConfig: + description: Configuration for Identity Service which allows customers + to use external identity providers with the K8S API. + properties: + enabled: + description: Whether to enable the Identity Service component. + type: boolean + type: object + initialNodeCount: + description: Immutable. The number of nodes to create in this cluster's + default node pool. In regional or multi-zonal clusters, this is + the number of nodes per zone. Must be set if node_pool is not set. + If you're using google_container_node_pool objects with no default + node pool, you'll need to set this to a value of at least 1, alongside + setting remove_default_node_pool to true. + type: integer + ipAllocationPolicy: + description: Immutable. Configuration of cluster IP allocation for + VPC-native clusters. Adding this block enables IP aliasing, making + the cluster VPC-native instead of routes-based. + properties: + additionalPodRangesConfig: + description: AdditionalPodRangesConfig is the configuration for + additional pod secondary ranges supporting the ClusterUpdate + message. + properties: + podRangeNames: + description: Name for pod secondary ipv4 range which has the + actual range defined ahead. + items: + type: string + type: array + required: + - podRangeNames + type: object + clusterIpv4CidrBlock: + description: Immutable. The IP address range for the cluster pod + IPs. Set to blank to have a range chosen with the default size. + Set to /netmask (e.g. /14) to have a range chosen with a specific + netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the + RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) + to pick a specific range to use. + type: string + clusterSecondaryRangeName: + description: Immutable. The name of the existing secondary range + in the cluster's subnetwork to use for pod IP addresses. Alternatively, + cluster_ipv4_cidr_block can be used to automatically create + a GKE-managed one. + type: string + podCidrOverprovisionConfig: + description: Immutable. Configuration for cluster level pod cidr + overprovision. Default is disabled=false. + properties: + disabled: + type: boolean + required: + - disabled + type: object + servicesIpv4CidrBlock: + description: Immutable. The IP address range of the services IPs + in this cluster. Set to blank to have a range chosen with the + default size. Set to /netmask (e.g. /14) to have a range chosen + with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) + from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, + 192.168.0.0/16) to pick a specific range to use. + type: string + servicesSecondaryRangeName: + description: Immutable. The name of the existing secondary range + in the cluster's subnetwork to use for service ClusterIPs. Alternatively, + services_ipv4_cidr_block can be used to automatically create + a GKE-managed one. + type: string + stackType: + description: Immutable. The IP Stack type of the cluster. Choose + between IPV4 and IPV4_IPV6. Default type is IPV4 Only if not + set. + type: string + type: object + location: + description: Immutable. The location (region or zone) in which the + cluster master will be created, as well as the default node location. + If you specify a zone (such as us-central1-a), the cluster will + be a zonal cluster with a single cluster master. If you specify + a region (such as us-west1), the cluster will be a regional cluster + with multiple masters spread across zones in the region, and with + default node locations in those zones as well. + type: string + loggingConfig: + description: Logging configuration for the cluster. + properties: + enableComponents: + description: GKE components exposing logs. Valid values include + SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, + and WORKLOADS. + items: + type: string + type: array + required: + - enableComponents + type: object + loggingService: + description: The logging service that the cluster should write logs + to. Available options include logging.googleapis.com(Legacy Stackdriver), + logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine + Logging), and none. Defaults to logging.googleapis.com/kubernetes. + type: string + maintenancePolicy: + description: The maintenance policy to use for the cluster. + properties: + dailyMaintenanceWindow: + description: 'Time window specified for daily maintenance operations. + Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] + and MM : [00-59] GMT.' + properties: + duration: + type: string + startTime: + type: string + required: + - startTime + type: object + maintenanceExclusion: + description: Exceptions to maintenance window. Non-emergency maintenance + should not occur in these windows. + items: + properties: + endTime: + type: string + exclusionName: + type: string + exclusionOptions: + description: Maintenance exclusion related options. + properties: + scope: + description: The scope of automatic upgrades to restrict + in the exclusion window. + type: string + required: + - scope + type: object + startTime: + type: string + required: + - endTime + - exclusionName + - startTime + type: object + type: array + recurringWindow: + description: Time window for recurring maintenance operations. + properties: + endTime: + type: string + recurrence: + type: string + startTime: + type: string + required: + - endTime + - recurrence + - startTime + type: object + type: object + masterAuth: + description: DEPRECATED. Basic authentication was removed for GKE + cluster versions >= 1.19. The authentication information for accessing + the Kubernetes master. Some values in this block are only returned + by the API if your service account has permission to get credentials + for your GKE cluster. If you see an unexpected diff unsetting your + client cert, ensure you have the container.clusters.getCredentials + permission. + properties: + clientCertificate: + description: Base64 encoded public certificate used by clients + to authenticate to the cluster endpoint. + type: string + clientCertificateConfig: + description: Immutable. Whether client certificate authorization + is enabled for this cluster. + properties: + issueClientCertificate: + description: Immutable. Whether client certificate authorization + is enabled for this cluster. + type: boolean + required: + - issueClientCertificate + type: object + clientKey: + description: Base64 encoded private key used by clients to authenticate + to the cluster endpoint. + type: string + clusterCaCertificate: + description: Base64 encoded public certificate that is the root + of trust for the cluster. + type: string + password: + description: The password to use for HTTP basic authentication + when accessing the Kubernetes master endpoint. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + description: The username to use for HTTP basic authentication + when accessing the Kubernetes master endpoint. If not present + basic auth will be disabled. + type: string + type: object + masterAuthorizedNetworksConfig: + description: The desired configuration options for master authorized + networks. Omit the nested cidr_blocks attribute to disallow external + access (except the cluster node IPs, which GKE automatically whitelists). + properties: + cidrBlocks: + description: External networks that can access the Kubernetes + cluster master through HTTPS. + items: + properties: + cidrBlock: + description: External network that can access Kubernetes + master through HTTPS. Must be specified in CIDR notation. + type: string + displayName: + description: Field for users to identify CIDR blocks. + type: string + required: + - cidrBlock + type: object + type: array + gcpPublicCidrsAccessEnabled: + description: Whether master is accessbile via Google Compute Engine + Public IP addresses. + type: boolean + type: object + meshCertificates: + description: If set, and enable_certificates=true, the GKE Workload + Identity Certificates controller and node agent will be deployed + in the cluster. + properties: + enableCertificates: + description: When enabled the GKE Workload Identity Certificates + controller and node agent will be deployed in the cluster. + type: boolean + required: + - enableCertificates + type: object + minMasterVersion: + description: The minimum version of the master. GKE will auto-update + the master to new versions, so this does not guarantee the current + master version--use the read-only master_version field to obtain + that. If unset, the cluster's version will be set by GKE to the + version of the most recent official release (which is not necessarily + the latest version). + type: string + monitoringConfig: + description: Monitoring configuration for the cluster. + properties: + advancedDatapathObservabilityConfig: + description: Configuration of Advanced Datapath Observability + features. + items: + properties: + enableMetrics: + description: Whether or not the advanced datapath metrics + are enabled. + type: boolean + relayMode: + description: Mode used to make Relay available. + type: string + required: + - enableMetrics + type: object + type: array + enableComponents: + description: GKE components exposing metrics. Valid values include + SYSTEM_COMPONENTS, APISERVER, SCHEDULER, CONTROLLER_MANAGER, + STORAGE, HPA, POD, DAEMONSET, DEPLOYMENT, STATEFULSET and WORKLOADS. + items: + type: string + type: array + managedPrometheus: + description: Configuration for Google Cloud Managed Services for + Prometheus. + properties: + enabled: + description: Whether or not the managed collection is enabled. + type: boolean + required: + - enabled + type: object + type: object + monitoringService: + description: The monitoring service that the cluster should write + metrics to. Automatically send metrics from pods in the cluster + to the Google Cloud Monitoring API. VM metrics will be collected + by Google Compute Engine regardless of this setting Available options + include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver + Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes. + type: string + networkPolicy: + description: Configuration options for the NetworkPolicy feature. + properties: + enabled: + description: Whether network policy is enabled on the cluster. + type: boolean + provider: + description: The selected network policy provider. Defaults to + PROVIDER_UNSPECIFIED. + type: string + required: + - enabled + type: object + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkingMode: + description: Immutable. Determines whether alias IPs or routes will + be used for pod IPs in the cluster. + type: string + nodeConfig: + description: Immutable. The configuration of the nodepool. + properties: + advancedMachineFeatures: + description: Immutable. Specifies options for controlling advanced + machine features. + properties: + threadsPerCore: + description: Immutable. The number of threads per physical + core. To disable simultaneous multithreading (SMT) set this + to 1. If unset, the maximum number of threads supported + per core by the underlying processor is assumed. + type: integer + required: + - threadsPerCore + type: object + bootDiskKMSCryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + confidentialNodes: + description: 'Immutable. Configuration for the confidential nodes + feature, which makes nodes run on confidential VMs. Warning: + This configuration can''t be changed (or added/removed) after + pool creation without deleting and recreating the entire pool.' + properties: + enabled: + description: Immutable. Whether Confidential Nodes feature + is enabled for all nodes in this pool. + type: boolean + required: + - enabled + type: object + diskSizeGb: + description: Immutable. Size of the disk attached to each node, + specified in GB. The smallest allowed disk size is 10GB. + type: integer + diskType: + description: Immutable. Type of the disk attached to each node. + Such as pd-standard, pd-balanced or pd-ssd. + type: string + ephemeralStorageConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. + type: integer + required: + - localSsdCount + type: object + ephemeralStorageLocalSsdConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. + type: integer + required: + - localSsdCount + type: object + fastSocket: + description: Enable or disable NCCL Fast Socket in the node pool. + properties: + enabled: + description: Whether or not NCCL Fast Socket is enabled. + type: boolean + required: + - enabled + type: object + gcfsConfig: + description: Immutable. GCFS configuration for this node. + properties: + enabled: + description: Immutable. Whether or not GCFS is enabled. + type: boolean + required: + - enabled + type: object + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the accelerator cards + exposed to an instance. + type: integer + gpuDriverInstallationConfig: + description: Immutable. Configuration for auto installation + of GPU driver. + properties: + gpuDriverVersion: + description: Immutable. Mode for how the GPU driver + is installed. + type: string + required: + - gpuDriverVersion + type: object + gpuPartitionSize: + description: Immutable. Size of partitions to create on + the GPU. Valid values are described in the NVIDIA mig + user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). + type: string + gpuSharingConfig: + description: Immutable. Configuration for GPU sharing. + properties: + gpuSharingStrategy: + description: Immutable. The type of GPU sharing strategy + to enable on the GPU node. Possible values are described + in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig). + type: string + maxSharedClientsPerGpu: + description: Immutable. The maximum number of containers + that can share a GPU. + type: integer + required: + - gpuSharingStrategy + - maxSharedClientsPerGpu + type: object + type: + description: Immutable. The accelerator type resource name. + type: string + required: + - count + - type + type: object + type: array + gvnic: + description: Immutable. Enable or disable gvnic in the node pool. + properties: + enabled: + description: Immutable. Whether or not gvnic is enabled. + type: boolean + required: + - enabled + type: object + hostMaintenancePolicy: + description: Immutable. The maintenance policy for the hosts on + which the GKE VMs run on. + properties: + maintenanceInterval: + description: Immutable. . + type: string + required: + - maintenanceInterval + type: object + imageType: + description: The image type to use for this node. Note that for + a given image type, the latest version of it will be used. + type: string + kubeletConfig: + description: Node kubelet configs. + properties: + cpuCfsQuota: + description: Enable CPU CFS quota enforcement for containers + that specify CPU limits. + type: boolean + cpuCfsQuotaPeriod: + description: Set the CPU CFS quota period value 'cpu.cfs_period_us'. + type: string + cpuManagerPolicy: + description: Control the CPU management policy on the node. + type: string + podPidsLimit: + description: Controls the maximum number of processes allowed + to run in a pod. + type: integer + required: + - cpuManagerPolicy + type: object + labels: + additionalProperties: + type: string + description: Immutable. The map of Kubernetes labels (key/value + pairs) to be applied to each node. These will added in addition + to any default label(s) that Kubernetes may apply to the node. + type: object + linuxNodeConfig: + description: Parameters that can be configured on Linux nodes. + properties: + cgroupMode: + description: cgroupMode specifies the cgroup mode to be used + on the node. + type: string + sysctls: + additionalProperties: + type: string + description: The Linux kernel parameters to be applied to + the nodes and all pods running on the nodes. + type: object + type: object + localNvmeSsdBlockConfig: + description: Immutable. Parameters for raw-block local NVMe SSDs. + properties: + localSsdCount: + description: Immutable. Number of raw-block local NVMe SSD + disks to be attached to the node. Each local SSD is 375 + GB in size. + type: integer + required: + - localSsdCount + type: object + localSsdCount: + description: Immutable. The number of local SSD disks to be attached + to the node. + type: integer + loggingVariant: + description: Type of logging agent that is used as the default + value for node pools in the cluster. Valid values include DEFAULT + and MAX_THROUGHPUT. + type: string + machineType: + description: Immutable. The name of a Google Compute Engine machine + type. + type: string + metadata: + additionalProperties: + type: string + description: Immutable. The metadata key/value pairs assigned + to instances in the cluster. + type: object + minCpuPlatform: + description: Immutable. Minimum CPU platform to be used by this + instance. The instance may be scheduled on the specified or + newer CPU platform. + type: string + nodeGroupRef: + description: |- + Immutable. Setting this field will assign instances + of this pool to run on the specified node group. This is useful + for running workloads on sole tenant nodes. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNodeGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + oauthScopes: + description: Immutable. The set of Google API scopes to be made + available on all of the node VMs. + items: + type: string + type: array + preemptible: + description: Immutable. Whether the nodes are created as preemptible + VM instances. + type: boolean + reservationAffinity: + description: Immutable. The reservation affinity configuration + for the node pool. + properties: + consumeReservationType: + description: Immutable. Corresponds to the type of reservation + consumption. + type: string + key: + description: Immutable. The label key of a reservation resource. + type: string + values: + description: Immutable. The label values of the reservation + resource. + items: + type: string + type: array + required: + - consumeReservationType + type: object + resourceLabels: + additionalProperties: + type: string + description: The GCE resource labels (a map of key/value pairs) + to be applied to the node pool. + type: object + sandboxConfig: + description: Immutable. Sandbox configuration for this node. + properties: + sandboxType: + description: Type of the sandbox to use for the node (e.g. + 'gvisor'). + type: string + required: + - sandboxType + type: object + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + shieldedInstanceConfig: + description: Immutable. Shielded Instance options. + properties: + enableIntegrityMonitoring: + description: Immutable. Defines whether the instance has integrity + monitoring enabled. + type: boolean + enableSecureBoot: + description: Immutable. Defines whether the instance has Secure + Boot enabled. + type: boolean + type: object + soleTenantConfig: + description: Immutable. Node affinity options for sole tenant + node pools. + properties: + nodeAffinity: + description: Immutable. . + items: + properties: + key: + description: Immutable. . + type: string + operator: + description: Immutable. . + type: string + values: + description: Immutable. . + items: + type: string + type: array + required: + - key + - operator + - values + type: object + type: array + required: + - nodeAffinity + type: object + spot: + description: Immutable. Whether the nodes are created as spot + VM instances. + type: boolean + tags: + description: The list of instance tags applied to all nodes. + items: + type: string + type: array + taint: + description: List of Kubernetes taints to be applied to each node. + items: + properties: + effect: + description: Effect for taint. + type: string + key: + description: Key for taint. + type: string + value: + description: Value for taint. + type: string + required: + - effect + - key + - value + type: object + type: array + workloadMetadataConfig: + description: Immutable. The workload metadata configuration for + this node. + properties: + mode: + description: Mode is the configuration for how to expose metadata + to workloads running on the node. + type: string + nodeMetadata: + description: DEPRECATED. Deprecated in favor of mode. NodeMetadata + is the configuration for how to expose metadata to the workloads + running on the node. + type: string + type: object + type: object + nodeLocations: + description: The list of zones in which the cluster's nodes are located. + Nodes must be in the region of their regional cluster or in the + same region as their cluster's zone for zonal clusters. If this + is specified for a zonal cluster, omit the cluster's zone. + items: + type: string + type: array + nodePoolAutoConfig: + description: Node pool configs that apply to all auto-provisioned + node pools in autopilot clusters and node auto-provisioning enabled + clusters. + properties: + networkTags: + description: Collection of Compute Engine network tags that can + be applied to a node's underlying VM instance. + properties: + tags: + description: List of network tags applied to auto-provisioned + node pools. + items: + type: string + type: array + type: object + type: object + nodePoolDefaults: + description: The default nodel pool settings for the entire cluster. + properties: + nodeConfigDefaults: + description: Subset of NodeConfig message that has defaults. + properties: + gcfsConfig: + description: GCFS configuration for this node. + properties: + enabled: + description: Whether or not GCFS is enabled. + type: boolean + required: + - enabled + type: object + loggingVariant: + description: Type of logging agent that is used as the default + value for node pools in the cluster. Valid values include + DEFAULT and MAX_THROUGHPUT. + type: string + type: object + type: object + nodeVersion: + type: string + notificationConfig: + description: The notification config for sending cluster upgrade notifications. + properties: + pubsub: + description: Notification config for Cloud Pub/Sub. + properties: + enabled: + description: Whether or not the notification config is enabled. + type: boolean + filter: + description: Allows filtering to one or more specific event + types. If event types are present, those and only those + event types will be transmitted to the cluster. Other types + will be skipped. If no filter is specified, or no event + types are present, all event types will be sent. + properties: + eventType: + description: Can be used to filter what notifications + are sent. Valid values include include UPGRADE_AVAILABLE_EVENT, + UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. + items: + type: string + type: array + required: + - eventType + type: object + topicRef: + description: The PubSubTopic to send the notification to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - enabled + type: object + required: + - pubsub + type: object + podSecurityPolicyConfig: + description: Configuration for the PodSecurityPolicy feature. + properties: + enabled: + description: Enable the PodSecurityPolicy controller for this + cluster. If enabled, pods must be valid under a PodSecurityPolicy + to be created. + type: boolean + required: + - enabled + type: object + privateClusterConfig: + description: Configuration for private clusters, clusters with private + nodes. + properties: + enablePrivateEndpoint: + description: When true, the cluster's private endpoint is used + as the cluster endpoint and access through the public endpoint + is disabled. When false, either endpoint can be used. + type: boolean + enablePrivateNodes: + description: Immutable. Enables the private cluster feature, creating + a private endpoint on the cluster. In a private cluster, nodes + only have RFC 1918 private addresses and communicate with the + master's private endpoint via private networking. + type: boolean + masterGlobalAccessConfig: + description: Controls cluster master global access settings. + properties: + enabled: + description: Whether the cluster master is accessible globally + or not. + type: boolean + required: + - enabled + type: object + masterIpv4CidrBlock: + description: Immutable. The IP range in CIDR notation to use for + the hosted master network. This range will be used for assigning + private IP addresses to the cluster master(s) and the ILB VIP. + This range must not overlap with any other ranges in use within + the cluster's network, and it must be a /28 subnet. See Private + Cluster Limitations for more details. This field only applies + to private clusters, when enable_private_nodes is true. + type: string + peeringName: + description: The name of the peering between this cluster and + the Google owned VPC. + type: string + privateEndpoint: + description: The internal IP address of this cluster's master + endpoint. + type: string + privateEndpointSubnetworkRef: + description: |- + Immutable. Subnetwork in cluster's network where master's endpoint + will be provisioned. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + publicEndpoint: + description: The external IP address of this cluster's master + endpoint. + type: string + type: object + privateIpv6GoogleAccess: + description: The desired state of IPv6 connectivity to Google Services. + By default, no private IPv6 access to or from Google Services (all + access will be via IPv4). + type: string + protectConfig: + description: Enable/Disable Protect API features for the cluster. + properties: + workloadConfig: + description: WorkloadConfig defines which actions are enabled + for a cluster's workload configurations. + properties: + auditMode: + description: Sets which mode of auditing should be used for + the cluster's workloads. Accepted values are DISABLED, BASIC. + type: string + required: + - auditMode + type: object + workloadVulnerabilityMode: + description: Sets which mode to use for Protect workload vulnerability + scanning feature. Accepted values are DISABLED, BASIC. + type: string + type: object + releaseChannel: + description: Configuration options for the Release channel feature, + which provide more control over automatic upgrades of your GKE clusters. + Note that removing this field from your config will not unenroll + it. Instead, use the "UNSPECIFIED" channel. + properties: + channel: + description: |- + The selected release channel. Accepted values are: + * UNSPECIFIED: Not set. + * RAPID: Weekly upgrade cadence; Early testers and developers who requires new features. + * REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel. + * STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky. + type: string + required: + - channel + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourceUsageExportConfig: + description: Configuration for the ResourceUsageExportConfig feature. + properties: + bigqueryDestination: + description: Parameters for using BigQuery as the destination + of resource usage export. + properties: + datasetId: + description: The ID of a BigQuery Dataset. + type: string + required: + - datasetId + type: object + enableNetworkEgressMetering: + description: Whether to enable network egress metering for this + cluster. If enabled, a daemonset will be created in the cluster + to meter network egress traffic. + type: boolean + enableResourceConsumptionMetering: + description: Whether to enable resource consumption metering on + this cluster. When enabled, a table will be created in the resource + export BigQuery dataset to store resource consumption data. + The resulting table can be joined with the resource usage table + or with BigQuery billing export. Defaults to true. + type: boolean + required: + - bigqueryDestination + type: object + securityPostureConfig: + description: Defines the config needed to enable/disable features + for the Security Posture API. + properties: + mode: + description: Sets the mode of the Kubernetes security posture + API's off-cluster features. Available options include DISABLED + and BASIC. + type: string + vulnerabilityMode: + description: Sets the mode of the Kubernetes security posture + API's workload vulnerability scanning. Available options include + VULNERABILITY_DISABLED and VULNERABILITY_BASIC. + type: string + type: object + serviceExternalIpsConfig: + description: If set, and enabled=true, services with external ips + field will not be blocked. + properties: + enabled: + description: When enabled, services with exterenal ips specified + will be allowed. + type: boolean + required: + - enabled + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + verticalPodAutoscaling: + description: Vertical Pod Autoscaling automatically adjusts the resources + of pods controlled by it. + properties: + enabled: + description: Enables vertical pod autoscaling. + type: boolean + required: + - enabled + type: object + workloadIdentityConfig: + description: Configuration for the use of Kubernetes Service Accounts + in GCP IAM policies. + properties: + identityNamespace: + description: |- + DEPRECATED. This field will be removed in a future major release as it has been deprecated in the API. Use `workloadPool` instead; `workloadPool` field will supersede this field. + Enables workload identity. + type: string + workloadPool: + description: The workload pool to attach all Kubernetes service + accounts to. + type: string + type: object + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + endpoint: + description: The IP address of this cluster's Kubernetes master. + type: string + labelFingerprint: + description: The fingerprint of the set of labels for this cluster. + type: string + masterVersion: + description: The current version of the master in the cluster. This + may be different than the min_master_version set in the config if + the master has been updated by GKE. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + masterAuth: + description: DEPRECATED. Basic authentication was removed for + GKE cluster versions >= 1.19. The authentication information + for accessing the Kubernetes master. Some values in this block + are only returned by the API if your service account has permission + to get credentials for your GKE cluster. If you see an unexpected + diff unsetting your client cert, ensure you have the container.clusters.getCredentials + permission. + properties: + clientCertificate: + description: Base64 encoded public certificate used by clients + to authenticate to the cluster endpoint. + type: string + clusterCaCertificate: + description: Base64 encoded public certificate that is the + root of trust for the cluster. + type: string + type: object + privateClusterConfig: + description: Configuration for private clusters, clusters with + private nodes. + properties: + privateEndpoint: + description: The internal IP address of this cluster's master + endpoint. + type: string + publicEndpoint: + description: The external IP address of this cluster's master + endpoint. + type: string + type: object + type: object + operation: + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + servicesIpv4Cidr: + description: The IP address range of the Kubernetes services in this + cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are + typically put in the last /16 from the container CIDR. + type: string + tpuIpv4CidrBlock: + description: The IP address range of the Cloud TPUs in this cluster, + in CIDR notation (e.g. 1.2.3.4/29). + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: containernodepools.container.cnrm.cloud.google.com +spec: + group: container.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerNodePool + plural: containernodepools + shortNames: + - gcpcontainernodepool + - gcpcontainernodepools + singular: containernodepool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscaling: + description: Configuration required by cluster autoscaler to adjust + the size of the node pool to the current cluster usage. To disable + autoscaling, set minNodeCount and maxNodeCount to 0. + properties: + locationPolicy: + description: Location policy specifies the algorithm used when + scaling-up the node pool. "BALANCED" - Is a best effort policy + that aims to balance the sizes of available zones. "ANY" - Instructs + the cluster autoscaler to prioritize utilization of unused reservations, + and reduces preemption risk for Spot VMs. + type: string + maxNodeCount: + description: Maximum number of nodes per zone in the node pool. + Must be >= min_node_count. Cannot be used with total limits. + type: integer + minNodeCount: + description: Minimum number of nodes per zone in the node pool. + Must be >=0 and <= max_node_count. Cannot be used with total + limits. + type: integer + totalMaxNodeCount: + description: Maximum number of all nodes in the node pool. Must + be >= total_min_node_count. Cannot be used with per zone limits. + type: integer + totalMinNodeCount: + description: Minimum number of all nodes in the node pool. Must + be >=0 and <= total_max_node_count. Cannot be used with per + zone limits. + type: integer + type: object + clusterRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ContainerCluster` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + initialNodeCount: + description: Immutable. The initial number of nodes for the pool. + In regional or multi-zonal clusters, this is the number of nodes + per zone. Changing this will force recreation of the resource. + type: integer + location: + description: Immutable. The location (region or zone) of the cluster. + type: string + management: + description: Node management configuration, wherein auto-repair and + auto-upgrade is configured. + properties: + autoRepair: + description: Whether the nodes will be automatically repaired. + type: boolean + autoUpgrade: + description: Whether the nodes will be automatically upgraded. + type: boolean + type: object + maxPodsPerNode: + description: Immutable. The maximum number of pods per node in this + node pool. Note that this does not work on node pools which are + "route-based" - that is, node pools belonging to clusters that do + not have IP Aliasing enabled. + type: integer + namePrefix: + description: Immutable. Creates a unique name for the node pool beginning + with the specified prefix. Conflicts with name. + type: string + networkConfig: + description: Networking configuration for this NodePool. If specified, + it overrides the cluster-level defaults. + properties: + additionalNodeNetworkConfigs: + description: Immutable. We specify the additional node networks + for this node pool using this list. Each node network corresponds + to an additional interface. + items: + properties: + networkRef: + description: Immutable. Name of the VPC where the additional + interface belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subnetworkRef: + description: Immutable. Name of the subnetwork where the + additional interface belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeSubnetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + additionalPodNetworkConfigs: + description: Immutable. We specify the additional pod networks + for this node pool using this list. Each pod network corresponds + to an additional alias IP range for the node. + items: + properties: + maxPodsPerNode: + description: Immutable. The maximum number of pods per node + which use this pod network. + type: integer + secondaryPodRange: + description: Immutable. The name of the secondary range + on the subnet which provides IP address for this pod range. + type: string + subnetworkRef: + description: Immutable. Name of the subnetwork where the + additional pod network belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeSubnetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + createPodRange: + description: Immutable. Whether to create a new range for pod + IPs in this node pool. Defaults are provided for pod_range and + pod_ipv4_cidr_block if they are not specified. + type: boolean + enablePrivateNodes: + description: Whether nodes have internal IP addresses only. + type: boolean + podCidrOverprovisionConfig: + description: Immutable. Configuration for node-pool level pod + cidr overprovision. If not set, the cluster level setting will + be inherited. + properties: + disabled: + type: boolean + required: + - disabled + type: object + podIpv4CidrBlock: + description: Immutable. The IP address range for pod IPs in this + node pool. Only applicable if create_pod_range is true. Set + to blank to have a range chosen with the default size. Set to + /netmask (e.g. /14) to have a range chosen with a specific netmask. + Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific + range to use. + type: string + podRange: + description: Immutable. The ID of the secondary range for pod + IPs. If create_pod_range is true, this ID is used for the new + range. If create_pod_range is false, uses an existing secondary + range with this ID. + type: string + type: object + nodeConfig: + description: Immutable. The configuration of the nodepool. + properties: + advancedMachineFeatures: + description: Immutable. Specifies options for controlling advanced + machine features. + properties: + threadsPerCore: + description: Immutable. The number of threads per physical + core. To disable simultaneous multithreading (SMT) set this + to 1. If unset, the maximum number of threads supported + per core by the underlying processor is assumed. + type: integer + required: + - threadsPerCore + type: object + bootDiskKMSCryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + confidentialNodes: + description: 'Immutable. Configuration for the confidential nodes + feature, which makes nodes run on confidential VMs. Warning: + This configuration can''t be changed (or added/removed) after + pool creation without deleting and recreating the entire pool.' + properties: + enabled: + description: Immutable. Whether Confidential Nodes feature + is enabled for all nodes in this pool. + type: boolean + required: + - enabled + type: object + diskSizeGb: + description: Immutable. Size of the disk attached to each node, + specified in GB. The smallest allowed disk size is 10GB. + type: integer + diskType: + description: Immutable. Type of the disk attached to each node. + Such as pd-standard, pd-balanced or pd-ssd. + type: string + ephemeralStorageConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. + type: integer + required: + - localSsdCount + type: object + ephemeralStorageLocalSsdConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. + type: integer + required: + - localSsdCount + type: object + fastSocket: + description: Enable or disable NCCL Fast Socket in the node pool. + properties: + enabled: + description: Whether or not NCCL Fast Socket is enabled. + type: boolean + required: + - enabled + type: object + gcfsConfig: + description: Immutable. GCFS configuration for this node. + properties: + enabled: + description: Immutable. Whether or not GCFS is enabled. + type: boolean + required: + - enabled + type: object + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the accelerator cards + exposed to an instance. + type: integer + gpuDriverInstallationConfig: + description: Immutable. Configuration for auto installation + of GPU driver. + properties: + gpuDriverVersion: + description: Immutable. Mode for how the GPU driver + is installed. + type: string + required: + - gpuDriverVersion + type: object + gpuPartitionSize: + description: Immutable. Size of partitions to create on + the GPU. Valid values are described in the NVIDIA mig + user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). + type: string + gpuSharingConfig: + description: Immutable. Configuration for GPU sharing. + properties: + gpuSharingStrategy: + description: Immutable. The type of GPU sharing strategy + to enable on the GPU node. Possible values are described + in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig). + type: string + maxSharedClientsPerGpu: + description: Immutable. The maximum number of containers + that can share a GPU. + type: integer + required: + - gpuSharingStrategy + - maxSharedClientsPerGpu + type: object + type: + description: Immutable. The accelerator type resource name. + type: string + required: + - count + - type + type: object + type: array + gvnic: + description: Immutable. Enable or disable gvnic in the node pool. + properties: + enabled: + description: Immutable. Whether or not gvnic is enabled. + type: boolean + required: + - enabled + type: object + hostMaintenancePolicy: + description: Immutable. The maintenance policy for the hosts on + which the GKE VMs run on. + properties: + maintenanceInterval: + description: Immutable. . + type: string + required: + - maintenanceInterval + type: object + imageType: + description: The image type to use for this node. Note that for + a given image type, the latest version of it will be used. + type: string + kubeletConfig: + description: Node kubelet configs. + properties: + cpuCfsQuota: + description: Enable CPU CFS quota enforcement for containers + that specify CPU limits. + type: boolean + cpuCfsQuotaPeriod: + description: Set the CPU CFS quota period value 'cpu.cfs_period_us'. + type: string + cpuManagerPolicy: + description: Control the CPU management policy on the node. + type: string + podPidsLimit: + description: Controls the maximum number of processes allowed + to run in a pod. + type: integer + required: + - cpuManagerPolicy + type: object + labels: + additionalProperties: + type: string + description: The map of Kubernetes labels (key/value pairs) to + be applied to each node. These will added in addition to any + default label(s) that Kubernetes may apply to the node. + type: object + linuxNodeConfig: + description: Parameters that can be configured on Linux nodes. + properties: + cgroupMode: + description: cgroupMode specifies the cgroup mode to be used + on the node. + type: string + sysctls: + additionalProperties: + type: string + description: The Linux kernel parameters to be applied to + the nodes and all pods running on the nodes. + type: object + type: object + localNvmeSsdBlockConfig: + description: Immutable. Parameters for raw-block local NVMe SSDs. + properties: + localSsdCount: + description: Immutable. Number of raw-block local NVMe SSD + disks to be attached to the node. Each local SSD is 375 + GB in size. + type: integer + required: + - localSsdCount + type: object + localSsdCount: + description: Immutable. The number of local SSD disks to be attached + to the node. + type: integer + loggingVariant: + description: Type of logging agent that is used as the default + value for node pools in the cluster. Valid values include DEFAULT + and MAX_THROUGHPUT. + type: string + machineType: + description: Immutable. The name of a Google Compute Engine machine + type. + type: string + metadata: + additionalProperties: + type: string + description: Immutable. The metadata key/value pairs assigned + to instances in the cluster. + type: object + minCpuPlatform: + description: Immutable. Minimum CPU platform to be used by this + instance. The instance may be scheduled on the specified or + newer CPU platform. + type: string + nodeGroupRef: + description: |- + Immutable. Setting this field will assign instances + of this pool to run on the specified node group. This is useful + for running workloads on sole tenant nodes. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNodeGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + oauthScopes: + description: Immutable. The set of Google API scopes to be made + available on all of the node VMs. + items: + type: string + type: array + preemptible: + description: Immutable. Whether the nodes are created as preemptible + VM instances. + type: boolean + reservationAffinity: + description: Immutable. The reservation affinity configuration + for the node pool. + properties: + consumeReservationType: + description: Immutable. Corresponds to the type of reservation + consumption. + type: string + key: + description: Immutable. The label key of a reservation resource. + type: string + values: + description: Immutable. The label values of the reservation + resource. + items: + type: string + type: array + required: + - consumeReservationType + type: object + resourceLabels: + additionalProperties: + type: string + description: The GCE resource labels (a map of key/value pairs) + to be applied to the node pool. + type: object + sandboxConfig: + description: Immutable. Sandbox configuration for this node. + properties: + sandboxType: + description: Type of the sandbox to use for the node (e.g. + 'gvisor'). + type: string + required: + - sandboxType + type: object + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + shieldedInstanceConfig: + description: Immutable. Shielded Instance options. + properties: + enableIntegrityMonitoring: + description: Immutable. Defines whether the instance has integrity + monitoring enabled. + type: boolean + enableSecureBoot: + description: Immutable. Defines whether the instance has Secure + Boot enabled. + type: boolean + type: object + soleTenantConfig: + description: Immutable. Node affinity options for sole tenant + node pools. + properties: + nodeAffinity: + description: Immutable. . + items: + properties: + key: + description: Immutable. . + type: string + operator: + description: Immutable. . + type: string + values: + description: Immutable. . + items: + type: string + type: array + required: + - key + - operator + - values + type: object + type: array + required: + - nodeAffinity + type: object + spot: + description: Immutable. Whether the nodes are created as spot + VM instances. + type: boolean + tags: + description: The list of instance tags applied to all nodes. + items: + type: string + type: array + taint: + description: List of Kubernetes taints to be applied to each node. + items: + properties: + effect: + description: Effect for taint. + type: string + key: + description: Key for taint. + type: string + value: + description: Value for taint. + type: string + required: + - effect + - key + - value + type: object + type: array + workloadMetadataConfig: + description: The workload metadata configuration for this node. + properties: + mode: + description: Mode is the configuration for how to expose metadata + to workloads running on the node. + type: string + nodeMetadata: + description: DEPRECATED. Deprecated in favor of mode. NodeMetadata + is the configuration for how to expose metadata to the workloads + running on the node. + type: string + type: object + type: object + nodeCount: + description: The number of nodes per instance group. This field can + be used to update the number of nodes per instance group but should + not be used alongside autoscaling. + type: integer + nodeLocations: + description: The list of zones in which the node pool's nodes should + be located. Nodes must be in the region of their regional cluster + or in the same region as their cluster's zone for zonal clusters. + If unspecified, the cluster-level node_locations will be used. + items: + type: string + type: array + placementPolicy: + description: Immutable. Specifies the node placement policy. + properties: + policyNameRef: + description: Immutable. If set, refers to the name of a custom + resource policy supplied by the user. The resource policy must + be in the same project and region as the node pool. If not found, + InvalidArgument error is returned. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tpuTopology: + description: TPU placement topology for pod slice node pool. https://cloud.google.com/tpu/docs/types-topologies#tpu_topologies. + type: string + type: + description: Type defines the type of placement policy. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + upgradeSettings: + description: Specify node upgrade settings to change how many nodes + GKE attempts to upgrade at once. The number of nodes upgraded simultaneously + is the sum of max_surge and max_unavailable. The maximum number + of nodes upgraded simultaneously is limited to 20. + properties: + blueGreenSettings: + description: Settings for BlueGreen node pool upgrade. + properties: + nodePoolSoakDuration: + description: Time needed after draining entire blue pool. + After this period, blue pool will be cleaned up. + type: string + standardRolloutPolicy: + description: Standard rollout policy is the default policy + for blue-green. + properties: + batchNodeCount: + description: Number of blue nodes to drain in a batch. + type: integer + batchPercentage: + description: Percentage of the blue pool nodes to drain + in a batch. + type: number + batchSoakDuration: + description: Soak time after each batch gets drained. + type: string + type: object + required: + - standardRolloutPolicy + type: object + maxSurge: + description: The number of additional nodes that can be added + to the node pool during an upgrade. Increasing max_surge raises + the number of nodes that can be upgraded simultaneously. Can + be set to 0 or greater. + type: integer + maxUnavailable: + description: The number of nodes that can be simultaneously unavailable + during an upgrade. Increasing max_unavailable raises the number + of nodes that can be upgraded in parallel. Can be set to 0 or + greater. + type: integer + strategy: + description: Update strategy for the given nodepool. + type: string + type: object + version: + type: string + required: + - clusterRef + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + instanceGroupUrls: + description: The resource URLs of the managed instance groups associated + with this node pool. + items: + type: string + type: array + managedInstanceGroupUrls: + description: List of instance group URLs which have been assigned + to this node pool. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + version: + type: string + type: object + operation: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogentries.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogEntry + plural: datacatalogentries + shortNames: + - gcpdatacatalogentry + - gcpdatacatalogentries + singular: datacatalogentry + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Entry description, which can consist of several sentences + or paragraphs that describe entry contents. + type: string + displayName: + description: |- + Display information such as title and description. A short name to identify the entry, + for example, "Analytics Data - Jan 2011". + type: string + entryGroup: + description: Immutable. The name of the entry group this entry is + in. + type: string + entryId: + description: Immutable. The id of the entry to create. + type: string + gcsFilesetSpec: + description: Specification that applies to a Cloud Storage fileset. + This is only valid on entries of type FILESET. + properties: + filePatterns: + description: |- + Patterns to identify a set of files in Google Cloud Storage. + See [Cloud Storage documentation](https://cloud.google.com/storage/docs/gsutil/addlhelp/WildcardNames) + for more information. Note that bucket wildcards are currently not supported. Examples of valid filePatterns: + + * gs://bucket_name/dir/*: matches all files within bucket_name/dir directory. + * gs://bucket_name/dir/**: matches all files in bucket_name/dir spanning all subdirectories. + * gs://bucket_name/file*: matches files prefixed by file in bucket_name + * gs://bucket_name/??.txt: matches files with two characters followed by .txt in bucket_name + * gs://bucket_name/[aeiou].txt: matches files that contain a single vowel character followed by .txt in bucket_name + * gs://bucket_name/[a-m].txt: matches files that contain a, b, ... or m followed by .txt in bucket_name + * gs://bucket_name/a/*/b: matches all files in bucket_name that match a/*/b pattern, such as a/c/b, a/d/b + * gs://another_bucket/a.txt: matches gs://another_bucket/a.txt. + items: + type: string + type: array + sampleGcsFileSpecs: + description: Sample files contained in this fileset, not all files + contained in this fileset are represented here. + items: + properties: + filePath: + description: The full file path. + type: string + sizeBytes: + description: The size of the file, in bytes. + type: integer + type: object + type: array + required: + - filePatterns + type: object + linkedResource: + description: |- + The resource this metadata entry refers to. + For Google Cloud Platform resources, linkedResource is the full name of the resource. + For example, the linkedResource for a table resource from BigQuery is: + //bigquery.googleapis.com/projects/projectId/datasets/datasetId/tables/tableId + Output only when Entry is of type in the EntryType enum. For entries with userSpecifiedType, + this field is optional and defaults to an empty string. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + schema: + description: |- + Schema of the entry (e.g. BigQuery, GoogleSQL, Avro schema), as a json string. An entry might not have any schema + attached to it. See + https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.entryGroups.entries#schema + for what fields this schema can contain. + type: string + type: + description: |- + Immutable. The type of the entry. Only used for Entries with types in the EntryType enum. + Currently, only FILESET enum value is allowed. All other entries created through Data Catalog must use userSpecifiedType. Possible values: ["FILESET"]. + type: string + userSpecifiedSystem: + description: |- + This field indicates the entry's source system that Data Catalog does not integrate with. + userSpecifiedSystem strings must begin with a letter or underscore and can only contain letters, numbers, + and underscores; are case insensitive; must be at least 1 character and at most 64 characters long. + type: string + userSpecifiedType: + description: |- + Entry type if it does not fit any of the input-allowed values listed in EntryType enum above. + When creating an entry, users should check the enum values first, if nothing matches the entry + to be created, then provide a custom value, for example "my_special_type". + userSpecifiedType strings must begin with a letter or underscore and can only contain letters, + numbers, and underscores; are case insensitive; must be at least 1 character and at most 64 characters long. + type: string + required: + - entryGroup + - entryId + type: object + status: + properties: + bigqueryDateShardedSpec: + description: |- + Specification for a group of BigQuery tables with name pattern [prefix]YYYYMMDD. + Context: https://cloud.google.com/bigquery/docs/partitioned-tables#partitioning_versus_sharding. + items: + properties: + dataset: + description: |- + The Data Catalog resource name of the dataset entry the current table belongs to, for example, + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}. + type: string + shardCount: + description: Total number of shards. + type: integer + tablePrefix: + description: |- + The table name prefix of the shards. The name of any given shard is [tablePrefix]YYYYMMDD, + for example, for shard MyTable20180101, the tablePrefix is MyTable. + type: string + type: object + type: array + bigqueryTableSpec: + description: Specification that applies to a BigQuery table. This + is only valid on entries of type TABLE. + items: + properties: + tableSourceType: + description: The table source type. + type: string + tableSpec: + description: Spec of a BigQuery table. This field should only + be populated if tableSourceType is BIGQUERY_TABLE. + items: + properties: + groupedEntry: + description: |- + If the table is a dated shard, i.e., with name pattern [prefix]YYYYMMDD, groupedEntry is the + Data Catalog resource name of the date sharded grouped entry, for example, + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}. + Otherwise, groupedEntry is empty. + type: string + type: object + type: array + viewSpec: + description: Table view specification. This field should only + be populated if tableSourceType is BIGQUERY_VIEW. + items: + properties: + viewQuery: + description: The query that defines the table view. + type: string + type: object + type: array + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + integratedSystem: + description: This field indicates the entry's source system that Data + Catalog integrates with, such as BigQuery or Pub/Sub. + type: string + name: + description: |- + The Data Catalog resource name of the entry in URL format. + Example: projects/{project_id}/locations/{location}/entryGroups/{entryGroupId}/entries/{entryId}. + Note that this Entry and its child resources may not actually be stored in the location in this name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogentrygroups.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogEntryGroup + plural: datacatalogentrygroups + shortNames: + - gcpdatacatalogentrygroup + - gcpdatacatalogentrygroups + singular: datacatalogentrygroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Entry group description, which can consist of several + sentences or paragraphs that describe entry group contents. + type: string + displayName: + description: A short name to identify the entry group, for example, + "analytics data - jan 2011". + type: string + entryGroupId: + description: |- + Immutable. The id of the entry group to create. The id must begin with a letter or underscore, + contain only English letters, numbers and underscores, and be at most 64 characters. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. EntryGroup location region. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - entryGroupId + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The resource name of the entry group in URL format. + Example: projects/{project}/locations/{location}/entryGroups/{entryGroupId}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogpolicytags.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogPolicyTag + plural: datacatalogpolicytags + shortNames: + - gcpdatacatalogpolicytag + - gcpdatacatalogpolicytags + singular: datacatalogpolicytag + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Description of this policy tag. It must: contain only unicode characters, tabs, + newlines, carriage returns and page breaks; and be at most 2000 bytes long when + encoded in UTF-8. If not set, defaults to an empty description. + If not set, defaults to an empty description. + type: string + displayName: + description: |- + User defined name of this policy tag. It must: be unique within the parent + taxonomy; contain only unicode letters, numbers, underscores, dashes and spaces; + not start or end with spaces; and be at most 200 bytes long when encoded in UTF-8. + type: string + parentPolicyTagRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `DataCatalogPolicyTag` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + taxonomyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `DataCatalogTaxonomy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - displayName + - taxonomyRef + type: object + status: + properties: + childPolicyTags: + description: Resource names of child policy tags of this policy tag. + items: + type: string + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + Resource name of this policy tag, whose format is: + "projects/{project}/locations/{region}/taxonomies/{taxonomy}/policyTags/{policytag}". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogtags.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogTag + plural: datacatalogtags + shortNames: + - gcpdatacatalogtag + - gcpdatacatalogtags + singular: datacatalogtag + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + column: + description: |- + Resources like Entry can have schemas associated with them. This scope allows users to attach tags to an + individual column based on that schema. + + For attaching a tag to a nested column, use '.' to separate the column names. Example: + 'outer_column.inner_column'. + type: string + fields: + description: |- + This maps the ID of a tag field to the value of and additional information about that field. + Valid field IDs are defined by the tag's template. A tag must have at least 1 field and at most 500 fields. + items: + properties: + boolValue: + description: Holds the value for a tag field with boolean type. + type: boolean + displayName: + description: The display name of this field. + type: string + doubleValue: + description: Holds the value for a tag field with double type. + type: number + enumValue: + description: The display name of the enum value. + type: string + fieldName: + type: string + order: + description: |- + The order of this field with respect to other fields in this tag. For example, a higher value can indicate + a more important field. The value can be negative. Multiple fields can have the same order, and field orders + within a tag do not have to be sequential. + type: integer + stringValue: + description: Holds the value for a tag field with string type. + type: string + timestampValue: + description: Holds the value for a tag field with timestamp + type. + type: string + required: + - fieldName + type: object + type: array + parent: + description: |- + Immutable. The name of the parent this tag is attached to. This can be the name of an entry or an entry group. If an entry group, the tag will be attached to + all entries in that group. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + template: + description: |- + Immutable. The resource name of the tag template that this tag uses. Example: + projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId} + This field cannot be modified after creation. + type: string + required: + - fields + - template + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The resource name of the tag in URL format. Example: + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}/tags/{tag_id} or + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/tags/{tag_id} + where tag_id is a system-generated identifier. Note that this Tag may not actually be stored in the location in this name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + templateDisplayname: + description: The display name of the tag template. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogtagtemplates.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogTagTemplate + plural: datacatalogtagtemplates + shortNames: + - gcpdatacatalogtagtemplate + - gcpdatacatalogtagtemplates + singular: datacatalogtagtemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The display name for this template. + type: string + fields: + description: Set of tag template field IDs and the settings for the + field. This set is an exhaustive list of the allowed fields. This + set must contain at least one field and at most 500 fields. The + change of field_id will be resulting in re-creating of field. The + change of primitive_type will be resulting in re-creating of field, + however if the field is a required, you cannot update it. + items: + properties: + description: + description: A description for this field. + type: string + displayName: + description: The display name for this field. + type: string + fieldId: + type: string + isRequired: + description: Whether this is a required field. Defaults to false. + type: boolean + name: + description: 'The resource name of the tag template field in + URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}/fields/{field}.' + type: string + order: + description: |- + The order of this field with respect to other fields in this tag template. + A higher value indicates a more important field. The value can be negative. + Multiple fields can have the same order, and field orders within a tag do not have to be sequential. + type: integer + type: + description: The type of value this tag field can contain. + properties: + enumType: + description: |- + Represents an enum type. + Exactly one of 'primitive_type' or 'enum_type' must be set. + properties: + allowedValues: + description: |- + The set of allowed values for this enum. The display names of the + values must be case-insensitively unique within this set. Currently, + enum values can only be added to the list of allowed values. Deletion + and renaming of enum values are not supported. + Can have up to 500 allowed values. + items: + properties: + displayName: + description: The display name of the enum value. + type: string + required: + - displayName + type: object + type: array + required: + - allowedValues + type: object + primitiveType: + description: |- + Represents primitive types - string, bool etc. + Exactly one of 'primitive_type' or 'enum_type' must be set Possible values: ["DOUBLE", "STRING", "BOOL", "TIMESTAMP"]. + type: string + type: object + required: + - fieldId + - type + type: object + type: array + forceDelete: + description: This confirms the deletion of any possible tags using + this template. Must be set to true in order to delete the tag template. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. Template location region. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + tagTemplateId: + description: Immutable. The id of the tag template to create. + type: string + required: + - fields + - projectRef + - tagTemplateId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The resource name of the tag template in URL format. + Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogtaxonomies.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogTaxonomy + plural: datacatalogtaxonomies + shortNames: + - gcpdatacatalogtaxonomy + - gcpdatacatalogtaxonomies + singular: datacatalogtaxonomy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + activatedPolicyTypes: + description: |- + A list of policy types that are activated for this taxonomy. If not set, + defaults to an empty list. Possible values: ["POLICY_TYPE_UNSPECIFIED", "FINE_GRAINED_ACCESS_CONTROL"]. + items: + type: string + type: array + description: + description: |- + Description of this taxonomy. It must: contain only unicode characters, + tabs, newlines, carriage returns and page breaks; and be at most 2000 bytes + long when encoded in UTF-8. If not set, defaults to an empty description. + type: string + displayName: + description: |- + User defined name of this taxonomy. + It must: contain only unicode letters, numbers, underscores, dashes + and spaces; not start or end with spaces; and be at most 200 bytes + long when encoded in UTF-8. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. Taxonomy location region. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + Resource name of this taxonomy, whose format is: + "projects/{project}/locations/{region}/taxonomies/{taxonomy}". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dataflowflextemplatejobs.dataflow.cnrm.cloud.google.com +spec: + group: dataflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataflowFlexTemplateJob + listKind: DataflowFlexTemplateJobList + plural: dataflowflextemplatejobs + shortNames: + - gcpdataflowflextemplatejob + - gcpdataflowflextemplatejobs + singular: dataflowflextemplatejob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: DataflowFlexTemplateJob is the Schema for the DataflowFlexTemplateJob + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DataflowFlexTemplateJobSpec defines the desired state of + DataflowFlexTemplateJob + properties: + additionalExperiments: + description: Additional experiment flags for the job. + items: + type: string + type: array + autoscalingAlgorithm: + description: The algorithm to use for autoscaling + type: string + containerSpecGcsPath: + description: Cloud Storage path to a file with json serialized ContainerSpec + as content. + type: string + enableStreamingEngine: + description: Whether to enable Streaming Engine for the job. + type: boolean + ipConfiguration: + description: Configuration for VM IPs. + type: string + kmsKeyNameRef: + description: The Cloud KMS key for the job. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed KMSCryptoKey. + Should be in the format `projects/[kms_project_id]/locations/[region]/keyRings/[key_ring_id]/cryptoKeys/[key]`. + type: string + name: + description: The `name` of a `KMSCryptoKey` resource. + type: string + namespace: + description: The `namespace` of a `KMSCryptoKey` resource. + type: string + type: object + launcherMachineType: + description: The machine type to use for launching the job. The default + is n1-standard-1. + type: string + machineType: + description: The machine type to use for the job. Defaults to the + value from the template if not specified. + type: string + maxWorkers: + description: The maximum number of Google Compute Engine instances + to be made available to your pipeline during execution, from 1 to + 1000. + format: int32 + type: integer + networkRef: + description: Network to which VMs will be assigned. If empty or unspecified, + the service will use the network "default". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed Compute Network + resource. Should be in the format `projects//global/networks/`. + type: string + name: + description: The `name` field of a `ComputeNetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeNetwork` resource. + type: string + type: object + numWorkers: + description: The initial number of Google Compute Engine instances + for the job. + format: int32 + type: integer + parameters: + description: The parameters for FlexTemplate. Ex. {"num_workers":"5"} + type: object + x-kubernetes-preserve-unknown-fields: true + region: + description: Immutable. The region in which the created job should + run. + type: string + sdkContainerImage: + description: Docker registry location of container image to use for + the 'worker harness. Default is the container for the version of + the SDK. Note this field is only valid for portable pipelines. + type: string + serviceAccountEmailRef: + description: The email address of the service account to run the job + as. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + stagingLocation: + description: The Cloud Storage path for staging local files. Must + be a valid Cloud Storage URL, beginning with `gs://`. + type: string + subnetworkRef: + description: Subnetwork to which VMs will be assigned, if desired. + You can specify a subnetwork using either a complete URL or an abbreviated + path. Expected to be of the form "https://www.googleapis.com/compute/v1/projects/HOST_PROJECT_ID/regions/REGION/subnetworks/SUBNETWORK" + or "regions/REGION/subnetworks/SUBNETWORK". If the subnetwork is + located in a Shared VPC network, you must use the complete URL. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The ComputeSubnetwork selflink of form "projects/{{project}}/regions/{{region}}/subnetworks/{{name}}", + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `ComputeSubnetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeSubnetwork` resource. + type: string + type: object + tempLocation: + description: The Cloud Storage path to use for temporary files. Must + be a valid Cloud Storage URL, beginning with `gs://`. + type: string + transformNameMapping: + description: Map of transform name prefixes of the job to be replaced + with the corresponding name prefixes of the new job. Only applicable + when updating a pipeline. + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - containerSpecGcsPath + type: object + status: + description: DataflowFlexTemplateJobStatus defines the config connector + machine state of DataflowFlexTemplateJob + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + jobId: + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + state: + description: |- + The current state of the job. + + Jobs are created in the `JOB_STATE_STOPPED` state unless otherwise + specified. + + A job in the `JOB_STATE_RUNNING` state may asynchronously enter a + terminal state. After a job has reached a terminal state, no + further state updates may be made. + + This field may be mutated by the Cloud Dataflow service; + callers cannot mutate it. + type: string + type: + description: The type of Cloud Dataflow job. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dataflowjobs.dataflow.cnrm.cloud.google.com +spec: + group: dataflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataflowJob + plural: dataflowjobs + shortNames: + - gcpdataflowjob + - gcpdataflowjobs + singular: dataflowjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + additionalExperiments: + description: List of experiments that should be used by the job. An + example value is ["enable_stackdriver_agent_metrics"]. + items: + type: string + type: array + enableStreamingEngine: + description: Indicates if the job should use the streaming engine + feature. + type: boolean + ipConfiguration: + description: The configuration for VM IPs. Options are "WORKER_IP_PUBLIC" + or "WORKER_IP_PRIVATE". + type: string + kmsKeyRef: + description: The name for the Cloud KMS key for the job. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: The machine type to use for the job. + type: string + maxWorkers: + description: Immutable. The number of workers permitted to work on + the job. More workers may improve processing speed at additional + cost. + type: integer + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + parameters: + description: Key/Value pairs to be passed to the Dataflow job (as + used in the template). + type: object + x-kubernetes-preserve-unknown-fields: true + region: + description: Immutable. The region in which the created job should + run. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tempGcsLocation: + description: A writeable location on Google Cloud Storage for the + Dataflow job to dump its temporary data. + type: string + templateGcsPath: + description: The Google Cloud Storage path to the Dataflow job template. + type: string + transformNameMapping: + description: Only applicable when updating a pipeline. Map of transform + name prefixes of the job to be replaced with the corresponding name + prefixes of the new job. + type: object + x-kubernetes-preserve-unknown-fields: true + zone: + description: Immutable. The zone in which the created job should run. + If it is not provided, the provider zone is used. + type: string + required: + - tempGcsLocation + - templateGcsPath + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + jobId: + description: The unique ID of this job. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The current state of the resource, selected from the + JobState enum. + type: string + type: + description: The type of this job, selected from the JobType enum. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + name: dataformrepositories.dataform.cnrm.cloud.google.com +spec: + group: dataform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataformRepository + listKind: DataformRepositoryList + plural: dataformrepositories + shortNames: + - gcpdataformrepository + - gcpdataformrepositories + singular: dataformrepository + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DataformRepository is the Schema for the dataform API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Optional. The repository's user-friendly name. + type: string + gitRemoteSettings: + description: Optional. If set, configures this repository to be linked + to a Git remote. + properties: + authenticationTokenSecretVersionRef: + description: The name of the Secret Manager secret version to + use as an authentication token for Git operations. Must be in + the format projects/* /secrets/* /versions/*. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: ' If provided must be in the format `projects/*/secrets/*/versions/*`.' + type: string + name: + description: The `name` field of a `SecretManagerSecretVersion` + resource. + type: string + namespace: + description: The `metadata.namespace` field of a `SecretManagerSecretVersion` + resource. + type: string + type: object + defaultBranch: + description: The Git remote's default branch name. + type: string + sshAuthenticationConfig: + description: Authentication fields for remote uris using SSH protocol. + properties: + hostPublicKey: + description: Content of a public SSH key to verify an identity + of a remote Git host. + type: string + userPrivateKeySecretVersionRef: + description: The name of the Secret Manager secret version + to use as a ssh private key for Git operations. Must be + in the format projects/*/secrets/*/versions/* . + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: ' If provided must be in the format `projects/*/secrets/*/versions/*`.' + type: string + name: + description: The `name` field of a `SecretManagerSecretVersion` + resource. + type: string + namespace: + description: The `metadata.namespace` field of a `SecretManagerSecretVersion` + resource. + type: string + type: object + required: + - hostPublicKey + - userPrivateKeySecretVersionRef + type: object + url: + description: The Git remote's URL. + type: string + required: + - defaultBranch + - url + type: object + npmrcEnvironmentVariablesSecretVersionRef: + description: Optional. The name of the Secret Manager secret version + to be used to interpolate variables into the .npmrc file for package + installation operations. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: ' If provided must be in the format `projects/*/secrets/*/versions/*`.' + type: string + name: + description: The `name` field of a `SecretManagerSecretVersion` + resource. + type: string + namespace: + description: The `metadata.namespace` field of a `SecretManagerSecretVersion` + resource. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + region: + description: Immutable. A reference to the region. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccountRef: + description: Optional. The service account reference to run workflow + invocations under. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + setAuthenticatedUserAdmin: + description: Optional. Input only. If set to true, the authenticated + user will be granted the roles/dataform.admin role on the created + repository. + type: boolean + workspaceCompilationOverrides: + description: Optional. If set, fields of workspaceCompilationOverrides + override the default compilation settings that are specified in + dataform.json when creating workspace-scoped compilation results. + properties: + defaultDatabase: + description: Optional. The default database (Google Cloud project + ID). + type: string + schemaSuffix: + description: Optional. The suffix that should be appended to all + schema (BigQuery dataset ID) names. + type: string + tablePrefix: + description: Optional. The prefix that should be prepended to + all table names. + type: string + type: object + required: + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observations + of the DataformRepository's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the DataformReposity resource + in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + type: object + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: DataformRepository is the Schema for the dataform API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Optional. The repository's user-friendly name. + type: string + gitRemoteSettings: + description: Optional. If set, configures this repository to be linked + to a Git remote. + properties: + authenticationTokenSecretVersionRef: + description: The name of the Secret Manager secret version to + use as an authentication token for Git operations. Must be in + the format projects/* /secrets/* /versions/*. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: ' If provided must be in the format `projects/*/secrets/*/versions/*`.' + type: string + name: + description: The `name` field of a `SecretManagerSecretVersion` + resource. + type: string + namespace: + description: The `metadata.namespace` field of a `SecretManagerSecretVersion` + resource. + type: string + type: object + defaultBranch: + description: The Git remote's default branch name. + type: string + sshAuthenticationConfig: + description: Authentication fields for remote uris using SSH protocol. + properties: + hostPublicKey: + description: Content of a public SSH key to verify an identity + of a remote Git host. + type: string + userPrivateKeySecretVersionRef: + description: The name of the Secret Manager secret version + to use as a ssh private key for Git operations. Must be + in the format projects/*/secrets/*/versions/* . + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: ' If provided must be in the format `projects/*/secrets/*/versions/*`.' + type: string + name: + description: The `name` field of a `SecretManagerSecretVersion` + resource. + type: string + namespace: + description: The `metadata.namespace` field of a `SecretManagerSecretVersion` + resource. + type: string + type: object + required: + - hostPublicKey + - userPrivateKeySecretVersionRef + type: object + url: + description: The Git remote's URL. + type: string + required: + - defaultBranch + - url + type: object + npmrcEnvironmentVariablesSecretVersionRef: + description: Optional. The name of the Secret Manager secret version + to be used to interpolate variables into the .npmrc file for package + installation operations. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: ' If provided must be in the format `projects/*/secrets/*/versions/*`.' + type: string + name: + description: The `name` field of a `SecretManagerSecretVersion` + resource. + type: string + namespace: + description: The `metadata.namespace` field of a `SecretManagerSecretVersion` + resource. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + region: + description: Immutable. A reference to the region. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccountRef: + description: Optional. The service account reference to run workflow + invocations under. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + setAuthenticatedUserAdmin: + description: Optional. Input only. If set to true, the authenticated + user will be granted the roles/dataform.admin role on the created + repository. + type: boolean + workspaceCompilationOverrides: + description: Optional. If set, fields of workspaceCompilationOverrides + override the default compilation settings that are specified in + dataform.json when creating workspace-scoped compilation results. + properties: + defaultDatabase: + description: Optional. The default database (Google Cloud project + ID). + type: string + schemaSuffix: + description: Optional. The suffix that should be appended to all + schema (BigQuery dataset ID) names. + type: string + tablePrefix: + description: Optional. The prefix that should be prepended to + all table names. + type: string + type: object + required: + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observations + of the DataformRepository's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the DataformReposity resource + in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: datafusioninstances.datafusion.cnrm.cloud.google.com +spec: + group: datafusion.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataFusionInstance + plural: datafusioninstances + shortNames: + - gcpdatafusioninstance + - gcpdatafusioninstances + singular: datafusioninstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataprocServiceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + User-managed service account to set on Dataproc when Cloud Data Fusion creates Dataproc to run data processing pipelines. This allows users to have fine-grained access control on Dataproc's accesses to cloud resources. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. A description of this instance. + type: string + displayName: + description: Immutable. Display name for an instance. + type: string + enableStackdriverLogging: + description: Option to enable Stackdriver Logging. + type: boolean + enableStackdriverMonitoring: + description: Option to enable Stackdriver Monitoring. + type: boolean + location: + description: Immutable. The location for the resource + type: string + networkConfig: + description: Immutable. Network configuration options. These are required + when a private Data Fusion instance is to be created. + properties: + ipAllocation: + description: Immutable. The IP range in CIDR notation to use for + the managed Data Fusion instance nodes. This range must not + overlap with any other ranges used in the customer network. + type: string + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the network in the customer project with which the Tenant Project will be peered for executing pipelines. In case of shared VPC where the network resides in another host project the network should specified in the form of projects/{host-project-id}/global/networks/{network} + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + options: + additionalProperties: + type: string + description: Immutable. Map of additional options used to configure + the behavior of Data Fusion instance. + type: object + privateInstance: + description: Immutable. Specifies whether the Data Fusion instance + should be private. If set to true, all Data Fusion nodes will have + private IP addresses and will not be able to access the public internet. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. Required. Instance type. Possible values: + TYPE_UNSPECIFIED, BASIC, ENTERPRISE, DEVELOPER' + type: string + version: + description: Current version of the Data Fusion. + type: string + zone: + description: Immutable. Name of the zone in which the Data Fusion + instance will be created. Only DEVELOPER instances use this field. + type: string + required: + - location + - type + type: object + status: + properties: + apiEndpoint: + description: Output only. Endpoint on which the REST APIs is accessible. + type: string + availableVersion: + description: Available versions that the instance can be upgraded + to. + items: + properties: + availableFeatures: + description: Represents a list of available feature names for + a given version. + items: + type: string + type: array + defaultVersion: + description: Whether this is currently the default version for + Cloud Data Fusion + type: boolean + versionNumber: + description: The version number of the Data Fusion instance, + such as '6.0.1.0'. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time the instance was created. + format: date-time + type: string + gcsBucket: + description: Output only. Cloud Storage bucket generated by Data Fusion + in the customer project. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + p4ServiceAccount: + description: Output only. P4 service account for the customer project. + type: string + serviceEndpoint: + description: Output only. Endpoint on which the Data Fusion UI is + accessible. + type: string + state: + description: 'Output only. The current state of this Data Fusion instance. + Possible values: STATE_UNSPECIFIED, ENABLED, DISABLED, UNKNOWN' + type: string + stateMessage: + description: Output only. Additional information about the current + state of this Data Fusion instance if available. + type: string + tenantProjectId: + description: Output only. The name of the tenant project. + type: string + updateTime: + description: Output only. The time the instance was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dataprocautoscalingpolicies.dataproc.cnrm.cloud.google.com +spec: + group: dataproc.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataprocAutoscalingPolicy + plural: dataprocautoscalingpolicies + shortNames: + - gcpdataprocautoscalingpolicy + - gcpdataprocautoscalingpolicies + singular: dataprocautoscalingpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + basicAlgorithm: + properties: + cooldownPeriod: + description: 'Optional. Duration between scaling events. A scaling + period starts after the update operation from the previous event + has completed. Bounds: . Default: 2m.' + type: string + yarnConfig: + description: Required. YARN autoscaling configuration. + properties: + gracefulDecommissionTimeout: + description: Required. Timeout for YARN graceful decommissioning + of Node Managers. Specifies the duration to wait for jobs + to complete before forcefully removing workers (and potentially + interrupting jobs). Only applicable to downscaling operations. + type: string + scaleDownFactor: + description: Required. Fraction of average YARN pending memory + in the last cooldown period for which to remove workers. + A scale-down factor of 1 will result in scaling down so + that there is no available memory remaining after the update + (more aggressive scaling). A scale-down factor of 0 disables + removing workers, which can be beneficial for autoscaling + a single job. See . + format: double + type: number + scaleDownMinWorkerFraction: + description: 'Optional. Minimum scale-down threshold as a + fraction of total cluster size before scaling occurs. For + example, in a 20-worker cluster, a threshold of 0.1 means + the autoscaler must recommend at least a 2 worker scale-down + for the cluster to scale. A threshold of 0 means the autoscaler + will scale down on any recommended change. Bounds: . Default: + 0.0.' + format: double + type: number + scaleUpFactor: + description: Required. Fraction of average YARN pending memory + in the last cooldown period for which to add workers. A + scale-up factor of 1.0 will result in scaling up so that + there is no pending memory remaining after the update (more + aggressive scaling). A scale-up factor closer to 0 will + result in a smaller magnitude of scaling up (less aggressive + scaling). See . + format: double + type: number + scaleUpMinWorkerFraction: + description: 'Optional. Minimum scale-up threshold as a fraction + of total cluster size before scaling occurs. For example, + in a 20-worker cluster, a threshold of 0.1 means the autoscaler + must recommend at least a 2-worker scale-up for the cluster + to scale. A threshold of 0 means the autoscaler will scale + up on any recommended change. Bounds: . Default: 0.0.' + format: double + type: number + required: + - gracefulDecommissionTimeout + - scaleDownFactor + - scaleUpFactor + type: object + required: + - yarnConfig + type: object + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + secondaryWorkerConfig: + description: Optional. Describes how the autoscaler will operate for + secondary workers. + properties: + maxInstances: + description: 'Optional. Maximum number of instances for this group. + Note that by default, clusters will not use secondary workers. + Required for secondary workers if the minimum secondary instances + is set. Primary workers - Bounds: [min_instances, ). Secondary + workers - Bounds: [min_instances, ). Default: 0.' + format: int64 + type: integer + minInstances: + description: 'Optional. Minimum number of instances for this group. + Primary workers - Bounds: . Default: 0.' + format: int64 + type: integer + weight: + description: 'Optional. Weight for the instance group, which is + used to determine the fraction of total workers in the cluster + from this instance group. For example, if primary workers have + weight 2, and secondary workers have weight 1, the cluster will + have approximately 2 primary workers for each secondary worker. + The cluster may not reach the specified balance if constrained + by min/max bounds or other autoscaling settings. For example, + if `max_instances` for secondary workers is 0, then only primary + workers will be added. The cluster can also be out of balance + when created. If weight is not set on any instance group, the + cluster will default to equal weight for all groups: the cluster + will attempt to maintain an equal number of workers in each + group within the configured size bounds for each group. If weight + is set for one group only, the cluster will default to zero + weight on the unset group. For example if weight is set only + on primary workers, the cluster will use primary workers only + and no secondary workers.' + format: int64 + type: integer + type: object + workerConfig: + description: Required. Describes how the autoscaler will operate for + primary workers. + properties: + maxInstances: + description: 'Required. Maximum number of instances for this group. + Required for primary workers. Note that by default, clusters + will not use secondary workers. Required for secondary workers + if the minimum secondary instances is set. Primary workers - + Bounds: [min_instances, ). Secondary workers - Bounds: [min_instances, + ). Default: 0.' + format: int64 + type: integer + minInstances: + description: 'Optional. Minimum number of instances for this group. + Primary workers - Bounds: . Default: 0.' + format: int64 + type: integer + weight: + description: 'Optional. Weight for the instance group, which is + used to determine the fraction of total workers in the cluster + from this instance group. For example, if primary workers have + weight 2, and secondary workers have weight 1, the cluster will + have approximately 2 primary workers for each secondary worker. + The cluster may not reach the specified balance if constrained + by min/max bounds or other autoscaling settings. For example, + if `max_instances` for secondary workers is 0, then only primary + workers will be added. The cluster can also be out of balance + when created. If weight is not set on any instance group, the + cluster will default to equal weight for all groups: the cluster + will attempt to maintain an equal number of workers in each + group within the configured size bounds for each group. If weight + is set for one group only, the cluster will default to zero + weight on the unset group. For example if weight is set only + on primary workers, the cluster will use primary workers only + and no secondary workers.' + format: int64 + type: integer + required: + - maxInstances + type: object + required: + - basicAlgorithm + - location + - workerConfig + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dataprocclusters.dataproc.cnrm.cloud.google.com +spec: + group: dataproc.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataprocCluster + plural: dataprocclusters + shortNames: + - gcpdataproccluster + - gcpdataprocclusters + singular: dataproccluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + config: + description: Immutable. The cluster config. Note that Dataproc may + set default values, and values may change when clusters are updated. + properties: + autoscalingConfig: + description: Immutable. Optional. Autoscaling config for the policy + associated with the cluster. Cluster does not autoscale if this + field is unset. + properties: + policyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. + + Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + dataprocMetricConfig: + description: Immutable. Optional. The config for Dataproc metrics. + properties: + metrics: + description: Immutable. Required. Metrics sources to enable. + items: + properties: + metricOverrides: + description: 'Immutable. Optional. Specify one or more + [available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) + to collect for the metric course (for the `SPARK` + metric source, any [Spark metric] (https://spark.apache.org/docs/latest/monitoring.html#metrics) + can be specified). Provide metrics in the following + format: `METRIC_SOURCE:INSTANCE:GROUP:METRIC` Use + camelcase as appropriate. Examples: ``` yarn:ResourceManager:QueueMetrics:AppsCompleted + spark:driver:DAGScheduler:job.allJobs sparkHistoryServer:JVM:Memory:NonHeapMemoryUsage.committed + hiveserver2:JVM:Memory:NonHeapMemoryUsage.used ``` + Notes: * Only the specified overridden metrics will + be collected for the metric source. For example, if + one or more `spark:executive` metrics are listed as + metric overrides, other `SPARK` metrics will not be + collected. The collection of the default metrics for + other OSS metric sources is unaffected. For example, + if both `SPARK` andd `YARN` metric sources are enabled, + and overrides are provided for Spark metrics only, + all default YARN metrics will be collected.' + items: + type: string + type: array + metricSource: + description: 'Immutable. Required. Default metrics are + collected unless `metricOverrides` are specified for + the metric source (see [Available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) + for more information). Possible values: METRIC_SOURCE_UNSPECIFIED, + MONITORING_AGENT_DEFAULTS, HDFS, SPARK, YARN, SPARK_HISTORY_SERVER, + HIVESERVER2' + type: string + required: + - metricSource + type: object + type: array + required: + - metrics + type: object + encryptionConfig: + description: Immutable. Optional. Encryption settings for the + cluster. + properties: + gcePdKmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + endpointConfig: + description: Immutable. Optional. Port/endpoint configuration + for this cluster + properties: + enableHttpPortAccess: + description: Immutable. Optional. If true, enable http access + to specific ports on the cluster from external sources. + Defaults to false. + type: boolean + type: object + gceClusterConfig: + description: Immutable. Optional. The shared Compute Engine config + settings for all instances in a cluster. + properties: + confidentialInstanceConfig: + description: Immutable. Optional. Confidential Instance Config + for clusters using [Confidential VMs](https://cloud.google.com/compute/confidential-vm/docs). + properties: + enableConfidentialCompute: + description: Immutable. Optional. Defines whether the + instance should have confidential compute enabled. + type: boolean + type: object + internalIPOnly: + description: Immutable. Optional. If true, all instances in + the cluster will only have internal IP addresses. By default, + clusters are not restricted to internal IP addresses, and + will have ephemeral external IP addresses assigned to each + instance. This `internal_ip_only` restriction can only be + enabled for subnetwork enabled networks, and all off-cluster + dependencies must be configured to be accessible without + external IP addresses. + type: boolean + metadata: + additionalProperties: + type: string + description: Immutable. The Compute Engine metadata entries + to add to all instances (see [Project and instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). + type: object + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodeGroupAffinity: + description: Immutable. Optional. Node Group Affinity for + sole-tenant clusters. + properties: + nodeGroupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` + + Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - nodeGroupRef + type: object + privateIPv6GoogleAccess: + description: 'Immutable. Optional. The type of IPv6 access + for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, + INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' + type: string + reservationAffinity: + description: Immutable. Optional. Reservation Affinity for + consuming Zonal reservation. + properties: + consumeReservationType: + description: 'Immutable. Optional. Type of reservation + to consume Possible values: TYPE_UNSPECIFIED, NO_RESERVATION, + ANY_RESERVATION, SPECIFIC_RESERVATION' + type: string + key: + description: Immutable. Optional. Corresponds to the label + key of reservation resource. + type: string + values: + description: Immutable. Optional. Corresponds to the label + values of reservation resource. + items: + type: string + type: array + type: object + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + serviceAccountScopes: + description: 'Immutable. Optional. The URIs of service account + scopes to be included in Compute Engine instances. The following + base set of scopes is always included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly + * https://www.googleapis.com/auth/devstorage.read_write + * https://www.googleapis.com/auth/logging.write If no scopes + are specified, the following defaults are also provided: + * https://www.googleapis.com/auth/bigquery * https://www.googleapis.com/auth/bigtable.admin.table + * https://www.googleapis.com/auth/bigtable.data * https://www.googleapis.com/auth/devstorage.full_control' + items: + type: string + type: array + shieldedInstanceConfig: + description: Immutable. Optional. Shielded Instance Config + for clusters using [Compute Engine Shielded VMs](https://cloud.google.com/security/shielded-cloud/shielded-vm). + properties: + enableIntegrityMonitoring: + description: Immutable. Optional. Defines whether instances + have integrity monitoring enabled. + type: boolean + enableSecureBoot: + description: Immutable. Optional. Defines whether instances + have Secure Boot enabled. + type: boolean + enableVtpm: + description: Immutable. Optional. Defines whether instances + have the vTPM enabled. + type: boolean + type: object + subnetworkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tags: + description: Immutable. The Compute Engine tags to add to + all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). + items: + type: string + type: array + zone: + description: 'Immutable. Optional. The zone where the Compute + Engine cluster will be located. On a create request, it + is required in the "global" region. If omitted in a non-global + Dataproc region, the service will pick a zone in the corresponding + Compute Engine region. On a get request, zone will always + be present. A full URL, partial URI, or short name are valid. + Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` + * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + type: string + type: object + initializationActions: + description: 'Immutable. Optional. Commands to execute on each + node after config is completed. By default, executables are + run on master and all worker nodes. You can test a node''s `role` + metadata to run an executable on a master or worker node, as + shown below using `curl` (you can also use `wget`): ROLE=$(curl + -H Metadata-Flavor:Google http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) + if [[ "${ROLE}" == ''Master'' ]]; then ... master specific actions + ... else ... worker specific actions ... fi' + items: + properties: + executableFile: + description: Immutable. Required. Cloud Storage URI of executable + file. + type: string + executionTimeout: + description: Immutable. Optional. Amount of time executable + has to complete. Default is 10 minutes (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + Cluster creation fails with an explanatory error message + (the name of the executable that caused the error and + the exceeded timeout period) if the executable is not + completed at end of the timeout period. + type: string + required: + - executableFile + type: object + type: array + lifecycleConfig: + description: Immutable. Optional. Lifecycle setting for the cluster. + properties: + autoDeleteTime: + description: Immutable. Optional. The time when cluster will + be auto-deleted (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + autoDeleteTtl: + description: Immutable. Optional. The lifetime duration of + cluster. The cluster will be auto-deleted at the end of + this period. Minimum value is 10 minutes; maximum value + is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + idleDeleteTtl: + description: Immutable. Optional. The duration to keep the + cluster alive while idling (when no jobs are running). Passing + this threshold will cause the cluster to be deleted. Minimum + value is 5 minutes; maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + type: object + masterConfig: + description: Immutable. Optional. The Compute Engine config settings + for the master instance in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + metastoreConfig: + description: Immutable. Optional. Metastore configuration. + properties: + dataprocMetastoreServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Required. Resource name of an existing Dataproc + Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + type: string + name: + description: |- + [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - dataprocMetastoreServiceRef + type: object + secondaryWorkerConfig: + description: Immutable. Optional. The Compute Engine config settings + for additional worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + securityConfig: + description: Immutable. Optional. Security settings for the cluster. + properties: + identityConfig: + description: Immutable. Optional. Identity related configuration, + including service account based secure multi-tenancy user + mappings. + properties: + userServiceAccountMapping: + additionalProperties: + type: string + description: Immutable. Required. Map of user to service + account. + type: object + required: + - userServiceAccountMapping + type: object + kerberosConfig: + description: Immutable. Optional. Kerberos related configuration. + properties: + crossRealmTrustAdminServer: + description: Immutable. Optional. The admin server (IP + or hostname) for the remote trusted realm in a cross + realm trust relationship. + type: string + crossRealmTrustKdc: + description: Immutable. Optional. The KDC (IP or hostname) + for the remote trusted realm in a cross realm trust + relationship. + type: string + crossRealmTrustRealm: + description: Immutable. Optional. The remote realm the + Dataproc on-cluster KDC will trust, should the user + enable cross realm trust. + type: string + crossRealmTrustSharedPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the shared password + between the on-cluster Kerberos realm and the remote + trusted realm, in a cross realm trust relationship. + type: string + enableKerberos: + description: 'Immutable. Optional. Flag to indicate whether + to Kerberize the cluster (default: false). Set this + field to true to enable Kerberos on a cluster.' + type: boolean + kdcDbKey: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the master key of + the KDC database. + type: string + keyPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided key. For the self-signed certificate, + this password is generated by Dataproc. + type: string + keystore: + description: Immutable. Optional. The Cloud Storage URI + of the keystore file used for SSL encryption. If not + provided, Dataproc will provide a self-signed certificate. + type: string + keystorePassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided keystore. For the self-signed certificate, + this password is generated by Dataproc. + type: string + kmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The uri of the KMS key used to encrypt various sensitive files. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + realm: + description: Immutable. Optional. The name of the on-cluster + Kerberos realm. If not specified, the uppercased domain + of hostnames will be the realm. + type: string + rootPrincipalPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the root principal + password. + type: string + tgtLifetimeHours: + description: Immutable. Optional. The lifetime of the + ticket granting ticket, in hours. If not specified, + or user specifies 0, then default value 10 will be used. + format: int64 + type: integer + truststore: + description: Immutable. Optional. The Cloud Storage URI + of the truststore file used for SSL encryption. If not + provided, Dataproc will provide a self-signed certificate. + type: string + truststorePassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided truststore. For the self-signed certificate, + this password is generated by Dataproc. + type: string + type: object + type: object + softwareConfig: + description: Immutable. Optional. The config settings for software + inside the cluster. + properties: + imageVersion: + description: Immutable. Optional. The version of software + inside the cluster. It must be one of the supported [Dataproc + Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), + such as "1.2" (including a subminor version, such as "1.2.29"), + or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). + If unspecified, it defaults to the latest Debian version. + type: string + optionalComponents: + description: Immutable. Optional. The set of components to + activate on the cluster. + items: + type: string + type: array + properties: + additionalProperties: + type: string + description: 'Immutable. Optional. The properties to set on + daemon config files. Property keys are specified in `prefix:property` + format, for example `core:hadoop.tmp.dir`. The following + are supported prefixes and their mappings: * capacity-scheduler: + `capacity-scheduler.xml` * core: `core-site.xml` * distcp: + `distcp-default.xml` * hdfs: `hdfs-site.xml` * hive: `hive-site.xml` + * mapred: `mapred-site.xml` * pig: `pig.properties` * spark: + `spark-defaults.conf` * yarn: `yarn-site.xml` For more information, + see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + stagingBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tempBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + workerConfig: + description: Immutable. Optional. The Compute Engine config settings + for worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + type: object + location: + description: Immutable. The location for the resource, usually a GCP + region. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The Google Cloud Platform project ID that the cluster belongs to. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + virtualClusterConfig: + description: Immutable. Optional. The virtual cluster config is used + when creating a Dataproc cluster that does not directly control + the underlying compute resources, for example, when creating a [Dataproc-on-GKE + cluster](https://cloud.google.com/dataproc/docs/guides/dpgke/dataproc-gke). + Dataproc may set default values, and values may change when clusters + are updated. Exactly one of config or virtual_cluster_config must + be specified. + properties: + auxiliaryServicesConfig: + description: Immutable. Optional. Configuration of auxiliary services + used by this cluster. + properties: + metastoreConfig: + description: Immutable. Optional. The Hive Metastore configuration + for this workload. + properties: + dataprocMetastoreServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Required. Resource name of an existing + Dataproc Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + type: string + name: + description: |- + [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - dataprocMetastoreServiceRef + type: object + sparkHistoryServerConfig: + description: Immutable. Optional. The Spark History Server + configuration for the workload. + properties: + dataprocClusterRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. Resource name of an existing Dataproc Cluster to act as a Spark History Server for the workload. Example: * `projects/[project_id]/regions/[region]/clusters/[cluster_name]` + + Allowed value: The `selfLink` field of a `DataprocCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + kubernetesClusterConfig: + description: Immutable. Required. The configuration for running + the Dataproc cluster on Kubernetes. + properties: + gkeClusterConfig: + description: Immutable. Required. The configuration for running + the Dataproc cluster on GKE. + properties: + gkeClusterTargetRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A target GKE cluster to deploy to. It must be in the same project and region as the Dataproc cluster (the GKE cluster can be zonal or regional). Format: 'projects/{project}/locations/{location}/clusters/{cluster_id}' + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodePoolTarget: + description: Immutable. Optional. GKE node pools where + workloads will be scheduled. At least one node pool + must be assigned the `DEFAULT` GkeNodePoolTarget.Role. + If a `GkeNodePoolTarget` is not specified, Dataproc + constructs a `DEFAULT` `GkeNodePoolTarget`. Each role + can be given to only one `GkeNodePoolTarget`. All node + pools must have the same location settings. + items: + properties: + nodePoolConfig: + description: Immutable. Input only. The configuration + for the GKE node pool. If specified, Dataproc + attempts to create a node pool with the specified + shape. If one with the same name already exists, + it is verified against all specified fields. If + a field differs, the virtual cluster creation + will fail. If omitted, any node pool with the + specified name is used. If a node pool with the + specified name does not exist, Dataproc create + a node pool with default values. This is an input + only field. It will not be returned by the API. + properties: + autoscaling: + description: Immutable. Optional. The autoscaler + configuration for this node pool. The autoscaler + is enabled only when a valid configuration + is present. + properties: + maxNodeCount: + description: Immutable. The maximum number + of nodes in the node pool. Must be >= + min_node_count, and must be > 0. **Note:** + Quota must be sufficient to scale up the + cluster. + format: int64 + type: integer + minNodeCount: + description: Immutable. The minimum number + of nodes in the node pool. Must be >= + 0 and <= max_node_count. + format: int64 + type: integer + type: object + config: + description: Immutable. Optional. The node pool + configuration. + properties: + accelerators: + description: Immutable. Optional. A list + of [hardware accelerators](https://cloud.google.com/compute/docs/gpus) + to attach to each node. + items: + properties: + acceleratorCount: + description: Immutable. The number + of accelerator cards exposed to + an instance. + format: int64 + type: integer + acceleratorType: + description: Immutable. The accelerator + type resource namename (see GPUs + on Compute Engine). + type: string + gpuPartitionSize: + description: Immutable. Size of partitions + to create on the GPU. Valid values + are described in the NVIDIA [mig + user guide](https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). + type: string + type: object + type: array + bootDiskKmsKey: + description: 'Immutable. Optional. The [Customer + Managed Encryption Key (CMEK)] (https://cloud.google.com/kubernetes-engine/docs/how-to/using-cmek) + used to encrypt the boot disk attached + to each node in the node pool. Specify + the key using the following format: `projects/KEY_PROJECT_ID/locations/LOCATION/keyRings/RING_NAME/cryptoKeys/KEY_NAME`.' + type: string + ephemeralStorageConfig: + description: Immutable. Optional. Parameters + for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed + by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local + SSDs to use to back ephemeral storage. + Uses NVMe interfaces. Each local SSD + is 375 GB in size. If zero, it means + to disable using local SSDs as ephemeral + storage. + format: int64 + type: integer + type: object + localSsdCount: + description: Immutable. Optional. The number + of local SSD disks to attach to the node, + which is limited by the maximum number + of disks allowable per zone (see [Adding + Local SSDs](https://cloud.google.com/compute/docs/disks/local-ssd)). + format: int64 + type: integer + machineType: + description: Immutable. Optional. The name + of a Compute Engine [machine type](https://cloud.google.com/compute/docs/machine-types). + type: string + minCpuPlatform: + description: Immutable. Optional. [Minimum + CPU platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform) + to be used by this instance. The instance + may be scheduled on the specified or a + newer CPU platform. Specify the friendly + names of CPU platforms, such as "Intel + Haswell"` or Intel Sandy Bridge". + type: string + preemptible: + description: Immutable. Optional. Whether + the nodes are created as legacy [preemptible + VM instances] (https://cloud.google.com/compute/docs/instances/preemptible). + Also see Spot VMs, preemptible VM instances + without a maximum lifetime. Legacy and + Spot preemptible nodes cannot be used + in a node pool with the `CONTROLLER` [role] + (/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) + or in the DEFAULT node pool if the CONTROLLER + role is not assigned (the DEFAULT node + pool will assume the CONTROLLER role). + type: boolean + spot: + description: Immutable. Optional. Whether + the nodes are created as [Spot VM instances] + (https://cloud.google.com/compute/docs/instances/spot). + Spot VMs are the latest update to legacy + preemptible VMs. Spot VMs do not have + a maximum lifetime. Legacy and Spot preemptible + nodes cannot be used in a node pool with + the `CONTROLLER` [role](/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) + or in the DEFAULT node pool if the CONTROLLER + role is not assigned (the DEFAULT node + pool will assume the CONTROLLER role). + type: boolean + type: object + locations: + description: Immutable. Optional. The list of + Compute Engine [zones](https://cloud.google.com/compute/docs/zones#available) + where node pool nodes associated with a Dataproc + on GKE virtual cluster will be located. **Note:** + All node pools associated with a virtual cluster + must be located in the same region as the + virtual cluster, and they must be located + in the same zone within that region. If a + location is not specified during node pool + creation, Dataproc on GKE will choose the + zone. + items: + type: string + type: array + type: object + nodePoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The target GKE node pool. Format: 'projects/{project}/locations/{location}/clusters/{cluster}/nodePools/{node_pool}' + + Allowed value: The `selfLink` field of a `ContainerNodePool` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + roles: + description: Immutable. Required. The roles associated + with the GKE node pool. + items: + type: string + type: array + required: + - nodePoolRef + - roles + type: object + type: array + type: object + kubernetesNamespace: + description: Immutable. Optional. A namespace within the Kubernetes + cluster to deploy into. If this namespace does not exist, + it is created. If it exists, Dataproc verifies that another + Dataproc VirtualCluster is not installed into it. If not + specified, the name of the Dataproc Cluster is used. + type: string + kubernetesSoftwareConfig: + description: Immutable. Optional. The software configuration + for this Dataproc cluster running on Kubernetes. + properties: + componentVersion: + additionalProperties: + type: string + description: Immutable. The components that should be + installed in this Dataproc cluster. The key must be + a string from the KubernetesComponent enumeration. The + value is the version of the software to be installed. + At least one entry must be specified. + type: object + properties: + additionalProperties: + type: string + description: 'Immutable. The properties to set on daemon + config files. Property keys are specified in `prefix:property` + format, for example `spark:spark.kubernetes.container.image`. + The following are supported prefixes and their mappings: + * spark: `spark-defaults.conf` For more information, + see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + required: + - gkeClusterConfig + type: object + stagingBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging and temp buckets](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a `gs://...` URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kubernetesClusterConfig + type: object + required: + - location + type: object + status: + properties: + clusterUuid: + description: Output only. A cluster UUID (Unique Universal Identifier). + Dataproc generates this value when it creates the cluster. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + config: + properties: + endpointConfig: + properties: + httpPorts: + additionalProperties: + type: string + description: Output only. The map of port descriptions to + URLs. Will only be populated if enable_http_port_access + is true. + type: object + type: object + lifecycleConfig: + properties: + idleStartTime: + description: Output only. The time when cluster became idle + (most recent job finished) and became eligible for deletion + due to idleness (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + type: object + masterConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + secondaryWorkerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + workerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + type: object + metrics: + description: 'Output only. Contains cluster daemon metrics such as + HDFS and YARN stats. **Beta Feature**: This report is available + for testing purposes only. It may be changed before final release.' + properties: + hdfsMetrics: + additionalProperties: + type: string + description: The HDFS metrics. + type: object + yarnMetrics: + additionalProperties: + type: string + description: The YARN metrics. + type: object + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + status: + description: Output only. Cluster status. + properties: + detail: + description: Optional. Output only. Details of cluster's state. + type: string + state: + description: 'Output only. The cluster''s state. Possible values: + UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, + STOPPED, STARTING' + type: string + stateStartTime: + description: Output only. Time when this state was entered (see + JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + substate: + description: 'Output only. Additional state information that includes + status reported by the agent. Possible values: UNSPECIFIED, + UNHEALTHY, STALE_STATUS' + type: string + type: object + statusHistory: + description: Output only. The previous cluster status. + items: + properties: + detail: + description: Optional. Output only. Details of cluster's state. + type: string + state: + description: 'Output only. The cluster''s state. Possible values: + UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, + STOPPED, STARTING' + type: string + stateStartTime: + description: Output only. Time when this state was entered (see + JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + substate: + description: 'Output only. Additional state information that + includes status reported by the agent. Possible values: UNSPECIFIED, + UNHEALTHY, STALE_STATUS' + type: string + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dataprocworkflowtemplates.dataproc.cnrm.cloud.google.com +spec: + group: dataproc.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataprocWorkflowTemplate + plural: dataprocworkflowtemplates + shortNames: + - gcpdataprocworkflowtemplate + - gcpdataprocworkflowtemplates + singular: dataprocworkflowtemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dagTimeout: + description: Immutable. Optional. Timeout duration for the DAG of + jobs, expressed in seconds (see [JSON representation of duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + The timeout duration must be from 10 minutes ("600s") to 24 hours + ("86400s"). The timer begins when the first job is submitted. If + the workflow is running at the end of the timeout period, any remaining + jobs are cancelled, the workflow is ended, and if the workflow was + running on a [managed cluster](/dataproc/docs/concepts/workflows/using-workflows#configuring_or_selecting_a_cluster), + the cluster is deleted. + type: string + jobs: + description: Immutable. Required. The Directed Acyclic Graph of Jobs + to submit. + items: + properties: + hadoopJob: + description: Immutable. Optional. Job is a Hadoop job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted in the working directory of Hadoop drivers + and tasks. Supported file types: .jar, .tar, .tar.gz, + .tgz, or .zip.' + items: + type: string + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `-libjars` + or `-Dfoo=bar`, that can be set as job properties, since + a collision may occur that causes an incorrect job submission. + items: + type: string + type: array + fileUris: + description: Immutable. Optional. HCFS (Hadoop Compatible + Filesystem) URIs of files to be copied to the working + directory of Hadoop drivers and distributed tasks. Useful + for naively parallel tasks. + items: + type: string + type: array + jarFileUris: + description: Immutable. Optional. Jar file URIs to add to + the CLASSPATHs of the Hadoop driver and tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainClass: + description: Immutable. The name of the driver's main class. + The jar file containing the class must be in the default + CLASSPATH or specified in `jar_file_uris`. + type: string + mainJarFileUri: + description: 'Immutable. The HCFS URI of the jar file containing + the main class. Examples: ''gs://foo-bucket/analytics-binaries/extract-useful-metrics-mr.jar'' + ''hdfs:/tmp/test-samples/custom-wordcount.jar'' ''file:///home/usr/lib/hadoop-mapreduce/hadoop-mapreduce-examples.jar''' + type: string + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure Hadoop. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/hadoop/conf/*-site + and classes in user code. + type: object + type: object + hiveJob: + description: Immutable. Optional. Job is a Hive job. + properties: + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATH of the Hive server and Hadoop + MapReduce (MR) tasks. Can contain Hive SerDes and UDFs. + items: + type: string + type: array + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names and values, used to configure Hive. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/hadoop/conf/*-site.xml, + /etc/hive/conf/hive-site.xml, and classes in user code. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains Hive queries. + type: string + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + scriptVariables: + additionalProperties: + type: string + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Hive command: `SET + name="value";`).' + type: object + type: object + labels: + additionalProperties: + type: string + description: 'Immutable. Optional. The labels to associate with + this job. Label keys must be between 1 and 63 characters long, + and must conform to the following regular expression: p{Ll}p{Lo}{0,62} + Label values must be between 1 and 63 characters long, and + must conform to the following regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} + No more than 32 labels can be associated with a given job.' + type: object + pigJob: + description: Immutable. Optional. Job is a Pig job. + properties: + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATH of the Pig Client and Hadoop MapReduce + (MR) tasks. Can contain Pig UDFs. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure Pig. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/hadoop/conf/*-site.xml, + /etc/pig/conf/pig.properties, and classes in user code. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains the Pig queries. + type: string + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + scriptVariables: + additionalProperties: + type: string + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Pig command: `name=[value]`).' + type: object + type: object + prerequisiteStepIds: + description: Immutable. Optional. The optional list of prerequisite + job step_ids. If not specified, the job will start at the + beginning of workflow. + items: + type: string + type: array + prestoJob: + description: Immutable. Optional. Job is a Presto job. + properties: + clientTags: + description: Immutable. Optional. Presto client tags to + attach to this query + items: + type: string + type: array + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + outputFormat: + description: Immutable. Optional. The format in which query + output will be displayed. See the Presto documentation + for supported output formats + type: string + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values. Used to set Presto [session properties](https://prestodb.io/docs/current/sql/set-session.html) + Equivalent to using the --session flag in the Presto CLI + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains SQL queries. + type: string + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + type: object + pysparkJob: + description: Immutable. Optional. Job is a PySpark job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: + type: string + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: + type: string + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: + type: string + type: array + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATHs of the Python driver and tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainPythonFileUri: + description: Immutable. Required. The HCFS URI of the main + Python file to use as the driver. Must be a .py file. + type: string + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure PySpark. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + pythonFileUris: + description: 'Immutable. Optional. HCFS file URIs of Python + files to pass to the PySpark framework. Supported file + types: .py, .egg, and .zip.' + items: + type: string + type: array + required: + - mainPythonFileUri + type: object + scheduling: + description: Immutable. Optional. Job scheduling configuration. + properties: + maxFailuresPerHour: + description: Immutable. Optional. Maximum number of times + per hour a driver may be restarted as a result of driver + exiting with non-zero code before job is reported failed. + A job may be reported as thrashing if driver exits with + non-zero code 4 times within 10 minute window. Maximum + value is 10. + format: int64 + type: integer + maxFailuresTotal: + description: Immutable. Optional. Maximum number of times + in total a driver may be restarted as a result of driver + exiting with non-zero code before job is reported failed. + Maximum value is 240. + format: int64 + type: integer + type: object + sparkJob: + description: Immutable. Optional. Job is a Spark job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: + type: string + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: + type: string + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: + type: string + type: array + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATHs of the Spark driver and tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainClass: + description: Immutable. The name of the driver's main class. + The jar file that contains the class must be in the default + CLASSPATH or specified in `jar_file_uris`. + type: string + mainJarFileUri: + description: Immutable. The HCFS URI of the jar file that + contains the main class. + type: string + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure Spark. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + type: object + sparkRJob: + description: Immutable. Optional. Job is a SparkR job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: + type: string + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: + type: string + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainRFileUri: + description: Immutable. Required. The HCFS URI of the main + R file to use as the driver. Must be a .R file. + type: string + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure SparkR. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + required: + - mainRFileUri + type: object + sparkSqlJob: + description: Immutable. Optional. Job is a SparkSql job. + properties: + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to be added to the Spark CLASSPATH. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure Spark SQL's SparkConf. + Properties that conflict with values set by the Dataproc + API may be overwritten. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains SQL queries. + type: string + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + scriptVariables: + additionalProperties: + type: string + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Spark SQL command: + SET `name="value";`).' + type: object + type: object + stepId: + description: Immutable. Required. The step id. The id must be + unique among all jobs within the template. The step id is + used as prefix for job id, as job `goog-dataproc-workflow-step-id` + label, and in prerequisiteStepIds field from other steps. + The id must contain only letters (a-z, A-Z), numbers (0-9), + underscores (_), and hyphens (-). Cannot begin or end with + underscore or hyphen. Must consist of between 3 and 50 characters. + type: string + required: + - stepId + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + parameters: + description: Immutable. Optional. Template parameters whose values + are substituted into the template. Values for parameters must be + provided when the template is instantiated. + items: + properties: + description: + description: Immutable. Optional. Brief description of the parameter. + Must not exceed 1024 characters. + type: string + fields: + description: 'Immutable. Required. Paths to all fields that + the parameter replaces. A field is allowed to appear in at + most one parameter''s list of field paths. A field path is + similar in syntax to a google.protobuf.FieldMask. For example, + a field path that references the zone field of a workflow + template''s cluster selector would be specified as `placement.clusterSelector.zone`. + Also, field paths can reference fields using the following + syntax: * Values in maps can be referenced by key: * labels[''key''] + * placement.clusterSelector.clusterLabels[''key''] * placement.managedCluster.labels[''key''] + * placement.clusterSelector.clusterLabels[''key''] * jobs[''step-id''].labels[''key''] + * Jobs in the jobs list can be referenced by step-id: * jobs[''step-id''].hadoopJob.mainJarFileUri + * jobs[''step-id''].hiveJob.queryFileUri * jobs[''step-id''].pySparkJob.mainPythonFileUri + * jobs[''step-id''].hadoopJob.jarFileUris[0] * jobs[''step-id''].hadoopJob.archiveUris[0] + * jobs[''step-id''].hadoopJob.fileUris[0] * jobs[''step-id''].pySparkJob.pythonFileUris[0] + * Items in repeated fields can be referenced by a zero-based + index: * jobs[''step-id''].sparkJob.args[0] * Other examples: + * jobs[''step-id''].hadoopJob.properties[''key''] * jobs[''step-id''].hadoopJob.args[0] + * jobs[''step-id''].hiveJob.scriptVariables[''key''] * jobs[''step-id''].hadoopJob.mainJarFileUri + * placement.clusterSelector.zone It may not be possible to + parameterize maps and repeated fields in their entirety since + only individual map values and individual items in repeated + fields can be referenced. For example, the following field + paths are invalid: - placement.clusterSelector.clusterLabels + - jobs[''step-id''].sparkJob.args' + items: + type: string + type: array + name: + description: Immutable. Required. Parameter name. The parameter + name is used as the key, and paired with the parameter value, + which are passed to the template when the template is instantiated. + The name must contain only capital letters (A-Z), numbers + (0-9), and underscores (_), and must not start with a number. + The maximum length is 40 characters. + type: string + validation: + description: Immutable. Optional. Validation rules to be applied + to this parameter's value. + properties: + regex: + description: Immutable. Validation based on regular expressions. + properties: + regexes: + description: Immutable. Required. RE2 regular expressions + used to validate the parameter's value. The value + must match the regex in its entirety (substring matches + are not sufficient). + items: + type: string + type: array + required: + - regexes + type: object + values: + description: Immutable. Validation based on a list of allowed + values. + properties: + values: + description: Immutable. Required. List of allowed values + for the parameter. + items: + type: string + type: array + required: + - values + type: object + type: object + required: + - fields + - name + type: object + type: array + placement: + description: Immutable. Required. WorkflowTemplate scheduling information. + properties: + clusterSelector: + description: Immutable. Optional. A selector that chooses target + cluster for jobs based on metadata. The selector is evaluated + at the time each job is submitted. + properties: + clusterLabels: + additionalProperties: + type: string + description: Immutable. Required. The cluster labels. Cluster + must have all labels to match. + type: object + zone: + description: Immutable. Optional. The zone where workflow + process executes. This parameter does not affect the selection + of the cluster. If unspecified, the zone of the first cluster + matching the selector is used. + type: string + required: + - clusterLabels + type: object + managedCluster: + description: Immutable. A cluster that is managed by the workflow. + properties: + clusterName: + description: Immutable. Required. The cluster name prefix. + A unique cluster name will be formed by appending a random + suffix. The name must contain only lower-case letters (a-z), + numbers (0-9), and hyphens (-). Must begin with a letter. + Cannot begin or end with hyphen. Must consist of between + 2 and 35 characters. + type: string + config: + description: Immutable. Required. The cluster configuration. + properties: + autoscalingConfig: + description: Immutable. Optional. Autoscaling config for + the policy associated with the cluster. Cluster does + not autoscale if this field is unset. + properties: + policyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. + + Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + encryptionConfig: + description: Immutable. Optional. Encryption settings + for the cluster. + properties: + gcePdKmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + endpointConfig: + description: Immutable. Optional. Port/endpoint configuration + for this cluster + properties: + enableHttpPortAccess: + description: Immutable. Optional. If true, enable + http access to specific ports on the cluster from + external sources. Defaults to false. + type: boolean + type: object + gceClusterConfig: + description: Immutable. Optional. The shared Compute Engine + config settings for all instances in a cluster. + properties: + internalIPOnly: + description: Immutable. Optional. If true, all instances + in the cluster will only have internal IP addresses. + By default, clusters are not restricted to internal + IP addresses, and will have ephemeral external IP + addresses assigned to each instance. This `internal_ip_only` + restriction can only be enabled for subnetwork enabled + networks, and all off-cluster dependencies must + be configured to be accessible without external + IP addresses. + type: boolean + metadata: + additionalProperties: + type: string + description: Immutable. The Compute Engine metadata + entries to add to all instances (see [Project and + instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). + type: object + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodeGroupAffinity: + description: Immutable. Optional. Node Group Affinity + for sole-tenant clusters. + properties: + nodeGroupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` + + Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - nodeGroupRef + type: object + privateIPv6GoogleAccess: + description: 'Immutable. Optional. The type of IPv6 + access for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, + INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' + type: string + reservationAffinity: + description: Immutable. Optional. Reservation Affinity + for consuming Zonal reservation. + properties: + consumeReservationType: + description: 'Immutable. Optional. Type of reservation + to consume Possible values: TYPE_UNSPECIFIED, + NO_RESERVATION, ANY_RESERVATION, SPECIFIC_RESERVATION' + type: string + key: + description: Immutable. Optional. Corresponds + to the label key of reservation resource. + type: string + values: + description: Immutable. Optional. Corresponds + to the label values of reservation resource. + items: + type: string + type: array + type: object + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + serviceAccountScopes: + description: 'Immutable. Optional. The URIs of service + account scopes to be included in Compute Engine + instances. The following base set of scopes is always + included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly + * https://www.googleapis.com/auth/devstorage.read_write + * https://www.googleapis.com/auth/logging.write + If no scopes are specified, the following defaults + are also provided: * https://www.googleapis.com/auth/bigquery + * https://www.googleapis.com/auth/bigtable.admin.table + * https://www.googleapis.com/auth/bigtable.data + * https://www.googleapis.com/auth/devstorage.full_control' + items: + type: string + type: array + shieldedInstanceConfig: + description: Immutable. Optional. Shielded Instance + Config for clusters using Compute Engine Shielded + VMs. + properties: + enableIntegrityMonitoring: + description: Immutable. Optional. Defines whether + instances have integrity monitoring enabled. + Integrity monitoring compares the most recent + boot measurements to the integrity policy baseline + and returns a pair of pass/fail results depending + on whether they match or not. + type: boolean + enableSecureBoot: + description: Immutable. Optional. Defines whether + the instances have Secure Boot enabled. Secure + Boot helps ensure that the system only runs + authentic software by verifying the digital + signature of all boot components, and halting + the boot process if signature verification fails. + type: boolean + enableVtpm: + description: Immutable. Optional. Defines whether + the instance have the vTPM enabled. Virtual + Trusted Platform Module protects objects like + keys, certificates and enables Measured Boot + by performing the measurements needed to create + a known good boot baseline, called the integrity + policy baseline. + type: boolean + type: object + subnetworkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tags: + description: Immutable. The Compute Engine tags to + add to all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). + items: + type: string + type: array + zone: + description: 'Immutable. Optional. The zone where + the Compute Engine cluster will be located. On a + create request, it is required in the "global" region. + If omitted in a non-global Dataproc region, the + service will pick a zone in the corresponding Compute + Engine region. On a get request, zone will always + be present. A full URL, partial URI, or short name + are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` + * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + type: string + type: object + initializationActions: + description: 'Immutable. Optional. Commands to execute + on each node after config is completed. By default, + executables are run on master and all worker nodes. + You can test a node''s `role` metadata to run an executable + on a master or worker node, as shown below using `curl` + (you can also use `wget`): ROLE=$(curl -H Metadata-Flavor:Google + http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) + if [[ "${ROLE}" == ''Master'' ]]; then ... master specific + actions ... else ... worker specific actions ... fi' + items: + properties: + executableFile: + description: Immutable. Required. Cloud Storage + URI of executable file. + type: string + executionTimeout: + description: Immutable. Optional. Amount of time + executable has to complete. Default is 10 minutes + (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + Cluster creation fails with an explanatory error + message (the name of the executable that caused + the error and the exceeded timeout period) if + the executable is not completed at end of the + timeout period. + type: string + type: object + type: array + lifecycleConfig: + description: Immutable. Optional. Lifecycle setting for + the cluster. + properties: + autoDeleteTime: + description: Immutable. Optional. The time when cluster + will be auto-deleted (see JSON representation of + [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + autoDeleteTtl: + description: Immutable. Optional. The lifetime duration + of cluster. The cluster will be auto-deleted at + the end of this period. Minimum value is 10 minutes; + maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + idleDeleteTtl: + description: Immutable. Optional. The duration to + keep the cluster alive while idling (when no jobs + are running). Passing this threshold will cause + the cluster to be deleted. Minimum value is 5 minutes; + maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + type: object + masterConfig: + description: Immutable. Optional. The Compute Engine config + settings for the master instance in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + secondaryWorkerConfig: + description: Immutable. Optional. The Compute Engine config + settings for additional worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + securityConfig: + description: Immutable. Optional. Security settings for + the cluster. + properties: + kerberosConfig: + description: Immutable. Optional. Kerberos related + configuration. + properties: + crossRealmTrustAdminServer: + description: Immutable. Optional. The admin server + (IP or hostname) for the remote trusted realm + in a cross realm trust relationship. + type: string + crossRealmTrustKdc: + description: Immutable. Optional. The KDC (IP + or hostname) for the remote trusted realm in + a cross realm trust relationship. + type: string + crossRealmTrustRealm: + description: Immutable. Optional. The remote realm + the Dataproc on-cluster KDC will trust, should + the user enable cross realm trust. + type: string + crossRealmTrustSharedPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the shared + password between the on-cluster Kerberos realm + and the remote trusted realm, in a cross realm + trust relationship. + type: string + enableKerberos: + description: 'Immutable. Optional. Flag to indicate + whether to Kerberize the cluster (default: false). + Set this field to true to enable Kerberos on + a cluster.' + type: boolean + kdcDbKey: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the master + key of the KDC database. + type: string + keyPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided key. For the self-signed + certificate, this password is generated by Dataproc. + type: string + keystore: + description: Immutable. Optional. The Cloud Storage + URI of the keystore file used for SSL encryption. + If not provided, Dataproc will provide a self-signed + certificate. + type: string + keystorePassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided keystore. For the self-signed + certificate, this password is generated by Dataproc. + type: string + kmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The uri of the KMS key used to encrypt various sensitive files. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + realm: + description: Immutable. Optional. The name of + the on-cluster Kerberos realm. If not specified, + the uppercased domain of hostnames will be the + realm. + type: string + rootPrincipalPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the root + principal password. + type: string + tgtLifetimeHours: + description: Immutable. Optional. The lifetime + of the ticket granting ticket, in hours. If + not specified, or user specifies 0, then default + value 10 will be used. + format: int64 + type: integer + truststore: + description: Immutable. Optional. The Cloud Storage + URI of the truststore file used for SSL encryption. + If not provided, Dataproc will provide a self-signed + certificate. + type: string + truststorePassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided truststore. For the self-signed + certificate, this password is generated by Dataproc. + type: string + type: object + type: object + softwareConfig: + description: Immutable. Optional. The config settings + for software inside the cluster. + properties: + imageVersion: + description: Immutable. Optional. The version of software + inside the cluster. It must be one of the supported + [Dataproc Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), + such as "1.2" (including a subminor version, such + as "1.2.29"), or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). + If unspecified, it defaults to the latest Debian + version. + type: string + optionalComponents: + description: Immutable. Optional. The set of components + to activate on the cluster. + items: + type: string + type: array + properties: + additionalProperties: + type: string + description: 'Immutable. Optional. The properties + to set on daemon config files. Property keys are + specified in `prefix:property` format, for example + `core:hadoop.tmp.dir`. The following are supported + prefixes and their mappings: * capacity-scheduler: + `capacity-scheduler.xml` * core: `core-site.xml` + * distcp: `distcp-default.xml` * hdfs: `hdfs-site.xml` + * hive: `hive-site.xml` * mapred: `mapred-site.xml` + * pig: `pig.properties` * spark: `spark-defaults.conf` + * yarn: `yarn-site.xml` For more information, see + [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + stagingBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tempBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + workerConfig: + description: Immutable. Optional. The Compute Engine config + settings for worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + type: object + labels: + additionalProperties: + type: string + description: 'Immutable. Optional. The labels to associate + with this cluster. Label keys must be between 1 and 63 characters + long, and must conform to the following PCRE regular expression: + p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters + long, and must conform to the following PCRE regular expression: + [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated + with a given cluster.' + type: object + required: + - clusterName + - config + type: object + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - jobs + - location + - placement + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time template was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + placement: + properties: + managedCluster: + properties: + config: + properties: + endpointConfig: + properties: + httpPorts: + additionalProperties: + type: string + description: Output only. The map of port descriptions + to URLs. Will only be populated if enable_http_port_access + is true. + type: object + type: object + lifecycleConfig: + properties: + idleStartTime: + description: Output only. The time when cluster became + idle (most recent job finished) and became eligible + for deletion due to idleness (see JSON representation + of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + type: object + masterConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + secondaryWorkerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + workerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + type: object + type: object + type: object + updateTime: + description: Output only. The time template was last updated. + format: date-time + type: string + version: + description: Output only. The current version of this workflow template. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datastoreindexes.datastore.cnrm.cloud.google.com +spec: + group: datastore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DatastoreIndex + plural: datastoreindexes + shortNames: + - gcpdatastoreindex + - gcpdatastoreindexes + singular: datastoreindex + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + ancestor: + description: 'Immutable. Policy for including ancestors in the index. + Default value: "NONE" Possible values: ["NONE", "ALL_ANCESTORS"].' + type: string + kind: + description: Immutable. The entity kind which the index applies to. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + properties: + description: Immutable. An ordered list of properties to index on. + items: + properties: + direction: + description: 'Immutable. The direction the index should optimize + for sorting. Possible values: ["ASCENDING", "DESCENDING"].' + type: string + name: + description: Immutable. The property name to index. + type: string + required: + - direction + - name + type: object + type: array + resourceID: + description: Immutable. Optional. The service-generated indexId of + the resource. Used for acquisition only. Leave unset to create a + new resource. + type: string + required: + - kind + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + indexId: + description: The index id. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datastreamconnectionprofiles.datastream.cnrm.cloud.google.com +spec: + group: datastream.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DatastreamConnectionProfile + plural: datastreamconnectionprofiles + shortNames: + - gcpdatastreamconnectionprofile + - gcpdatastreamconnectionprofiles + singular: datastreamconnectionprofile + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bigqueryProfile: + description: BigQuery warehouse profile. + type: object + x-kubernetes-preserve-unknown-fields: true + displayName: + description: Display name. + type: string + forwardSshConnectivity: + description: Forward SSH tunnel connectivity. + properties: + hostname: + description: Hostname for the SSH tunnel. + type: string + password: + description: Immutable. SSH password. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the SSH tunnel. + type: integer + privateKey: + description: Immutable. SSH private key. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + description: Username for the SSH tunnel. + type: string + required: + - hostname + - username + type: object + gcsProfile: + description: Cloud Storage bucket profile. + properties: + bucket: + description: The Cloud Storage bucket name. + type: string + rootPath: + description: The root path inside the Cloud Storage bucket. + type: string + required: + - bucket + type: object + location: + description: Immutable. The name of the location this connection profile + is located in. + type: string + mysqlProfile: + description: MySQL database profile. + properties: + hostname: + description: Hostname for the MySQL connection. + type: string + password: + description: Password for the MySQL connection. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the MySQL connection. + type: integer + sslConfig: + description: SSL configuration for the MySQL connection. + properties: + caCertificate: + description: |- + Immutable. PEM-encoded certificate of the CA that signed the source database + server's certificate. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + caCertificateSet: + description: Indicates whether the clientKey field is set. + type: boolean + clientCertificate: + description: |- + Immutable. PEM-encoded certificate that will be used by the replica to + authenticate against the source database server. If this field + is used then the 'clientKey' and the 'caCertificate' fields are + mandatory. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + clientCertificateSet: + description: Indicates whether the clientCertificate field + is set. + type: boolean + clientKey: + description: |- + Immutable. PEM-encoded private key associated with the Client Certificate. + If this field is used then the 'client_certificate' and the + 'ca_certificate' fields are mandatory. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + clientKeySet: + description: Indicates whether the clientKey field is set. + type: boolean + type: object + username: + description: Username for the MySQL connection. + type: string + required: + - hostname + - password + - username + type: object + oracleProfile: + description: Oracle database profile. + properties: + connectionAttributes: + additionalProperties: + type: string + description: Connection string attributes. + type: object + databaseService: + description: Database for the Oracle connection. + type: string + hostname: + description: Hostname for the Oracle connection. + type: string + password: + description: Password for the Oracle connection. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the Oracle connection. + type: integer + username: + description: Username for the Oracle connection. + type: string + required: + - databaseService + - hostname + - password + - username + type: object + postgresqlProfile: + description: PostgreSQL database profile. + properties: + database: + description: Database for the PostgreSQL connection. + type: string + hostname: + description: Hostname for the PostgreSQL connection. + type: string + password: + description: Password for the PostgreSQL connection. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the PostgreSQL connection. + type: integer + username: + description: Username for the PostgreSQL connection. + type: string + required: + - database + - hostname + - password + - username + type: object + privateConnectivity: + description: Private connectivity. + properties: + privateConnection: + description: 'A reference to a private connection resource. Format: + ''projects/{project}/locations/{location}/privateConnections/{name}''.' + type: string + required: + - privateConnection + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The connectionProfileId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - displayName + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The resource's name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datastreamprivateconnections.datastream.cnrm.cloud.google.com +spec: + group: datastream.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DatastreamPrivateConnection + plural: datastreamprivateconnections + shortNames: + - gcpdatastreamprivateconnection + - gcpdatastreamprivateconnections + singular: datastreamprivateconnection + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Immutable. Display name. + type: string + location: + description: Immutable. The name of the location this private connection + is located in. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The privateConnectionId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + vpcPeeringConfig: + description: |- + Immutable. The VPC Peering configuration is used to create VPC peering + between Datastream and the consumer's VPC. + properties: + subnet: + description: Immutable. A free subnet for peering. (CIDR of /29). + type: string + vpc: + description: |- + Immutable. Fully qualified name of the VPC that Datastream will peer to. + Format: projects/{project}/global/{networks}/{name}. + type: string + required: + - subnet + - vpc + type: object + required: + - displayName + - location + - projectRef + - vpcPeeringConfig + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + error: + description: The PrivateConnection error in case of failure. + items: + properties: + details: + additionalProperties: + type: string + description: A list of messages that carry the error details. + type: object + message: + description: A message containing more information about the + error that occurred. + type: string + type: object + type: array + name: + description: The resource's name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: State of the PrivateConnection. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datastreamstreams.datastream.cnrm.cloud.google.com +spec: + group: datastream.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DatastreamStream + plural: datastreamstreams + shortNames: + - gcpdatastreamstream + - gcpdatastreamstreams + singular: datastreamstream + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backfillAll: + description: Backfill strategy to automatically backfill the Stream's + objects. Specific objects can be excluded. + properties: + mysqlExcludedObjects: + description: MySQL data source objects to avoid backfilling. + properties: + mysqlDatabases: + description: MySQL databases on the server. + items: + properties: + database: + description: Database name. + type: string + mysqlTables: + description: Tables in the database. + items: + properties: + mysqlColumns: + description: MySQL columns in the schema. When + unspecified as part of include/exclude objects, + includes/excludes everything. + items: + properties: + collation: + description: Column collation. + type: string + column: + description: Column name. + type: string + dataType: + description: |- + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column can + accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of the + column in the table. + type: integer + primaryKey: + description: Whether or not the column represents + a primary key. + type: boolean + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + required: + - database + type: object + type: array + required: + - mysqlDatabases + type: object + oracleExcludedObjects: + description: PostgreSQL data source objects to avoid backfilling. + properties: + oracleSchemas: + description: Oracle schemas/databases in the database server. + items: + properties: + oracleTables: + description: Tables in the database. + items: + properties: + oracleColumns: + description: Oracle columns in the schema. When + unspecified as part of include/exclude objects, + includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html. + type: string + encoding: + description: Column encoding. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column can + accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of the + column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column represents + a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Schema name. + type: string + required: + - schema + type: object + type: array + required: + - oracleSchemas + type: object + postgresqlExcludedObjects: + description: PostgreSQL data source objects to avoid backfilling. + properties: + postgresqlSchemas: + description: PostgreSQL schemas on the server. + items: + properties: + postgresqlTables: + description: Tables in the schema. + items: + properties: + postgresqlColumns: + description: PostgreSQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column can + accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of the + column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column represents + a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Database name. + type: string + required: + - schema + type: object + type: array + required: + - postgresqlSchemas + type: object + type: object + backfillNone: + description: Backfill strategy to disable automatic backfill for the + Stream's objects. + type: object + x-kubernetes-preserve-unknown-fields: true + customerManagedEncryptionKey: + description: |- + Immutable. A reference to a KMS encryption key. If provided, it will be used to encrypt the data. If left blank, data + will be encrypted using an internal Stream-specific encryption key provisioned through KMS. + type: string + desiredState: + description: Desired state of the Stream. Set this field to 'RUNNING' + to start the stream, and 'PAUSED' to pause the stream. + type: string + destinationConfig: + description: Destination connection profile configuration. + properties: + bigqueryDestinationConfig: + description: A configuration for how data should be loaded to + Cloud Storage. + properties: + dataFreshness: + description: |- + The guaranteed data freshness (in seconds) when querying tables created by the stream. + Editing this field will only affect new tables created in the future, but existing tables + will not be impacted. Lower values mean that queries will return fresher data, but may result in higher cost. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. + type: string + singleTargetDataset: + description: A single target dataset to which all data will + be streamed. + properties: + datasetId: + description: |- + Dataset ID in the format projects/{project}/datasets/{dataset_id} or + {project}:{dataset_id}. + type: string + required: + - datasetId + type: object + sourceHierarchyDatasets: + description: Destination datasets are created so that hierarchy + of the destination data objects matches the source hierarchy. + properties: + datasetTemplate: + description: Dataset template used for dynamic dataset + creation. + properties: + datasetIdPrefix: + description: |- + If supplied, every created dataset will have its name prefixed by the provided value. + The prefix and name will be separated by an underscore. i.e. _. + type: string + kmsKeyName: + description: |- + Immutable. Describes the Cloud KMS encryption key that will be used to protect destination BigQuery + table. The BigQuery Service Account associated with your project requires access to this + encryption key. i.e. projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{cryptoKey}. + See https://cloud.google.com/bigquery/docs/customer-managed-encryption for more information. + type: string + location: + description: |- + The geographic location where the dataset should reside. + See https://cloud.google.com/bigquery/docs/locations for supported locations. + type: string + required: + - location + type: object + required: + - datasetTemplate + type: object + type: object + destinationConnectionProfile: + description: 'Immutable. Destination connection profile resource. + Format: projects/{project}/locations/{location}/connectionProfiles/{name}.' + type: string + gcsDestinationConfig: + description: A configuration for how data should be loaded to + Cloud Storage. + properties: + avroFileFormat: + description: AVRO file format configuration. + type: object + x-kubernetes-preserve-unknown-fields: true + fileRotationInterval: + description: |- + The maximum duration for which new events are added before a file is closed and a new file is created. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. + type: string + fileRotationMb: + description: The maximum file size to be saved in the bucket. + type: integer + jsonFileFormat: + description: JSON file format configuration. + properties: + compression: + description: 'Compression of the loaded JSON file. Possible + values: ["NO_COMPRESSION", "GZIP"].' + type: string + schemaFileFormat: + description: 'The schema file format along JSON data files. + Possible values: ["NO_SCHEMA_FILE", "AVRO_SCHEMA_FILE"].' + type: string + type: object + path: + description: Path inside the Cloud Storage bucket to write + data to. + type: string + type: object + required: + - destinationConnectionProfile + type: object + displayName: + description: Display name. + type: string + location: + description: Immutable. The name of the location this stream is located + in. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The streamId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceConfig: + description: Source connection profile configuration. + properties: + mysqlSourceConfig: + description: MySQL data source configuration. + properties: + excludeObjects: + description: MySQL objects to exclude from the stream. + properties: + mysqlDatabases: + description: MySQL databases on the server. + items: + properties: + database: + description: Database name. + type: string + mysqlTables: + description: Tables in the database. + items: + properties: + mysqlColumns: + description: MySQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + collation: + description: Column collation. + type: string + column: + description: Column name. + type: string + dataType: + description: |- + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + required: + - database + type: object + type: array + required: + - mysqlDatabases + type: object + includeObjects: + description: MySQL objects to retrieve from the source. + properties: + mysqlDatabases: + description: MySQL databases on the server. + items: + properties: + database: + description: Database name. + type: string + mysqlTables: + description: Tables in the database. + items: + properties: + mysqlColumns: + description: MySQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + collation: + description: Column collation. + type: string + column: + description: Column name. + type: string + dataType: + description: |- + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + required: + - database + type: object + type: array + required: + - mysqlDatabases + type: object + maxConcurrentBackfillTasks: + description: |- + Maximum number of concurrent backfill tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + type: integer + maxConcurrentCdcTasks: + description: |- + Maximum number of concurrent CDC tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + type: integer + type: object + oracleSourceConfig: + description: MySQL data source configuration. + properties: + dropLargeObjects: + description: Configuration to drop large object values. + type: object + x-kubernetes-preserve-unknown-fields: true + excludeObjects: + description: Oracle objects to exclude from the stream. + properties: + oracleSchemas: + description: Oracle schemas/databases in the database + server. + items: + properties: + oracleTables: + description: Tables in the database. + items: + properties: + oracleColumns: + description: Oracle columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html. + type: string + encoding: + description: Column encoding. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Schema name. + type: string + required: + - schema + type: object + type: array + required: + - oracleSchemas + type: object + includeObjects: + description: Oracle objects to retrieve from the source. + properties: + oracleSchemas: + description: Oracle schemas/databases in the database + server. + items: + properties: + oracleTables: + description: Tables in the database. + items: + properties: + oracleColumns: + description: Oracle columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html. + type: string + encoding: + description: Column encoding. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Schema name. + type: string + required: + - schema + type: object + type: array + required: + - oracleSchemas + type: object + maxConcurrentBackfillTasks: + description: |- + Maximum number of concurrent backfill tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + type: integer + maxConcurrentCdcTasks: + description: |- + Maximum number of concurrent CDC tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + type: integer + streamLargeObjects: + description: Configuration to drop large object values. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + postgresqlSourceConfig: + description: PostgreSQL data source configuration. + properties: + excludeObjects: + description: PostgreSQL objects to exclude from the stream. + properties: + postgresqlSchemas: + description: PostgreSQL schemas on the server. + items: + properties: + postgresqlTables: + description: Tables in the schema. + items: + properties: + postgresqlColumns: + description: PostgreSQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Database name. + type: string + required: + - schema + type: object + type: array + required: + - postgresqlSchemas + type: object + includeObjects: + description: PostgreSQL objects to retrieve from the source. + properties: + postgresqlSchemas: + description: PostgreSQL schemas on the server. + items: + properties: + postgresqlTables: + description: Tables in the schema. + items: + properties: + postgresqlColumns: + description: PostgreSQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Database name. + type: string + required: + - schema + type: object + type: array + required: + - postgresqlSchemas + type: object + maxConcurrentBackfillTasks: + description: |- + Maximum number of concurrent backfill tasks. The number should be non + negative. If not set (or set to 0), the system's default value will be used. + type: integer + publication: + description: |- + The name of the publication that includes the set of all tables + that are defined in the stream's include_objects. + type: string + replicationSlot: + description: |- + The name of the logical replication slot that's configured with + the pgoutput plugin. + type: string + required: + - publication + - replicationSlot + type: object + sourceConnectionProfile: + description: 'Immutable. Source connection profile resource. Format: + projects/{project}/locations/{location}/connectionProfiles/{name}.' + type: string + required: + - sourceConnectionProfile + type: object + required: + - destinationConfig + - displayName + - location + - projectRef + - sourceConfig + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The stream's name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The state of the stream. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: deploymentmanagerdeployments.deploymentmanager.cnrm.cloud.google.com +spec: + group: deploymentmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DeploymentManagerDeployment + plural: deploymentmanagerdeployments + shortNames: + - gcpdeploymentmanagerdeployment + - gcpdeploymentmanagerdeployments + singular: deploymentmanagerdeployment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + createPolicy: + description: |- + Immutable. Set the policy to use for creating new resources. Only used on + create and update. Valid values are 'CREATE_OR_ACQUIRE' (default) or + 'ACQUIRE'. If set to 'ACQUIRE' and resources do not already exist, + the deployment will fail. Note that updating this field does not + actually affect the deployment, just how it is updated. Default value: "CREATE_OR_ACQUIRE" Possible values: ["ACQUIRE", "CREATE_OR_ACQUIRE"]. + type: string + deletePolicy: + description: |- + Immutable. Set the policy to use for deleting new resources on update/delete. + Valid values are 'DELETE' (default) or 'ABANDON'. If 'DELETE', + resource is deleted after removal from Deployment Manager. If + 'ABANDON', the resource is only removed from Deployment Manager + and is not actually deleted. Note that updating this field does not + actually change the deployment, just how it is updated. Default value: "DELETE" Possible values: ["ABANDON", "DELETE"]. + type: string + description: + description: Optional user-provided description of deployment. + type: string + preview: + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + target: + description: |- + Parameters that define your deployment, including the deployment + configuration and relevant templates. + properties: + config: + description: The root configuration file to use for this deployment. + properties: + content: + description: The full YAML contents of your configuration + file. + type: string + required: + - content + type: object + imports: + description: |- + Specifies import files for this configuration. This can be + used to import templates or other files. For example, you might + import a text file in order to use the file in a template. + items: + properties: + content: + description: The full contents of the template that you + want to import. + type: string + name: + description: |- + The name of the template to import, as declared in the YAML + configuration. + type: string + type: object + type: array + required: + - config + type: object + required: + - projectRef + - target + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + deploymentId: + description: Unique identifier for deployment. Output only. + type: string + manifest: + description: |- + Output only. URL of the manifest representing the last manifest that + was successfully deployed. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server defined URL for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowagents.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowAgent + plural: dialogflowagents + shortNames: + - gcpdialogflowagent + - gcpdialogflowagents + singular: dialogflowagent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + apiVersion: + description: |- + API version displayed in Dialogflow console. If not specified, V2 API is assumed. Clients are free to query + different service endpoints for different API versions. However, bots connectors and webhook calls will follow + the specified API version. + * API_VERSION_V1: Legacy V1 API. + * API_VERSION_V2: V2 API. + * API_VERSION_V2_BETA_1: V2beta1 API. Possible values: ["API_VERSION_V1", "API_VERSION_V2", "API_VERSION_V2_BETA_1"]. + type: string + avatarUri: + description: |- + The URI of the agent's avatar, which are used throughout the Dialogflow console. When an image URL is entered + into this field, the Dialogflow will save the image in the backend. The address of the backend image returned + from the API will be shown in the [avatarUriBackend] field. + type: string + classificationThreshold: + description: |- + To filter out false positive results and still get variety in matched natural language inputs for your agent, + you can tune the machine learning classification threshold. If the returned score value is less than the threshold + value, then a fallback intent will be triggered or, if there are no fallback intents defined, no intent will be + triggered. The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the + default of 0.3 is used. + type: number + defaultLanguageCode: + description: |- + Immutable. The default language of the agent as a language tag. [See Language Support](https://cloud.google.com/dialogflow/docs/reference/language) + for a list of the currently supported language codes. This field cannot be updated after creation. + type: string + description: + description: The description of this agent. The maximum length is + 500 characters. If exceeded, the request is rejected. + type: string + displayName: + description: The name of this agent. + type: string + enableLogging: + description: Determines whether this agent should log conversation + queries. + type: boolean + matchMode: + description: |- + Determines how intents are detected from user queries. + * MATCH_MODE_HYBRID: Best for agents with a small number of examples in intents and/or wide use of templates + syntax and composite entities. + * MATCH_MODE_ML_ONLY: Can be used for agents with a large number of examples in intents, especially the ones + using @sys.any or very large developer entities. Possible values: ["MATCH_MODE_HYBRID", "MATCH_MODE_ML_ONLY"]. + type: string + resourceID: + description: Immutable. Optional. The project of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + supportedLanguageCodes: + description: The list of all languages supported by this agent (except + for the defaultLanguageCode). + items: + type: string + type: array + tier: + type: string + timeZone: + description: |- + The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, + Europe/Paris. + type: string + required: + - defaultLanguageCode + - displayName + - timeZone + type: object + status: + properties: + avatarUriBackend: + description: |- + The URI of the agent's avatar as returned from the API. Output only. To provide an image URL for the agent avatar, + the [avatarUri] field can be used. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxagents.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXAgent + plural: dialogflowcxagents + shortNames: + - gcpdialogflowcxagent + - gcpdialogflowcxagents + singular: dialogflowcxagent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + avatarUri: + description: The URI of the agent's avatar. Avatars are used throughout + the Dialogflow console and in the self-hosted Web Demo integration. + type: string + defaultLanguageCode: + description: |- + Immutable. The default language of the agent as a language tag. [See Language Support](https://cloud.google.com/dialogflow/cx/docs/reference/language) + for a list of the currently supported language codes. This field cannot be updated after creation. + type: string + description: + description: The description of this agent. The maximum length is + 500 characters. If exceeded, the request is rejected. + type: string + displayName: + description: The human-readable name of the agent, unique within the + location. + type: string + enableSpellCorrection: + description: Indicates if automatic spell correction is enabled in + detect intent requests. + type: boolean + enableStackdriverLogging: + description: Determines whether this agent should log conversation + queries. + type: boolean + location: + description: |- + Immutable. The name of the location this agent is located in. + + ~> **Note:** The first time you are deploying an Agent in your project you must configure location settings. + This is a one time step but at the moment you can only [configure location settings](https://cloud.google.com/dialogflow/cx/docs/concept/region#location-settings) via the Dialogflow CX console. + Another options is to use global location so you don't need to manually configure location settings. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + securitySettings: + description: 'Name of the SecuritySettings reference for the agent. + Format: projects//locations//securitySettings/.' + type: string + speechToTextSettings: + description: Settings related to speech recognition. + properties: + enableSpeechAdaptation: + description: Whether to use speech adaptation for speech recognition. + type: boolean + type: object + supportedLanguageCodes: + description: The list of all languages supported by this agent (except + for the default_language_code). + items: + type: string + type: array + timeZone: + description: |- + The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, + Europe/Paris. + type: string + required: + - defaultLanguageCode + - displayName + - location + - projectRef + - timeZone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The unique identifier of the agent. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + startFlow: + description: 'Name of the start flow in this agent. A start flow will + be automatically created when the agent is created, and can only + be deleted by deleting the agent. Format: projects//locations//agents//flows/.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxentitytypes.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXEntityType + plural: dialogflowcxentitytypes + shortNames: + - gcpdialogflowcxentitytype + - gcpdialogflowcxentitytypes + singular: dialogflowcxentitytype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoExpansionMode: + description: |- + Represents kinds of entities. + * AUTO_EXPANSION_MODE_UNSPECIFIED: Auto expansion disabled for the entity. + * AUTO_EXPANSION_MODE_DEFAULT: Allows an agent to recognize values that have not been explicitly listed in the entity. Possible values: ["AUTO_EXPANSION_MODE_DEFAULT", "AUTO_EXPANSION_MODE_UNSPECIFIED"]. + type: string + displayName: + description: The human-readable name of the entity type, unique within + the agent. + type: string + enableFuzzyExtraction: + description: Enables fuzzy entity extraction during classification. + type: boolean + entities: + description: The collection of entity entries associated with the + entity type. + items: + properties: + synonyms: + description: |- + A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym could be green onions. + For KIND_LIST entity types: This collection must contain exactly one synonym equal to value. + items: + type: string + type: array + value: + description: |- + The primary value associated with this entity entry. For example, if the entity type is vegetable, the value could be scallions. + For KIND_MAP entity types: A canonical value to be used in place of synonyms. + For KIND_LIST entity types: A string that can contain references to other entity types (with or without aliases). + type: string + type: object + type: array + excludedPhrases: + description: |- + Collection of exceptional words and phrases that shouldn't be matched. For example, if you have a size entity type with entry giant(an adjective), you might consider adding giants(a noun) as an exclusion. + If the kind of entity type is KIND_MAP, then the phrases specified by entities and excluded phrases should be mutually exclusive. + items: + properties: + value: + description: The word or phrase to be excluded. + type: string + type: object + type: array + kind: + description: |- + Indicates whether the entity type can be automatically expanded. + * KIND_MAP: Map entity types allow mapping of a group of synonyms to a canonical value. + * KIND_LIST: List entity types contain a set of entries that do not map to canonical values. However, list entity types can contain references to other entity types (with or without aliases). + * KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: ["KIND_MAP", "KIND_LIST", "KIND_REGEXP"]. + type: string + languageCode: + description: |- + Immutable. The language of the following fields in entityType: + EntityType.entities.value + EntityType.entities.synonyms + EntityType.excluded_phrases.value + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + parent: + description: |- + Immutable. The agent to create a entity type for. + Format: projects//locations//agents/. + type: string + redact: + description: Indicates whether parameters of the entity type should + be redacted in log. If redaction is enabled, page parameters and + intent parameters referring to the entity type will be replaced + by parameter name when logging. + type: boolean + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - entities + - kind + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the entity type. + Format: projects//locations//agents//entityTypes/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxflows.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXFlow + plural: dialogflowcxflows + shortNames: + - gcpdialogflowcxflow + - gcpdialogflowcxflows + singular: dialogflowcxflow + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the flow. The maximum length is 500 + characters. If exceeded, the request is rejected. + type: string + displayName: + description: The human-readable name of the flow. + type: string + eventHandlers: + description: |- + A flow's event handlers serve two purposes: + They are responsible for handling events (e.g. no match, webhook errors) in the flow. + They are inherited by every page's [event handlers][Page.event_handlers], which can be used to handle common events regardless of the current page. Event handlers defined in the page have higher priority than those defined in the flow. + Unlike transitionRoutes, these handlers are evaluated on a first-match basis. The first one that matches the event get executed, with the rest being ignored. + items: + properties: + event: + description: The name of the event to handle. + type: string + name: + description: The unique identifier of this event handler. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the event occurs. + Handling webhook errors with a fulfillment enabled with webhook + could cause infinite loop. It is invalid to specify such fulfillment + for a handler handling webhooks. + properties: + conditionalCases: + description: Conditional cases for this fulfillment. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema. + type: string + type: object + type: array + messages: + description: The list of rich message responses to present + to the user. + items: + properties: + channel: + description: The channel which the response is associated + with. Clients can specify the channel via QueryParameters.channel, + and only associated channel response will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded. + * In a webhook response when you determine that you handled the customer issue. + properties: + metadata: + description: Custom metadata. Dialogflow doesn't + impose any structure on this. + type: string + type: object + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation. + * In a webhook response when you determine that the customer issue can only be handled by a human. + properties: + metadata: + description: Custom metadata. Dialogflow doesn't + impose any structure on this. + type: string + type: object + outputAudioText: + description: A text or ssml response that is preferentially + used for TTS output audio synthesis, as described + in the comment on the ResponseMessage message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + ssml: + description: The SSML text to be synthesized. + For more information, see SSML. + type: string + text: + description: The raw text to be synthesized. + type: string + type: object + payload: + description: A custom, platform-specific payload. + type: string + playAudio: + description: Specifies an audio clip to be played + by the client as part of the response. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + audioUri: + description: URI of the audio clip. Dialogflow + does not impose any validation on this value. + It is specific to the client that reads it. + type: string + required: + - audioUri + type: object + telephonyTransferCall: + description: Represents the signal that telles the + client to transfer the phone call connected to the + agent to a third-party endpoint. + properties: + phoneNumber: + description: Transfer the call to a phone number + in E.164 format. + type: string + required: + - phoneNumber + type: object + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + setParameterActions: + description: Set parameter values before executing the webhook. + items: + properties: + parameter: + description: Display name of the parameter. + type: string + value: + description: The new JSON-encoded value of the parameter. + A null value clears the parameter. + type: string + type: object + type: array + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + languageCode: + description: |- + Immutable. The language of the following fields in flow: + Flow.event_handlers.trigger_fulfillment.messages + Flow.event_handlers.trigger_fulfillment.conditional_cases + Flow.transition_routes.trigger_fulfillment.messages + Flow.transition_routes.trigger_fulfillment.conditional_cases + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + nluSettings: + description: NLU related settings of the flow. + properties: + classificationThreshold: + description: |- + To filter out false positive results and still get variety in matched natural language inputs for your agent, you can tune the machine learning classification threshold. + If the returned score value is less than the threshold value, then a no-match event will be triggered. The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the default of 0.3 is used. + type: number + modelTrainingMode: + description: |- + Indicates NLU model training mode. + * MODEL_TRAINING_MODE_AUTOMATIC: NLU model training is automatically triggered when a flow gets modified. User can also manually trigger model training in this mode. + * MODEL_TRAINING_MODE_MANUAL: User needs to manually trigger NLU model training. Best for large flows whose models take long time to train. Possible values: ["MODEL_TRAINING_MODE_AUTOMATIC", "MODEL_TRAINING_MODE_MANUAL"]. + type: string + modelType: + description: |- + Indicates the type of NLU model. + * MODEL_TYPE_STANDARD: Use standard NLU model. + * MODEL_TYPE_ADVANCED: Use advanced NLU model. Possible values: ["MODEL_TYPE_STANDARD", "MODEL_TYPE_ADVANCED"]. + type: string + type: object + parent: + description: |- + Immutable. The agent to create a flow for. + Format: projects//locations//agents/. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + transitionRouteGroups: + description: |- + A flow's transition route group serve two purposes: + They are responsible for matching the user's first utterances in the flow. + They are inherited by every page's [transition route groups][Page.transition_route_groups]. Transition route groups defined in the page have higher priority than those defined in the flow. + Format:projects//locations//agents//flows//transitionRouteGroups/. + items: + type: string + type: array + transitionRoutes: + description: |- + A flow's transition routes serve two purposes: + They are responsible for matching the user's first utterances in the flow. + They are inherited by every page's [transition routes][Page.transition_routes] and can support use cases such as the user saying "help" or "can I talk to a human?", which can be handled in a common way regardless of the current page. Transition routes defined in the page have higher priority than those defined in the flow. + + TransitionRoutes are evalauted in the following order: + TransitionRoutes with intent specified. + TransitionRoutes with only condition specified. + TransitionRoutes with intent specified are inherited by pages in the flow. + items: + properties: + condition: + description: |- + The condition to evaluate against form parameters or session parameters. + At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + intent: + description: |- + The unique identifier of an Intent. + Format: projects//locations//agents//intents/. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + name: + description: The unique identifier of this transition route. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the condition is satisfied. + At least one of triggerFulfillment and target must be specified. + When both are defined, triggerFulfillment is executed first. + properties: + conditionalCases: + description: Conditional cases for this fulfillment. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema. + type: string + type: object + type: array + messages: + description: The list of rich message responses to present + to the user. + items: + properties: + channel: + description: The channel which the response is associated + with. Clients can specify the channel via QueryParameters.channel, + and only associated channel response will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded. + * In a webhook response when you determine that you handled the customer issue. + properties: + metadata: + description: Custom metadata. Dialogflow doesn't + impose any structure on this. + type: string + type: object + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation. + * In a webhook response when you determine that the customer issue can only be handled by a human. + properties: + metadata: + description: Custom metadata. Dialogflow doesn't + impose any structure on this. + type: string + type: object + outputAudioText: + description: A text or ssml response that is preferentially + used for TTS output audio synthesis, as described + in the comment on the ResponseMessage message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + ssml: + description: The SSML text to be synthesized. + For more information, see SSML. + type: string + text: + description: The raw text to be synthesized. + type: string + type: object + payload: + description: A custom, platform-specific payload. + type: string + playAudio: + description: Specifies an audio clip to be played + by the client as part of the response. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + audioUri: + description: URI of the audio clip. Dialogflow + does not impose any validation on this value. + It is specific to the client that reads it. + type: string + required: + - audioUri + type: object + telephonyTransferCall: + description: Represents the signal that telles the + client to transfer the phone call connected to the + agent to a third-party endpoint. + properties: + phoneNumber: + description: Transfer the call to a phone number + in E.164 format. + type: string + required: + - phoneNumber + type: object + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + setParameterActions: + description: Set parameter values before executing the webhook. + items: + properties: + parameter: + description: Display name of the parameter. + type: string + value: + description: The new JSON-encoded value of the parameter. + A null value clears the parameter. + type: string + type: object + type: array + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the flow. + Format: projects//locations//agents//flows/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxintents.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXIntent + plural: dialogflowcxintents + shortNames: + - gcpdialogflowcxintent + - gcpdialogflowcxintents + singular: dialogflowcxintent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: 'Human readable description for better understanding + an intent like its scope, content, result etc. Maximum character + limit: 140 characters.' + type: string + displayName: + description: The human-readable name of the intent, unique within + the agent. + type: string + isFallback: + description: |- + Indicates whether this is a fallback intent. Currently only default fallback intent is allowed in the agent, which is added upon agent creation. + Adding training phrases to fallback intent is useful in the case of requests that are mistakenly matched, since training phrases assigned to fallback intents act as negative examples that triggers no-match event. + type: boolean + languageCode: + description: |- + Immutable. The language of the following fields in intent: + Intent.training_phrases.parts.text + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + parameters: + description: The collection of parameters associated with the intent. + items: + properties: + entityType: + description: |- + The entity type of the parameter. + Format: projects/-/locations/-/agents/-/entityTypes/ for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects//locations//agents//entityTypes/ for developer entity types. + type: string + id: + description: The unique identifier of the parameter. This field + is used by training phrases to annotate their parts. + type: string + isList: + description: Indicates whether the parameter represents a list + of values. + type: boolean + redact: + description: |- + Indicates whether the parameter content should be redacted in log. If redaction is enabled, the parameter content will be replaced by parameter name during logging. + Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled. + type: boolean + required: + - entityType + - id + type: object + type: array + parent: + description: |- + Immutable. The agent to create an intent for. + Format: projects//locations//agents/. + type: string + priority: + description: |- + The priority of this intent. Higher numbers represent higher priorities. + If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds to the Normal priority in the console. + If the supplied value is negative, the intent is ignored in runtime detect intent requests. + type: integer + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + trainingPhrases: + description: The collection of training phrases the agent is trained + on to identify the intent. + items: + properties: + id: + description: The unique identifier of the training phrase. + type: string + parts: + description: |- + The ordered list of training phrase parts. The parts are concatenated in order to form the training phrase. + Note: The API does not automatically annotate training phrases like the Dialogflow Console does. + Note: Do not forget to include whitespace at part boundaries, so the training phrase is well formatted when the parts are concatenated. + If the training phrase does not need to be annotated with parameters, you just need a single part with only the Part.text field set. + If you want to annotate the training phrase, you must create multiple parts, where the fields of each part are populated in one of two ways: + Part.text is set to a part of the phrase that has no parameters. + Part.text is set to a part of the phrase that you want to annotate, and the parameterId field is set. + items: + properties: + parameterId: + description: The parameter used to annotate this part + of the training phrase. This field is required for annotated + parts of the training phrase. + type: string + text: + description: The text for this part. + type: string + required: + - text + type: object + type: array + repeatCount: + description: Indicates how many times this example was added + to the intent. + type: integer + required: + - parts + type: object + type: array + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the intent. + Format: projects//locations//agents//intents/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxpages.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXPage + plural: dialogflowcxpages + shortNames: + - gcpdialogflowcxpage + - gcpdialogflowcxpages + singular: dialogflowcxpage + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The human-readable name of the page, unique within the + agent. + type: string + entryFulfillment: + description: The fulfillment to call when the session is entering + the page. + properties: + conditionalCases: + description: Conditional cases for this fulfillment. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema. + type: string + type: object + type: array + messages: + description: The list of rich message responses to present to + the user. + items: + properties: + channel: + description: The channel which the response is associated + with. Clients can specify the channel via QueryParameters.channel, + and only associated channel response will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded. + * In a webhook response when you determine that you handled the customer issue. + properties: + metadata: + description: Custom metadata. Dialogflow doesn't impose + any structure on this. + type: string + type: object + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation. + * In a webhook response when you determine that the customer issue can only be handled by a human. + properties: + metadata: + description: Custom metadata. Dialogflow doesn't impose + any structure on this. + type: string + type: object + outputAudioText: + description: A text or ssml response that is preferentially + used for TTS output audio synthesis, as described in the + comment on the ResponseMessage message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message can + be interrupted by the end user's speech and the client + can then starts the next Dialogflow request. + type: boolean + ssml: + description: The SSML text to be synthesized. For more + information, see SSML. + type: string + text: + description: The raw text to be synthesized. + type: string + type: object + payload: + description: A custom, platform-specific payload. + type: string + playAudio: + description: Specifies an audio clip to be played by the + client as part of the response. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message can + be interrupted by the end user's speech and the client + can then starts the next Dialogflow request. + type: boolean + audioUri: + description: URI of the audio clip. Dialogflow does + not impose any validation on this value. It is specific + to the client that reads it. + type: string + required: + - audioUri + type: object + telephonyTransferCall: + description: Represents the signal that telles the client + to transfer the phone call connected to the agent to a + third-party endpoint. + properties: + phoneNumber: + description: Transfer the call to a phone number in + E.164 format. + type: string + required: + - phoneNumber + type: object + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message can + be interrupted by the end user's speech and the client + can then starts the next Dialogflow request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently queued + fulfillment response messages in streaming APIs. If a webhook + is specified, it happens before Dialogflow invokes webhook. + Warning: 1) This flag only affects streaming API. Responses + are still queued and returned once in non-streaming API. 2) + The flag can be enabled in any fulfillment but only the first + 3 partial responses will be returned. You may only want to apply + it to fulfillments that have slow webhooks.' + type: boolean + setParameterActions: + description: Set parameter values before executing the webhook. + items: + properties: + parameter: + description: Display name of the parameter. + type: string + value: + description: The new JSON-encoded value of the parameter. + A null value clears the parameter. + type: string + type: object + type: array + tag: + description: The tag used by the webhook to identify which fulfillment + is being called. This field is required if webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + eventHandlers: + description: Handlers associated with the page to handle events such + as webhook errors, no match or no input. + items: + properties: + event: + description: The name of the event to handle. + type: string + name: + description: The unique identifier of this event handler. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the event occurs. + Handling webhook errors with a fulfillment enabled with webhook + could cause infinite loop. It is invalid to specify such fulfillment + for a handler handling webhooks. + properties: + conditionalCases: + description: Conditional cases for this fulfillment. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema. + type: string + type: object + type: array + messages: + description: The list of rich message responses to present + to the user. + items: + properties: + channel: + description: The channel which the response is associated + with. Clients can specify the channel via QueryParameters.channel, + and only associated channel response will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded. + * In a webhook response when you determine that you handled the customer issue. + properties: + metadata: + description: Custom metadata. Dialogflow doesn't + impose any structure on this. + type: string + type: object + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation. + * In a webhook response when you determine that the customer issue can only be handled by a human. + properties: + metadata: + description: Custom metadata. Dialogflow doesn't + impose any structure on this. + type: string + type: object + outputAudioText: + description: A text or ssml response that is preferentially + used for TTS output audio synthesis, as described + in the comment on the ResponseMessage message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + ssml: + description: The SSML text to be synthesized. + For more information, see SSML. + type: string + text: + description: The raw text to be synthesized. + type: string + type: object + payload: + description: A custom, platform-specific payload. + type: string + playAudio: + description: Specifies an audio clip to be played + by the client as part of the response. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + audioUri: + description: URI of the audio clip. Dialogflow + does not impose any validation on this value. + It is specific to the client that reads it. + type: string + required: + - audioUri + type: object + telephonyTransferCall: + description: Represents the signal that telles the + client to transfer the phone call connected to the + agent to a third-party endpoint. + properties: + phoneNumber: + description: Transfer the call to a phone number + in E.164 format. + type: string + required: + - phoneNumber + type: object + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + setParameterActions: + description: Set parameter values before executing the webhook. + items: + properties: + parameter: + description: Display name of the parameter. + type: string + value: + description: The new JSON-encoded value of the parameter. + A null value clears the parameter. + type: string + type: object + type: array + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + form: + description: The form associated with the page, used for collecting + parameters relevant to the page. + properties: + parameters: + description: Parameters to collect from the user. + items: + properties: + defaultValue: + description: The default value of an optional parameter. + If the parameter is required, the default value will be + ignored. + type: string + displayName: + description: The human-readable name of the parameter, unique + within the form. + type: string + entityType: + description: |- + The entity type of the parameter. + Format: projects/-/locations/-/agents/-/entityTypes/ for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects//locations//agents//entityTypes/ for developer entity types. + type: string + fillBehavior: + description: Defines fill behavior for the parameter. + properties: + initialPromptFulfillment: + description: The fulfillment to provide the initial + prompt that the agent can present to the user in order + to fill the parameter. + properties: + conditionalCases: + description: Conditional cases for this fulfillment. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema. + type: string + type: object + type: array + messages: + description: The list of rich message responses + to present to the user. + items: + properties: + channel: + description: The channel which the response + is associated with. Clients can specify + the channel via QueryParameters.channel, + and only associated channel response will + be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded. + * In a webhook response when you determine that you handled the customer issue. + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on this. + type: string + type: object + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation. + * In a webhook response when you determine that the customer issue can only be handled by a human. + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on this. + type: string + type: object + outputAudioText: + description: A text or ssml response that + is preferentially used for TTS output audio + synthesis, as described in the comment on + the ResponseMessage message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this + message can be interrupted by the end + user's speech and the client can then + starts the next Dialogflow request. + type: boolean + ssml: + description: The SSML text to be synthesized. + For more information, see SSML. + type: string + text: + description: The raw text to be synthesized. + type: string + type: object + payload: + description: A custom, platform-specific payload. + type: string + playAudio: + description: Specifies an audio clip to be + played by the client as part of the response. + properties: + allowPlaybackInterruption: + description: Whether the playback of this + message can be interrupted by the end + user's speech and the client can then + starts the next Dialogflow request. + type: boolean + audioUri: + description: URI of the audio clip. Dialogflow + does not impose any validation on this + value. It is specific to the client + that reads it. + type: string + required: + - audioUri + type: object + telephonyTransferCall: + description: Represents the signal that telles + the client to transfer the phone call connected + to the agent to a third-party endpoint. + properties: + phoneNumber: + description: Transfer the call to a phone + number in E.164 format. + type: string + required: + - phoneNumber + type: object + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this + message can be interrupted by the end + user's speech and the client can then + starts the next Dialogflow request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming + APIs. If a webhook is specified, it happens before + Dialogflow invokes webhook. Warning: 1) This flag + only affects streaming API. Responses are still + queued and returned once in non-streaming API. + 2) The flag can be enabled in any fulfillment + but only the first 3 partial responses will be + returned. You may only want to apply it to fulfillments + that have slow webhooks.' + type: boolean + setParameterActions: + description: Set parameter values before executing + the webhook. + items: + properties: + parameter: + description: Display name of the parameter. + type: string + value: + description: The new JSON-encoded value of + the parameter. A null value clears the parameter. + type: string + type: object + type: array + tag: + description: The tag used by the webhook to identify + which fulfillment is being called. This field + is required if webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + repromptEventHandlers: + description: |- + The handlers for parameter-level events, used to provide reprompt for the parameter or transition to a different page/flow. The supported events are: + * sys.no-match-, where N can be from 1 to 6 + * sys.no-match-default + * sys.no-input-, where N can be from 1 to 6 + * sys.no-input-default + * sys.invalid-parameter + [initialPromptFulfillment][initialPromptFulfillment] provides the first prompt for the parameter. + If the user's response does not fill the parameter, a no-match/no-input event will be triggered, and the fulfillment associated with the sys.no-match-1/sys.no-input-1 handler (if defined) will be called to provide a prompt. The sys.no-match-2/sys.no-input-2 handler (if defined) will respond to the next no-match/no-input event, and so on. + A sys.no-match-default or sys.no-input-default handler will be used to handle all following no-match/no-input events after all numbered no-match/no-input handlers for the parameter are consumed. + A sys.invalid-parameter handler can be defined to handle the case where the parameter values have been invalidated by webhook. For example, if the user's response fill the parameter, however the parameter was invalidated by webhook, the fulfillment associated with the sys.invalid-parameter handler (if defined) will be called to provide a prompt. + If the event handler for the corresponding event can't be found on the parameter, initialPromptFulfillment will be re-prompted. + items: + properties: + event: + description: The name of the event to handle. + type: string + name: + description: The unique identifier of this event + handler. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the + event occurs. Handling webhook errors with a + fulfillment enabled with webhook could cause + infinite loop. It is invalid to specify such + fulfillment for a handler handling webhooks. + properties: + conditionalCases: + description: Conditional cases for this fulfillment. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema. + type: string + type: object + type: array + messages: + description: The list of rich message responses + to present to the user. + items: + properties: + channel: + description: The channel which the response + is associated with. Clients can specify + the channel via QueryParameters.channel, + and only associated channel response + will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded. + * In a webhook response when you determine that you handled the customer issue. + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on + this. + type: string + type: object + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation. + * In a webhook response when you determine that the customer issue can only be handled by a human. + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on + this. + type: string + type: object + outputAudioText: + description: A text or ssml response + that is preferentially used for TTS + output audio synthesis, as described + in the comment on the ResponseMessage + message. + properties: + allowPlaybackInterruption: + description: Whether the playback + of this message can be interrupted + by the end user's speech and the + client can then starts the next + Dialogflow request. + type: boolean + ssml: + description: The SSML text to be + synthesized. For more information, + see SSML. + type: string + text: + description: The raw text to be + synthesized. + type: string + type: object + payload: + description: A custom, platform-specific + payload. + type: string + playAudio: + description: Specifies an audio clip + to be played by the client as part + of the response. + properties: + allowPlaybackInterruption: + description: Whether the playback + of this message can be interrupted + by the end user's speech and the + client can then starts the next + Dialogflow request. + type: boolean + audioUri: + description: URI of the audio clip. + Dialogflow does not impose any + validation on this value. It is + specific to the client that reads + it. + type: string + required: + - audioUri + type: object + telephonyTransferCall: + description: Represents the signal that + telles the client to transfer the + phone call connected to the agent + to a third-party endpoint. + properties: + phoneNumber: + description: Transfer the call to + a phone number in E.164 format. + type: string + required: + - phoneNumber + type: object + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback + of this message can be interrupted + by the end user's speech and the + client can then starts the next + Dialogflow request. + type: boolean + text: + description: A collection of text + responses. + items: + type: string + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return + currently queued fulfillment response messages + in streaming APIs. If a webhook is specified, + it happens before Dialogflow invokes webhook. + Warning: 1) This flag only affects streaming + API. Responses are still queued and returned + once in non-streaming API. 2) The flag can + be enabled in any fulfillment but only the + first 3 partial responses will be returned. + You may only want to apply it to fulfillments + that have slow webhooks.' + type: boolean + setParameterActions: + description: Set parameter values before executing + the webhook. + items: + properties: + parameter: + description: Display name of the parameter. + type: string + value: + description: The new JSON-encoded value + of the parameter. A null value clears + the parameter. + type: string + type: object + type: array + tag: + description: The tag used by the webhook to + identify which fulfillment is being called. + This field is required if webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: + projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + type: object + isList: + description: Indicates whether the parameter represents + a list of values. + type: boolean + redact: + description: |- + Indicates whether the parameter content should be redacted in log. + If redaction is enabled, the parameter content will be replaced by parameter name during logging. Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled. + type: boolean + required: + description: |- + Indicates whether the parameter is required. Optional parameters will not trigger prompts; however, they are filled if the user specifies them. + Required parameters must be filled before form filling concludes. + type: boolean + type: object + type: array + type: object + languageCode: + description: |- + Immutable. The language of the following fields in page: + + Page.entry_fulfillment.messages + Page.entry_fulfillment.conditional_cases + Page.event_handlers.trigger_fulfillment.messages + Page.event_handlers.trigger_fulfillment.conditional_cases + Page.form.parameters.fill_behavior.initial_prompt_fulfillment.messages + Page.form.parameters.fill_behavior.initial_prompt_fulfillment.conditional_cases + Page.form.parameters.fill_behavior.reprompt_event_handlers.messages + Page.form.parameters.fill_behavior.reprompt_event_handlers.conditional_cases + Page.transition_routes.trigger_fulfillment.messages + Page.transition_routes.trigger_fulfillment.conditional_cases + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + parent: + description: |- + Immutable. The flow to create a page for. + Format: projects//locations//agents//flows/. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + transitionRouteGroups: + description: |- + Ordered list of TransitionRouteGroups associated with the page. Transition route groups must be unique within a page. + If multiple transition routes within a page scope refer to the same intent, then the precedence order is: page's transition route -> page's transition route group -> flow's transition routes. + If multiple transition route groups within a page contain the same intent, then the first group in the ordered list takes precedence. + Format:projects//locations//agents//flows//transitionRouteGroups/. + items: + type: string + type: array + transitionRoutes: + description: |- + A list of transitions for the transition rules of this page. They route the conversation to another page in the same flow, or another flow. + When we are in a certain page, the TransitionRoutes are evalauted in the following order: + TransitionRoutes defined in the page with intent specified. + TransitionRoutes defined in the transition route groups with intent specified. + TransitionRoutes defined in flow with intent specified. + TransitionRoutes defined in the transition route groups with intent specified. + TransitionRoutes defined in the page with only condition specified. + TransitionRoutes defined in the transition route groups with only condition specified. + items: + properties: + condition: + description: |- + The condition to evaluate against form parameters or session parameters. + At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + intent: + description: |- + The unique identifier of an Intent. + Format: projects//locations//agents//intents/. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + name: + description: The unique identifier of this transition route. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the condition is satisfied. + At least one of triggerFulfillment and target must be specified. + When both are defined, triggerFulfillment is executed first. + properties: + conditionalCases: + description: Conditional cases for this fulfillment. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema. + type: string + type: object + type: array + messages: + description: The list of rich message responses to present + to the user. + items: + properties: + channel: + description: The channel which the response is associated + with. Clients can specify the channel via QueryParameters.channel, + and only associated channel response will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded. + * In a webhook response when you determine that you handled the customer issue. + properties: + metadata: + description: Custom metadata. Dialogflow doesn't + impose any structure on this. + type: string + type: object + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation. + * In a webhook response when you determine that the customer issue can only be handled by a human. + properties: + metadata: + description: Custom metadata. Dialogflow doesn't + impose any structure on this. + type: string + type: object + outputAudioText: + description: A text or ssml response that is preferentially + used for TTS output audio synthesis, as described + in the comment on the ResponseMessage message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + ssml: + description: The SSML text to be synthesized. + For more information, see SSML. + type: string + text: + description: The raw text to be synthesized. + type: string + type: object + payload: + description: A custom, platform-specific payload. + type: string + playAudio: + description: Specifies an audio clip to be played + by the client as part of the response. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + audioUri: + description: URI of the audio clip. Dialogflow + does not impose any validation on this value. + It is specific to the client that reads it. + type: string + required: + - audioUri + type: object + telephonyTransferCall: + description: Represents the signal that telles the + client to transfer the phone call connected to the + agent to a third-party endpoint. + properties: + phoneNumber: + description: Transfer the call to a phone number + in E.164 format. + type: string + required: + - phoneNumber + type: object + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + setParameterActions: + description: Set parameter values before executing the webhook. + items: + properties: + parameter: + description: Display name of the parameter. + type: string + value: + description: The new JSON-encoded value of the parameter. + A null value clears the parameter. + type: string + type: object + type: array + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the page. + Format: projects//locations//agents//flows//pages/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxwebhooks.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXWebhook + plural: dialogflowcxwebhooks + shortNames: + - gcpdialogflowcxwebhook + - gcpdialogflowcxwebhooks + singular: dialogflowcxwebhook + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + disabled: + description: Indicates whether the webhook is disabled. + type: boolean + displayName: + description: The human-readable name of the webhook, unique within + the agent. + type: string + enableSpellCorrection: + description: Indicates if automatic spell correction is enabled in + detect intent requests. + type: boolean + enableStackdriverLogging: + description: Determines whether this agent should log conversation + queries. + type: boolean + genericWebService: + description: Configuration for a generic web service. + properties: + allowedCaCerts: + description: Specifies a list of allowed custom CA certificates + (in DER format) for HTTPS verification. + items: + type: string + type: array + requestHeaders: + additionalProperties: + type: string + description: Immutable. The HTTP request headers to send together + with webhook requests. + type: object + uri: + description: Whether to use speech adaptation for speech recognition. + type: string + required: + - uri + type: object + parent: + description: |- + Immutable. The agent to create a webhook for. + Format: projects//locations//agents/. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + securitySettings: + description: 'Name of the SecuritySettings reference for the agent. + Format: projects//locations//securitySettings/.' + type: string + serviceDirectory: + description: Configuration for a Service Directory service. + properties: + genericWebService: + description: The name of Service Directory service. + properties: + allowedCaCerts: + description: Specifies a list of allowed custom CA certificates + (in DER format) for HTTPS verification. + items: + type: string + type: array + requestHeaders: + additionalProperties: + type: string + description: Immutable. The HTTP request headers to send together + with webhook requests. + type: object + uri: + description: Whether to use speech adaptation for speech recognition. + type: string + required: + - uri + type: object + service: + description: The name of Service Directory service. + type: string + required: + - genericWebService + - service + type: object + timeout: + description: Webhook execution timeout. + type: string + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the webhook. + Format: projects//locations//agents//webhooks/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + startFlow: + description: 'Name of the start flow in this agent. A start flow will + be automatically created when the agent is created, and can only + be deleted by deleting the agent. Format: projects//locations//agents//flows/.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowentitytypes.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowEntityType + plural: dialogflowentitytypes + shortNames: + - gcpdialogflowentitytype + - gcpdialogflowentitytypes + singular: dialogflowentitytype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The name of this entity type to be displayed on the console. + type: string + enableFuzzyExtraction: + description: Enables fuzzy entity extraction during classification. + type: boolean + entities: + description: The collection of entity entries associated with the + entity type. + items: + properties: + synonyms: + description: |- + A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym + could be green onions. + For KIND_LIST entity types: + * This collection must contain exactly one synonym equal to value. + items: + type: string + type: array + value: + description: |- + The primary value associated with this entity entry. For example, if the entity type is vegetable, the value + could be scallions. + For KIND_MAP entity types: + * A reference value to be used in place of synonyms. + For KIND_LIST entity types: + * A string that can contain references to other entity types (with or without aliases). + type: string + required: + - synonyms + - value + type: object + type: array + kind: + description: |- + Indicates the kind of entity type. + * KIND_MAP: Map entity types allow mapping of a group of synonyms to a reference value. + * KIND_LIST: List entity types contain a set of entries that do not map to reference values. However, list entity + types can contain references to other entity types (with or without aliases). + * KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: ["KIND_MAP", "KIND_LIST", "KIND_REGEXP"]. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - kind + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the entity type. + Format: projects//agent/entityTypes/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowfulfillments.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowFulfillment + plural: dialogflowfulfillments + shortNames: + - gcpdialogflowfulfillment + - gcpdialogflowfulfillments + singular: dialogflowfulfillment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The human-readable name of the fulfillment, unique within + the agent. + type: string + enabled: + description: Whether fulfillment is enabled. + type: boolean + features: + description: The field defines whether the fulfillment is enabled + for certain features. + items: + properties: + type: + description: |- + The type of the feature that enabled for fulfillment. + * SMALLTALK: Fulfillment is enabled for SmallTalk. Possible values: ["SMALLTALK"]. + type: string + required: + - type + type: object + type: array + genericWebService: + description: 'Represents configuration for a generic web service. + Dialogflow supports two mechanisms for authentications: - Basic + authentication with username and password. - Authentication with + additional authentication headers.' + properties: + password: + description: The password for HTTP Basic authentication. + type: string + requestHeaders: + additionalProperties: + type: string + description: The HTTP request headers to send together with fulfillment + requests. + type: object + uri: + description: The fulfillment URI for receiving POST requests. + It must use https protocol. + type: string + username: + description: The user name for HTTP Basic authentication. + type: string + required: + - uri + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the fulfillment. + Format: projects//agent/fulfillment - projects//locations//agent/fulfillment. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowintents.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowIntent + plural: dialogflowintents + shortNames: + - gcpdialogflowintent + - gcpdialogflowintents + singular: dialogflowintent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: |- + The name of the action associated with the intent. + Note: The action name must not contain whitespaces. + type: string + defaultResponsePlatforms: + description: |- + The list of platforms for which the first responses will be copied from the messages in PLATFORM_UNSPECIFIED + (i.e. default platform). Possible values: ["FACEBOOK", "SLACK", "TELEGRAM", "KIK", "SKYPE", "LINE", "VIBER", "ACTIONS_ON_GOOGLE", "GOOGLE_HANGOUTS"]. + items: + type: string + type: array + displayName: + description: The name of this intent to be displayed on the console. + type: string + events: + description: |- + The collection of event names that trigger the intent. If the collection of input contexts is not empty, all of + the contexts must be present in the active user session for an event to trigger this intent. See the + [events reference](https://cloud.google.com/dialogflow/docs/events-overview) for more details. + items: + type: string + type: array + inputContextNames: + description: |- + The list of context names required for this intent to be triggered. + Format: projects//agent/sessions/-/contexts/. + items: + type: string + type: array + isFallback: + description: Indicates whether this is a fallback intent. + type: boolean + mlDisabled: + description: |- + Indicates whether Machine Learning is disabled for the intent. + Note: If mlDisabled setting is set to true, then this intent is not taken into account during inference in ML + ONLY match mode. Also, auto-markup in the UI is turned off. + type: boolean + parentFollowupIntentName: + description: |- + Immutable. The unique identifier of the parent intent in the chain of followup intents. + Format: projects//agent/intents/. + type: string + priority: + description: |- + The priority of this intent. Higher numbers represent higher priorities. + - If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds + to the Normal priority in the console. + - If the supplied value is negative, the intent is ignored in runtime detect intent requests. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resetContexts: + description: Indicates whether to delete all contexts in the current + session when this intent is matched. + type: boolean + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + webhookState: + description: |- + Indicates whether webhooks are enabled for the intent. + * WEBHOOK_STATE_ENABLED: Webhook is enabled in the agent and in the intent. + * WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING: Webhook is enabled in the agent and in the intent. Also, each slot + filling prompt is forwarded to the webhook. Possible values: ["WEBHOOK_STATE_ENABLED", "WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING"]. + type: string + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + followupIntentInfo: + description: |- + Information about all followup intents that have this intent as a direct or indirect parent. We populate this field + only in the output. + items: + properties: + followupIntentName: + description: |- + The unique identifier of the followup intent. + Format: projects//agent/intents/. + type: string + parentFollowupIntentName: + description: |- + The unique identifier of the followup intent's parent. + Format: projects//agent/intents/. + type: string + type: object + type: array + name: + description: |- + The unique identifier of this intent. + Format: projects//agent/intents/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + rootFollowupIntentName: + description: |- + The unique identifier of the root intent in the chain of followup intents. It identifies the correct followup + intents chain for this intent. + Format: projects//agent/intents/. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: discoveryenginedatastores.discoveryengine.cnrm.cloud.google.com +spec: + group: discoveryengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DiscoveryEngineDataStore + listKind: DiscoveryEngineDataStoreList + plural: discoveryenginedatastores + shortNames: + - gcpdiscoveryenginedatastore + - gcpdiscoveryenginedatastores + singular: discoveryenginedatastore + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DiscoveryEngineDataStore is the Schema for the DiscoveryEngineDataStore + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DiscoveryEngineDataStoreSpec defines the desired state of + DiscoveryEngineDataStore + properties: + collection: + description: Immutable. The collection for the DataStore. + type: string + x-kubernetes-validations: + - message: Collection field is immutable + rule: self == oldSelf + contentConfig: + description: Immutable. The content config of the data store. If this + field is unset, the server behavior defaults to [ContentConfig.NO_CONTENT][google.cloud.discoveryengine.v1.DataStore.ContentConfig.NO_CONTENT]. + type: string + displayName: + description: |- + Required. The data store display name. + + This field must be a UTF-8 encoded string with a length limit of 128 + characters. Otherwise, an INVALID_ARGUMENT error is returned. + type: string + industryVertical: + description: Immutable. The industry vertical that the data store + registers. + type: string + location: + description: Immutable. The location for the resource. + type: string + x-kubernetes-validations: + - message: Location field is immutable + rule: self == oldSelf + projectRef: + description: The ID of the project in which the resource belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: Immutable. The DiscoveryEngineDataStore name. If not + given, the metadata.name will be used. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + solutionTypes: + description: |- + The solutions that the data store enrolls. Available solutions for each + [industry_vertical][google.cloud.discoveryengine.v1.DataStore.industry_vertical]: + + * `MEDIA`: `SOLUTION_TYPE_RECOMMENDATION` and `SOLUTION_TYPE_SEARCH`. + * `SITE_SEARCH`: `SOLUTION_TYPE_SEARCH` is automatically enrolled. Other + solutions cannot be enrolled. + items: + type: string + type: array + workspaceConfig: + description: Config to store data store type configuration for workspace + data. This must be set when [DataStore.content_config][google.cloud.discoveryengine.v1.DataStore.content_config] + is set as [DataStore.ContentConfig.GOOGLE_WORKSPACE][google.cloud.discoveryengine.v1.DataStore.ContentConfig.GOOGLE_WORKSPACE]. + properties: + dasherCustomerID: + description: Obfuscated Dasher customer ID. + type: string + superAdminEmailAddress: + description: Optional. The super admin email address for the workspace + that will be used for access token generation. For now we only + use it for Native Google Drive connector data ingestion. + type: string + superAdminServiceAccount: + description: Optional. The super admin service account for the + workspace that will be used for access token generation. For + now we only use it for Native Google Drive connector data ingestion. + type: string + type: + description: The Google Workspace data source. + type: string + type: object + required: + - collection + - location + - projectRef + type: object + status: + description: DiscoveryEngineDataStoreStatus defines the config connector + machine state of DiscoveryEngineDataStore + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the DiscoveryEngineDataStore resource + in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + billingEstimation: + description: Output only. Data size estimation for billing. + properties: + structuredDataSize: + description: Data size for structured data in terms of bytes. + format: int64 + type: integer + structuredDataUpdateTime: + description: Last updated timestamp for structured data. + type: string + unstructuredDataSize: + description: Data size for unstructured data in terms of bytes. + format: int64 + type: integer + unstructuredDataUpdateTime: + description: Last updated timestamp for unstructured data. + type: string + websiteDataSize: + description: Data size for websites in terms of bytes. + format: int64 + type: integer + websiteDataUpdateTime: + description: Last updated timestamp for websites. + type: string + type: object + createTime: + description: Output only. Timestamp the [DataStore][google.cloud.discoveryengine.v1.DataStore] + was created at. + type: string + defaultSchemaID: + description: Output only. The id of the default [Schema][google.cloud.discoveryengine.v1.Schema] + associated to this data store. + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: discoveryengineengines.discoveryengine.cnrm.cloud.google.com +spec: + group: discoveryengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DiscoveryEngineEngine + listKind: DiscoveryEngineEngineList + plural: discoveryengineengines + shortNames: + - gcpdiscoveryengineengine + - gcpdiscoveryengineengines + singular: discoveryengineengine + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DiscoveryEngineEngine is the Schema for the DiscoveryEngineEngine + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DiscoveryEngineEngineSpec defines the desired state of DiscoveryEngineEngine + properties: + chatEngineConfig: + description: Configurations for the Chat Engine. Only applicable if + solution_type is SOLUTION_TYPE_CHAT. + properties: + agentCreationConfig: + description: |- + The configurationt generate the Dialogflow agent that is associated to + this Engine. + + Note that these configurations are one-time consumed by + and passed to Dialogflow service. It means they cannot be retrieved using + [EngineService.GetEngine][google.cloud.discoveryengine.v1.EngineService.GetEngine] + or + [EngineService.ListEngines][google.cloud.discoveryengine.v1.EngineService.ListEngines] + API after engine creation. + properties: + business: + description: Name of the company, organization or other entity + that the agent represents. Used for knowledge connector + LLM prompt and for knowledge search. + type: string + defaultLanguageCode: + description: Required. The default language of the agent as + a language tag. See [Language Support](https://cloud.google.com/dialogflow/docs/reference/language) + for a list of the currently supported language codes. + type: string + location: + description: 'Agent location for Agent creation, supported + values: global/us/eu. If not provided, us Engine will create + Agent using us-central-1 by default; eu Engine will create + Agent using eu-west-1 by default.' + type: string + timeZone: + description: Required. The time zone of the agent from the + [time zone database](https://www.iana.org/time-zones), e.g., + America/New_York, Europe/Paris. + type: string + type: object + dialogflowAgentToLink: + description: |- + The resource name of an exist Dialogflow agent to link to this Chat + Engine. Customers can either provide `agent_creation_config` to create + agent or provide an agent name that links the agent with the Chat engine. + + Format: `projects//locations//agents/`. + + Note that the `dialogflow_agent_to_link` are one-time consumed by and + passed to Dialogflow service. It means they cannot be retrieved using + [EngineService.GetEngine][google.cloud.discoveryengine.v1.EngineService.GetEngine] + or + [EngineService.ListEngines][google.cloud.discoveryengine.v1.EngineService.ListEngines] + API after engine creation. Use + [ChatEngineMetadata.dialogflow_agent][google.cloud.discoveryengine.v1.Engine.ChatEngineMetadata.dialogflow_agent] + for actual agent association after Engine is created. + type: string + type: object + collection: + description: Immutable. The collection for the Engine. + type: string + commonConfig: + description: Common config spec that specifies the metadata of the + engine. + properties: + companyName: + description: The name of the company, business or entity that + is associated with the engine. Setting this may help improve + LLM related features. + type: string + type: object + dataStoreRefs: + description: The data stores associated with this engine. For SOLUTION_TYPE_SEARCH + and SOLUTION_TYPE_RECOMMENDATION type of engines, they can only + associate with at most one data store. If solution_type is SOLUTION_TYPE_CHAT, + multiple DataStores in the same Collection can be associated here. + Note that when used in CreateEngineRequest, one DataStore must be + provided as the system will use it for necessary initializations. + items: + description: DiscoveryEngineDataStoreRef defines the resource reference + to DiscoveryEngineDataStore, which "External" field holds the + GCP identifier for the KRM object. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed DiscoveryEngineDataStore + resource. Should be in the format "projects//locations//datastores/". + type: string + name: + description: The name of a DiscoveryEngineDataStore resource. + type: string + namespace: + description: The namespace of a DiscoveryEngineDataStore resource. + type: string + type: object + type: array + disableAnalytics: + description: Optional. Whether to disable analytics for searches performed + on this engine. + type: boolean + displayName: + description: Required. The display name of the engine. Should be human + readable. UTF-8 encoded string with limit of 1024 characters. + type: string + industryVertical: + description: 'The industry vertical that the engine registers. The + restriction of the Engine industry vertical is based on DataStore: + If unspecified, default to `GENERIC`. Vertical on Engine has to + match vertical of the DataStore linked to the engine.' + type: string + location: + description: Immutable. Location of the resource. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: Immutable. The DiscoveryEngineChatEngine name. If not + given, the metadata.name will be used. + type: string + searchEngineConfig: + description: Configurations for the Search Engine. Only applicable + if solution_type is SOLUTION_TYPE_SEARCH. + properties: + searchAddOns: + description: The add-on that this search engine enables. + items: + type: string + type: array + searchTier: + description: |- + The search feature tier of this engine. + + Different tiers might have different + pricing. To learn more, check the pricing documentation. + + Defaults to + [SearchTier.SEARCH_TIER_STANDARD][google.cloud.discoveryengine.v1.SearchTier.SEARCH_TIER_STANDARD] + if not specified. + type: string + type: object + solutionType: + description: Required. The solutions of the engine. + type: string + required: + - collection + - displayName + - location + - projectRef + - solutionType + type: object + status: + description: DiscoveryEngineEngineStatus defines the config connector + machine state of DiscoveryEngineEngine + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the DiscoveryEngineEngine resource + in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpdeidentifytemplates.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPDeidentifyTemplate + plural: dlpdeidentifytemplates + shortNames: + - gcpdlpdeidentifytemplate + - gcpdlpdeidentifytemplates + singular: dlpdeidentifytemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - organizationRef + - required: + - projectRef + properties: + deidentifyConfig: + description: The core content of the template. + properties: + infoTypeTransformations: + description: Treat the dataset as free-form text and apply the + same free text transformation everywhere. + properties: + transformations: + description: Required. Transformation for each infoType. Cannot + specify more than one for a given infoType. + items: + properties: + infoTypes: + description: InfoTypes to apply the transformation to. + An empty list will cause this transformation to apply + to all findings that correspond to infoTypes that + were requested in `InspectConfig`. + items: + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType + names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + primitiveTransformation: + description: Required. Primitive transformation to apply + to the infoType. + properties: + bucketingConfig: + description: Bucketing + properties: + buckets: + description: Set of buckets. Ranges must be + non-overlapping. + items: + properties: + max: + description: Upper bound of the range, + exclusive; type must match min. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + min: + description: Lower bound of the range, + inclusive. Type should be the same as + max if used. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + replacementValue: + description: Required. Replacement value + for this bucket. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - replacementValue + type: object + type: array + type: object + characterMaskConfig: + description: Mask + properties: + charactersToIgnore: + description: When masking a string, items in + this list will be skipped when replacing characters. + For example, if the input string is `555-555-5555` + and you instruct Cloud DLP to skip `-` and + mask 5 characters with `*`, Cloud DLP returns + `***-**5-5555`. + items: + properties: + charactersToSkip: + description: Characters to not transform + when masking. + type: string + commonCharactersToIgnore: + description: 'Common characters to not + transform when masking. Useful to avoid + removing punctuation. Possible values: + COMMON_CHARS_TO_IGNORE_UNSPECIFIED, + NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE, + PUNCTUATION, WHITESPACE' + type: string + type: object + type: array + maskingCharacter: + description: Character to use to mask the sensitive + values—for example, `*` for an alphabetic + string such as a name, or `0` for a numeric + string such as ZIP code or credit card number. + This string must have a length of 1. If not + supplied, this value defaults to `*` for strings, + and `0` for digits. + type: string + numberToMask: + description: Number of characters to mask. If + not set, all matching chars will be masked. + Skipped characters do not count towards this + tally. + format: int64 + type: integer + reverseOrder: + description: Mask characters in reverse order. + For example, if `masking_character` is `0`, + `number_to_mask` is `14`, and `reverse_order` + is `false`, then the input string `1234-5678-9012-3456` + is masked as `00000000000000-3456`. If `masking_character` + is `*`, `number_to_mask` is `3`, and `reverse_order` + is `true`, then the string `12345` is masked + as `12***`. + type: boolean + type: object + cryptoDeterministicConfig: + description: Deterministic Crypto + properties: + context: + description: 'A context may be used for higher + security and maintaining referential integrity + such that the same identifier in two different + contexts will be given a distinct surrogate. + The context is appended to plaintext value + being encrypted. On decryption the provided + context is validated against the value used + during encryption. If a context was provided + during encryption, same context must be provided + during decryption as well. If the context + is not set, plaintext would be used as is + for encryption. If the context is set but: + 1. there is no record present when transforming + a given value or 2. the field is not present + when transforming a given value, plaintext + would be used as is for encryption. Note that + case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s.' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: The key used by the encryption + function. For deterministic encryption using + AES-SIV, the provided key is internally expanded + to 64 bytes prior to use. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + surrogateInfoType: + description: 'The custom info type to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom info type followed + by the number of characters comprising the + surrogate. The following scheme defines the + format: {info type name}({surrogate character + count}):{surrogate} For example, if the name + of custom info type is ''MY_TOKEN_INFO_TYPE'' + and the surrogate is ''abc'', the full replacement + value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' + This annotation identifies the surrogate when + inspecting content using the custom info type + ''Surrogate''. This facilitates reversal of + the surrogate when it occurs in free text. + Note: For record transformations where the + entire cell in a table is being transformed, + surrogates are not mandatory. Surrogates are + used to denote the location of the token and + are necessary for re-identification in free + form text. In order for inspection to work + properly, the name of this info type must + not occur naturally anywhere in your data; + otherwise, inspection may either - reverse + a surrogate that does not correspond to an + actual identifier - be unable to parse the + surrogate and result in an error Therefore, + choose your custom info type name carefully + after considering what your data looks like. + One way to select a name that has a high chance + of yielding reliable detection is to include + one or more unicode characters that are highly + improbable to exist in your data. For example, + assuming your data is entered from a regular + ASCII keyboard, the symbol with the hex code + point 29DD might be used like so: ⧝MY_TOKEN_TYPE.' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: object + cryptoHashConfig: + description: Crypto + properties: + cryptoKey: + description: The key used by the hash function. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + type: object + cryptoReplaceFfxFpeConfig: + description: Ffx-Fpe + properties: + commonAlphabet: + description: 'Common alphabets. Possible values: + FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC, + HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC' + type: string + context: + description: 'The ''tweak'', a context may be + used for higher security since the same identifier + in two different contexts won''t be given + the same surrogate. If the context is not + set, a default tweak will be used. If the + context is set but: 1. there is no record + present when transforming a given value or + 1. the field is not present when transforming + a given value, a default tweak will be used. + Note that case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s. Currently, the referenced + field may be of value type integer or string. + The tweak is constructed as a sequence of + bytes in big endian byte order such that: + - a 64 bit integer is encoded followed by + a single byte of value 1 - a string is encoded + in UTF-8 format followed by a single byte + of value 2' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Required. The key used by the encryption + algorithm. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + customAlphabet: + description: 'This is supported by mapping these + to the alphanumeric characters that the FFX + mode natively supports. This happens before/after + encryption/decryption. Each character listed + must appear only once. Number of characters + must be in the range [2, 95]. This must be + encoded as ASCII. The order of characters + does not matter. The full list of allowed + characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz + ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' + type: string + radix: + description: The native way to select the alphabet. + Must be in the range [2, 95]. + format: int64 + type: integer + surrogateInfoType: + description: 'The custom infoType to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom infoType followed by + the number of characters comprising the surrogate. + The following scheme defines the format: info_type_name(surrogate_character_count):surrogate + For example, if the name of custom infoType + is ''MY_TOKEN_INFO_TYPE'' and the surrogate + is ''abc'', the full replacement value will + be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation + identifies the surrogate when inspecting content + using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). + This facilitates reversal of the surrogate + when it occurs in free text. In order for + inspection to work properly, the name of this + infoType must not occur naturally anywhere + in your data; otherwise, inspection may find + a surrogate that does not correspond to an + actual identifier. Therefore, choose your + custom infoType name carefully after considering + what your data looks like. One way to select + a name that has a high chance of yielding + reliable detection is to include one or more + unicode characters that are highly improbable + to exist in your data. For example, assuming + your data is entered from a regular ASCII + keyboard, the symbol with the hex code point + 29DD might be used like so: ⧝MY_TOKEN_TYPE' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + required: + - cryptoKey + type: object + dateShiftConfig: + description: Date Shift + properties: + context: + description: Points to the field that contains + the context, for example, an entity id. If + set, must also set cryptoKey. If set, shift + will be consistent for the given context. + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Causes the shift to be computed + based on this key and the context. This results + in the same shift for the same context and + crypto_key. If set, must also set context. + Can only be applied to table items. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + lowerBoundDays: + description: Required. For example, -5 means + shift date to at most 5 days back in the past. + format: int64 + type: integer + upperBoundDays: + description: Required. Range of shift in days. + Actual shift will be selected at random within + this range (inclusive ends). Negative means + shift to earlier in time. Must not be more + than 365250 days (1000 years) each direction. + For example, 3 means shift date to at most + 3 days into the future. + format: int64 + type: integer + required: + - lowerBoundDays + - upperBoundDays + type: object + fixedSizeBucketingConfig: + description: Fixed size bucketing + properties: + bucketSize: + description: 'Required. Size of each bucket + (except for minimum and maximum buckets). + So if `lower_bound` = 10, `upper_bound` = + 89, and `bucket_size` = 10, then the following + buckets would be used: -10, 10-20, 20-30, + 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, + 89+. Precision up to 2 decimals works.' + format: double + type: number + lowerBound: + description: Required. Lower bound value of + buckets. All values less than `lower_bound` + are grouped together into a single bucket; + for example if `lower_bound` = 10, then all + values less than 10 are replaced with the + value "-10". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + upperBound: + description: Required. Upper bound value of + buckets. All values greater than upper_bound + are grouped together into a single bucket; + for example if `upper_bound` = 89, then all + values greater than 89 are replaced with the + value "89+". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - bucketSize + - lowerBound + - upperBound + type: object + redactConfig: + description: Redact + type: object + x-kubernetes-preserve-unknown-fields: true + replaceConfig: + description: Replace with a specified value. + properties: + newValue: + description: Value to replace it with. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + type: object + replaceWithInfoTypeConfig: + description: Replace with infotype + type: object + x-kubernetes-preserve-unknown-fields: true + timePartConfig: + description: Time extraction + properties: + partToExtract: + description: 'The part of the time to keep. + Possible values: TIME_PART_UNSPECIFIED, YEAR, + MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR, + HOUR_OF_DAY' + type: string + type: object + type: object + required: + - primitiveTransformation + type: object + type: array + required: + - transformations + type: object + recordTransformations: + description: Treat the dataset as structured. Transformations + can be applied to specific locations within structured datasets, + such as transforming a column within a table. + properties: + fieldTransformations: + description: Transform the record by applying various field + transformations. + items: + properties: + condition: + description: 'Only apply the transformation if the condition + evaluates to true for the given `RecordCondition`. + The conditions are allowed to reference fields that + are not used in the actual transformation. Example + Use Cases: - Apply a different bucket transformation + to an age column if the zip code column for the same + record is within a specific range. - Redact a field + if the date of birth field is greater than 85.' + properties: + expressions: + description: An expression. + properties: + conditions: + description: Conditions to apply to the expression. + properties: + conditions: + description: A collection of conditions. + items: + properties: + field: + description: Required. Field within + the record this condition is evaluated + against. + properties: + name: + description: Name describing the + field. + type: string + type: object + operator: + description: 'Required. Operator used + to compare the field or infoType + to the value. Possible values: LOGICAL_OPERATOR_UNSPECIFIED, + AND' + type: string + value: + description: Value to compare against. + [Mandatory, except for `EXISTS` + tests.] + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - field + - operator + type: object + type: array + type: object + logicalOperator: + description: 'The operator to apply to the result + of conditions. Default and currently only + supported value is `AND`. Possible values: + LOGICAL_OPERATOR_UNSPECIFIED, AND' + type: string + type: object + type: object + fields: + description: Required. Input field(s) to apply the transformation + to. When you have columns that reference their position + within a list, omit the index from the FieldId. FieldId + name matching ignores the index. For example, instead + of "contact.nums[0].type", use "contact.nums.type". + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + infoTypeTransformations: + description: Treat the contents of the field as free + text, and selectively transform content that matches + an `InfoType`. + properties: + transformations: + description: Required. Transformation for each infoType. + Cannot specify more than one for a given infoType. + items: + properties: + infoTypes: + description: InfoTypes to apply the transformation + to. An empty list will cause this transformation + to apply to all findings that correspond + to infoTypes that were requested in `InspectConfig`. + items: + properties: + name: + description: Name of the information + type. Either a name of your choosing + when creating a CustomInfoType, or + one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data + Catalog, infoType names should conform + to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + primitiveTransformation: + description: Required. Primitive transformation + to apply to the infoType. + properties: + bucketingConfig: + description: Bucketing + properties: + buckets: + description: Set of buckets. Ranges + must be non-overlapping. + items: + properties: + max: + description: Upper bound of + the range, exclusive; type + must match min. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of + a month. Must be from + 1 to 31 and valid + for the year and month, + or 0 to specify a + year by itself or + a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of + a year. Must be from + 1 to 12, or 0 to specify + a year without a month + and day. + format: int64 + type: integer + year: + description: Year of + the date. Must be + from 1 to 9999, or + 0 to specify a date + without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week + Possible values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of + day in 24 hour format. + Should be from 0 to + 23. An API may choose + to allow the value + "24:00:00" for scenarios + like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes + of hour of day. Must + be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions + of seconds in nanoseconds. + Must be from 0 to + 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds + of minutes of the + time. Must normally + be from 0 to 59. An + API may allow the + value 60 if it allows + leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + min: + description: Lower bound of + the range, inclusive. Type + should be the same as max + if used. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of + a month. Must be from + 1 to 31 and valid + for the year and month, + or 0 to specify a + year by itself or + a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of + a year. Must be from + 1 to 12, or 0 to specify + a year without a month + and day. + format: int64 + type: integer + year: + description: Year of + the date. Must be + from 1 to 9999, or + 0 to specify a date + without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week + Possible values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of + day in 24 hour format. + Should be from 0 to + 23. An API may choose + to allow the value + "24:00:00" for scenarios + like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes + of hour of day. Must + be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions + of seconds in nanoseconds. + Must be from 0 to + 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds + of minutes of the + time. Must normally + be from 0 to 59. An + API may allow the + value 60 if it allows + leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + replacementValue: + description: Required. Replacement + value for this bucket. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of + a month. Must be from + 1 to 31 and valid + for the year and month, + or 0 to specify a + year by itself or + a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of + a year. Must be from + 1 to 12, or 0 to specify + a year without a month + and day. + format: int64 + type: integer + year: + description: Year of + the date. Must be + from 1 to 9999, or + 0 to specify a date + without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week + Possible values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of + day in 24 hour format. + Should be from 0 to + 23. An API may choose + to allow the value + "24:00:00" for scenarios + like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes + of hour of day. Must + be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions + of seconds in nanoseconds. + Must be from 0 to + 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds + of minutes of the + time. Must normally + be from 0 to 59. An + API may allow the + value 60 if it allows + leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - replacementValue + type: object + type: array + type: object + characterMaskConfig: + description: Mask + properties: + charactersToIgnore: + description: When masking a string, + items in this list will be skipped + when replacing characters. For example, + if the input string is `555-555-5555` + and you instruct Cloud DLP to skip + `-` and mask 5 characters with `*`, + Cloud DLP returns `***-**5-5555`. + items: + properties: + charactersToSkip: + description: Characters to not + transform when masking. + type: string + commonCharactersToIgnore: + description: 'Common characters + to not transform when masking. + Useful to avoid removing punctuation. + Possible values: COMMON_CHARS_TO_IGNORE_UNSPECIFIED, + NUMERIC, ALPHA_UPPER_CASE, + ALPHA_LOWER_CASE, PUNCTUATION, + WHITESPACE' + type: string + type: object + type: array + maskingCharacter: + description: Character to use to mask + the sensitive values—for example, + `*` for an alphabetic string such + as a name, or `0` for a numeric + string such as ZIP code or credit + card number. This string must have + a length of 1. If not supplied, + this value defaults to `*` for strings, + and `0` for digits. + type: string + numberToMask: + description: Number of characters + to mask. If not set, all matching + chars will be masked. Skipped characters + do not count towards this tally. + format: int64 + type: integer + reverseOrder: + description: Mask characters in reverse + order. For example, if `masking_character` + is `0`, `number_to_mask` is `14`, + and `reverse_order` is `false`, + then the input string `1234-5678-9012-3456` + is masked as `00000000000000-3456`. + If `masking_character` is `*`, `number_to_mask` + is `3`, and `reverse_order` is `true`, + then the string `12345` is masked + as `12***`. + type: boolean + type: object + cryptoDeterministicConfig: + description: Deterministic Crypto + properties: + context: + description: 'A context may be used + for higher security and maintaining + referential integrity such that + the same identifier in two different + contexts will be given a distinct + surrogate. The context is appended + to plaintext value being encrypted. + On decryption the provided context + is validated against the value used + during encryption. If a context + was provided during encryption, + same context must be provided during + decryption as well. If the context + is not set, plaintext would be used + as is for encryption. If the context + is set but: 1. there is no record + present when transforming a given + value or 2. the field is not present + when transforming a given value, + plaintext would be used as is for + encryption. Note that case (1) is + expected when an `InfoTypeTransformation` + is applied to both structured and + non-structured `ContentItem`s.' + properties: + name: + description: Name describing the + field. + type: string + type: object + cryptoKey: + description: The key used by the encryption + function. For deterministic encryption + using AES-SIV, the provided key + is internally expanded to 64 bytes + prior to use. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + surrogateInfoType: + description: 'The custom info type + to annotate the surrogate with. + This annotation will be applied + to the surrogate by prefixing it + with the name of the custom info + type followed by the number of characters + comprising the surrogate. The following + scheme defines the format: {info + type name}({surrogate character + count}):{surrogate} For example, + if the name of custom info type + is ''MY_TOKEN_INFO_TYPE'' and the + surrogate is ''abc'', the full replacement + value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' + This annotation identifies the surrogate + when inspecting content using the + custom info type ''Surrogate''. + This facilitates reversal of the + surrogate when it occurs in free + text. Note: For record transformations + where the entire cell in a table + is being transformed, surrogates + are not mandatory. Surrogates are + used to denote the location of the + token and are necessary for re-identification + in free form text. In order for + inspection to work properly, the + name of this info type must not + occur naturally anywhere in your + data; otherwise, inspection may + either - reverse a surrogate that + does not correspond to an actual + identifier - be unable to parse + the surrogate and result in an error + Therefore, choose your custom info + type name carefully after considering + what your data looks like. One way + to select a name that has a high + chance of yielding reliable detection + is to include one or more unicode + characters that are highly improbable + to exist in your data. For example, + assuming your data is entered from + a regular ASCII keyboard, the symbol + with the hex code point 29DD might + be used like so: ⧝MY_TOKEN_TYPE.' + properties: + name: + description: Name of the information + type. Either a name of your + choosing when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: object + cryptoHashConfig: + description: Crypto + properties: + cryptoKey: + description: The key used by the hash + function. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + type: object + cryptoReplaceFfxFpeConfig: + description: Ffx-Fpe + properties: + commonAlphabet: + description: 'Common alphabets. Possible + values: FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, + NUMERIC, HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, + ALPHA_NUMERIC' + type: string + context: + description: 'The ''tweak'', a context + may be used for higher security + since the same identifier in two + different contexts won''t be given + the same surrogate. If the context + is not set, a default tweak will + be used. If the context is set but: + 1. there is no record present when + transforming a given value or 1. + the field is not present when transforming + a given value, a default tweak will + be used. Note that case (1) is expected + when an `InfoTypeTransformation` + is applied to both structured and + non-structured `ContentItem`s. Currently, + the referenced field may be of value + type integer or string. The tweak + is constructed as a sequence of + bytes in big endian byte order such + that: - a 64 bit integer is encoded + followed by a single byte of value + 1 - a string is encoded in UTF-8 + format followed by a single byte + of value 2' + properties: + name: + description: Name describing the + field. + type: string + type: object + cryptoKey: + description: Required. The key used + by the encryption algorithm. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + customAlphabet: + description: 'This is supported by + mapping these to the alphanumeric + characters that the FFX mode natively + supports. This happens before/after + encryption/decryption. Each character + listed must appear only once. Number + of characters must be in the range + [2, 95]. This must be encoded as + ASCII. The order of characters does + not matter. The full list of allowed + characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz + ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' + type: string + radix: + description: The native way to select + the alphabet. Must be in the range + [2, 95]. + format: int64 + type: integer + surrogateInfoType: + description: 'The custom infoType + to annotate the surrogate with. + This annotation will be applied + to the surrogate by prefixing it + with the name of the custom infoType + followed by the number of characters + comprising the surrogate. The following + scheme defines the format: info_type_name(surrogate_character_count):surrogate + For example, if the name of custom + infoType is ''MY_TOKEN_INFO_TYPE'' + and the surrogate is ''abc'', the + full replacement value will be: + ''MY_TOKEN_INFO_TYPE(3):abc'' This + annotation identifies the surrogate + when inspecting content using the + custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). + This facilitates reversal of the + surrogate when it occurs in free + text. In order for inspection to + work properly, the name of this + infoType must not occur naturally + anywhere in your data; otherwise, + inspection may find a surrogate + that does not correspond to an actual + identifier. Therefore, choose your + custom infoType name carefully after + considering what your data looks + like. One way to select a name that + has a high chance of yielding reliable + detection is to include one or more + unicode characters that are highly + improbable to exist in your data. + For example, assuming your data + is entered from a regular ASCII + keyboard, the symbol with the hex + code point 29DD might be used like + so: ⧝MY_TOKEN_TYPE' + properties: + name: + description: Name of the information + type. Either a name of your + choosing when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + required: + - cryptoKey + type: object + dateShiftConfig: + description: Date Shift + properties: + context: + description: Points to the field that + contains the context, for example, + an entity id. If set, must also + set cryptoKey. If set, shift will + be consistent for the given context. + properties: + name: + description: Name describing the + field. + type: string + type: object + cryptoKey: + description: Causes the shift to be + computed based on this key and the + context. This results in the same + shift for the same context and crypto_key. + If set, must also set context. Can + only be applied to table items. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + lowerBoundDays: + description: Required. For example, + -5 means shift date to at most 5 + days back in the past. + format: int64 + type: integer + upperBoundDays: + description: Required. Range of shift + in days. Actual shift will be selected + at random within this range (inclusive + ends). Negative means shift to earlier + in time. Must not be more than 365250 + days (1000 years) each direction. + For example, 3 means shift date + to at most 3 days into the future. + format: int64 + type: integer + required: + - lowerBoundDays + - upperBoundDays + type: object + fixedSizeBucketingConfig: + description: Fixed size bucketing + properties: + bucketSize: + description: 'Required. Size of each + bucket (except for minimum and maximum + buckets). So if `lower_bound` = + 10, `upper_bound` = 89, and `bucket_size` + = 10, then the following buckets + would be used: -10, 10-20, 20-30, + 30-40, 40-50, 50-60, 60-70, 70-80, + 80-89, 89+. Precision up to 2 decimals + works.' + format: double + type: number + lowerBound: + description: Required. Lower bound + value of buckets. All values less + than `lower_bound` are grouped together + into a single bucket; for example + if `lower_bound` = 10, then all + values less than 10 are replaced + with the value "-10". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + upperBound: + description: Required. Upper bound + value of buckets. All values greater + than upper_bound are grouped together + into a single bucket; for example + if `upper_bound` = 89, then all + values greater than 89 are replaced + with the value "89+". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - bucketSize + - lowerBound + - upperBound + type: object + redactConfig: + description: Redact + type: object + x-kubernetes-preserve-unknown-fields: true + replaceConfig: + description: Replace with a specified + value. + properties: + newValue: + description: Value to replace it with. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + type: object + replaceWithInfoTypeConfig: + description: Replace with infotype + type: object + x-kubernetes-preserve-unknown-fields: true + timePartConfig: + description: Time extraction + properties: + partToExtract: + description: 'The part of the time + to keep. Possible values: TIME_PART_UNSPECIFIED, + YEAR, MONTH, DAY_OF_MONTH, DAY_OF_WEEK, + WEEK_OF_YEAR, HOUR_OF_DAY' + type: string + type: object + type: object + required: + - primitiveTransformation + type: object + type: array + required: + - transformations + type: object + primitiveTransformation: + description: Apply the transformation to the entire + field. + properties: + bucketingConfig: + description: Bucketing + properties: + buckets: + description: Set of buckets. Ranges must be + non-overlapping. + items: + properties: + max: + description: Upper bound of the range, + exclusive; type must match min. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + min: + description: Lower bound of the range, + inclusive. Type should be the same as + max if used. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + replacementValue: + description: Required. Replacement value + for this bucket. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - replacementValue + type: object + type: array + type: object + characterMaskConfig: + description: Mask + properties: + charactersToIgnore: + description: When masking a string, items in + this list will be skipped when replacing characters. + For example, if the input string is `555-555-5555` + and you instruct Cloud DLP to skip `-` and + mask 5 characters with `*`, Cloud DLP returns + `***-**5-5555`. + items: + properties: + charactersToSkip: + description: Characters to not transform + when masking. + type: string + commonCharactersToIgnore: + description: 'Common characters to not + transform when masking. Useful to avoid + removing punctuation. Possible values: + COMMON_CHARS_TO_IGNORE_UNSPECIFIED, + NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE, + PUNCTUATION, WHITESPACE' + type: string + type: object + type: array + maskingCharacter: + description: Character to use to mask the sensitive + values—for example, `*` for an alphabetic + string such as a name, or `0` for a numeric + string such as ZIP code or credit card number. + This string must have a length of 1. If not + supplied, this value defaults to `*` for strings, + and `0` for digits. + type: string + numberToMask: + description: Number of characters to mask. If + not set, all matching chars will be masked. + Skipped characters do not count towards this + tally. + format: int64 + type: integer + reverseOrder: + description: Mask characters in reverse order. + For example, if `masking_character` is `0`, + `number_to_mask` is `14`, and `reverse_order` + is `false`, then the input string `1234-5678-9012-3456` + is masked as `00000000000000-3456`. If `masking_character` + is `*`, `number_to_mask` is `3`, and `reverse_order` + is `true`, then the string `12345` is masked + as `12***`. + type: boolean + type: object + cryptoDeterministicConfig: + description: Deterministic Crypto + properties: + context: + description: 'A context may be used for higher + security and maintaining referential integrity + such that the same identifier in two different + contexts will be given a distinct surrogate. + The context is appended to plaintext value + being encrypted. On decryption the provided + context is validated against the value used + during encryption. If a context was provided + during encryption, same context must be provided + during decryption as well. If the context + is not set, plaintext would be used as is + for encryption. If the context is set but: + 1. there is no record present when transforming + a given value or 2. the field is not present + when transforming a given value, plaintext + would be used as is for encryption. Note that + case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s.' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: The key used by the encryption + function. For deterministic encryption using + AES-SIV, the provided key is internally expanded + to 64 bytes prior to use. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + surrogateInfoType: + description: 'The custom info type to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom info type followed + by the number of characters comprising the + surrogate. The following scheme defines the + format: {info type name}({surrogate character + count}):{surrogate} For example, if the name + of custom info type is ''MY_TOKEN_INFO_TYPE'' + and the surrogate is ''abc'', the full replacement + value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' + This annotation identifies the surrogate when + inspecting content using the custom info type + ''Surrogate''. This facilitates reversal of + the surrogate when it occurs in free text. + Note: For record transformations where the + entire cell in a table is being transformed, + surrogates are not mandatory. Surrogates are + used to denote the location of the token and + are necessary for re-identification in free + form text. In order for inspection to work + properly, the name of this info type must + not occur naturally anywhere in your data; + otherwise, inspection may either - reverse + a surrogate that does not correspond to an + actual identifier - be unable to parse the + surrogate and result in an error Therefore, + choose your custom info type name carefully + after considering what your data looks like. + One way to select a name that has a high chance + of yielding reliable detection is to include + one or more unicode characters that are highly + improbable to exist in your data. For example, + assuming your data is entered from a regular + ASCII keyboard, the symbol with the hex code + point 29DD might be used like so: ⧝MY_TOKEN_TYPE.' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: object + cryptoHashConfig: + description: Crypto + properties: + cryptoKey: + description: The key used by the hash function. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + type: object + cryptoReplaceFfxFpeConfig: + description: Ffx-Fpe + properties: + commonAlphabet: + description: 'Common alphabets. Possible values: + FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC, + HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC' + type: string + context: + description: 'The ''tweak'', a context may be + used for higher security since the same identifier + in two different contexts won''t be given + the same surrogate. If the context is not + set, a default tweak will be used. If the + context is set but: 1. there is no record + present when transforming a given value or + 1. the field is not present when transforming + a given value, a default tweak will be used. + Note that case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s. Currently, the referenced + field may be of value type integer or string. + The tweak is constructed as a sequence of + bytes in big endian byte order such that: + - a 64 bit integer is encoded followed by + a single byte of value 1 - a string is encoded + in UTF-8 format followed by a single byte + of value 2' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Required. The key used by the encryption + algorithm. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + customAlphabet: + description: 'This is supported by mapping these + to the alphanumeric characters that the FFX + mode natively supports. This happens before/after + encryption/decryption. Each character listed + must appear only once. Number of characters + must be in the range [2, 95]. This must be + encoded as ASCII. The order of characters + does not matter. The full list of allowed + characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz + ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' + type: string + radix: + description: The native way to select the alphabet. + Must be in the range [2, 95]. + format: int64 + type: integer + surrogateInfoType: + description: 'The custom infoType to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom infoType followed by + the number of characters comprising the surrogate. + The following scheme defines the format: info_type_name(surrogate_character_count):surrogate + For example, if the name of custom infoType + is ''MY_TOKEN_INFO_TYPE'' and the surrogate + is ''abc'', the full replacement value will + be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation + identifies the surrogate when inspecting content + using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). + This facilitates reversal of the surrogate + when it occurs in free text. In order for + inspection to work properly, the name of this + infoType must not occur naturally anywhere + in your data; otherwise, inspection may find + a surrogate that does not correspond to an + actual identifier. Therefore, choose your + custom infoType name carefully after considering + what your data looks like. One way to select + a name that has a high chance of yielding + reliable detection is to include one or more + unicode characters that are highly improbable + to exist in your data. For example, assuming + your data is entered from a regular ASCII + keyboard, the symbol with the hex code point + 29DD might be used like so: ⧝MY_TOKEN_TYPE' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + required: + - cryptoKey + type: object + dateShiftConfig: + description: Date Shift + properties: + context: + description: Points to the field that contains + the context, for example, an entity id. If + set, must also set cryptoKey. If set, shift + will be consistent for the given context. + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Causes the shift to be computed + based on this key and the context. This results + in the same shift for the same context and + crypto_key. If set, must also set context. + Can only be applied to table items. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + lowerBoundDays: + description: Required. For example, -5 means + shift date to at most 5 days back in the past. + format: int64 + type: integer + upperBoundDays: + description: Required. Range of shift in days. + Actual shift will be selected at random within + this range (inclusive ends). Negative means + shift to earlier in time. Must not be more + than 365250 days (1000 years) each direction. + For example, 3 means shift date to at most + 3 days into the future. + format: int64 + type: integer + required: + - lowerBoundDays + - upperBoundDays + type: object + fixedSizeBucketingConfig: + description: Fixed size bucketing + properties: + bucketSize: + description: 'Required. Size of each bucket + (except for minimum and maximum buckets). + So if `lower_bound` = 10, `upper_bound` = + 89, and `bucket_size` = 10, then the following + buckets would be used: -10, 10-20, 20-30, + 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, + 89+. Precision up to 2 decimals works.' + format: double + type: number + lowerBound: + description: Required. Lower bound value of + buckets. All values less than `lower_bound` + are grouped together into a single bucket; + for example if `lower_bound` = 10, then all + values less than 10 are replaced with the + value "-10". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + upperBound: + description: Required. Upper bound value of + buckets. All values greater than upper_bound + are grouped together into a single bucket; + for example if `upper_bound` = 89, then all + values greater than 89 are replaced with the + value "89+". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - bucketSize + - lowerBound + - upperBound + type: object + redactConfig: + description: Redact + type: object + x-kubernetes-preserve-unknown-fields: true + replaceConfig: + description: Replace with a specified value. + properties: + newValue: + description: Value to replace it with. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + type: object + replaceWithInfoTypeConfig: + description: Replace with infotype + type: object + x-kubernetes-preserve-unknown-fields: true + timePartConfig: + description: Time extraction + properties: + partToExtract: + description: 'The part of the time to keep. + Possible values: TIME_PART_UNSPECIFIED, YEAR, + MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR, + HOUR_OF_DAY' + type: string + type: object + type: object + required: + - fields + type: object + type: array + recordSuppressions: + description: Configuration defining which records get suppressed + entirely. Records that match any suppression rule are omitted + from the output. + items: + properties: + condition: + description: A condition that when it evaluates to true + will result in the record being evaluated to be suppressed + from the transformed content. + properties: + expressions: + description: An expression. + properties: + conditions: + description: Conditions to apply to the expression. + properties: + conditions: + description: A collection of conditions. + items: + properties: + field: + description: Required. Field within + the record this condition is evaluated + against. + properties: + name: + description: Name describing the + field. + type: string + type: object + operator: + description: 'Required. Operator used + to compare the field or infoType + to the value. Possible values: LOGICAL_OPERATOR_UNSPECIFIED, + AND' + type: string + value: + description: Value to compare against. + [Mandatory, except for `EXISTS` + tests.] + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - field + - operator + type: object + type: array + type: object + logicalOperator: + description: 'The operator to apply to the result + of conditions. Default and currently only + supported value is `AND`. Possible values: + LOGICAL_OPERATOR_UNSPECIFIED, AND' + type: string + type: object + type: object + type: object + type: array + type: object + transformationErrorHandling: + description: Mode for handling transformation errors. If left + unspecified, the default mode is `TransformationErrorHandling.ThrowError`. + properties: + leaveUntransformed: + description: Ignore errors + type: object + x-kubernetes-preserve-unknown-fields: true + throwError: + description: Throw an error + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + description: + description: Short description (max 256 chars). + type: string + displayName: + description: Display name (max 256 chars). + type: string + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of an inspectTemplate. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of an inspectTemplate. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpinspecttemplates.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPInspectTemplate + plural: dlpinspecttemplates + shortNames: + - gcpdlpinspecttemplate + - gcpdlpinspecttemplates + singular: dlpinspecttemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - organizationRef + - required: + - projectRef + properties: + description: + description: Short description (max 256 chars). + type: string + displayName: + description: Display name (max 256 chars). + type: string + inspectConfig: + description: The core content of the template. Configuration of the + scanning process. + properties: + contentOptions: + description: List of options defining data content to scan. If + empty, text, images, and other content will be included. + items: + type: string + type: array + customInfoTypes: + description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes + to learn more. + items: + properties: + dictionary: + description: A list of phrases to detect as a CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in Cloud + Storage. Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path + (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases to search for. + properties: + words: + description: Words or phrases defining the dictionary. + The dictionary must contain at least one phrase + and every phrase must contain at least 2 characters + that are letters or digits. [required] + items: + type: string + type: array + type: object + type: object + exclusionType: + description: 'If set to EXCLUSION_TYPE_EXCLUDE this infoType + will not cause a finding to be returned. It still can + be used for rules matching. Possible values: EXCLUSION_TYPE_UNSPECIFIED, + EXCLUSION_TYPE_EXCLUDE' + type: string + infoType: + description: CustomInfoType can either be a new infoType, + or an extension of built-in infoType, when the name matches + one of existing infoTypes and that infoType is specified + in `InspectContent.info_types` field. Specifying the latter + adds findings to the one detected by the system. If built-in + info type is not specified in `InspectContent.info_types` + list then the name is treated as a custom info type. + properties: + name: + description: Name of the information type. Either a + name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + likelihood: + description: 'Likelihood to return for this CustomInfoType. + This base value can be altered by a detection rule if + the finding meets the criteria specified by the rule. + Defaults to `VERY_LIKELY` if not specified. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, + LIKELY, VERY_LIKELY' + type: string + regex: + description: Regular expression based CustomInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract as + findings. When not specified, the entire match is + returned. No more than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. + Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository on GitHub. + type: string + type: object + storedType: + description: Load an existing `StoredInfoType` resource + for use in `InspectDataSource`. Not currently supported + in `InspectContent`. + properties: + createTime: + description: Timestamp indicating when the version of + the `StoredInfoType` used for inspection was created. + Output-only field, populated by the system. + format: date-time + type: string + nameRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. + + Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + surrogateType: + description: Message for detecting output from deidentification + transformations that support reversing. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + excludeInfoTypes: + description: When true, excludes type information of the findings. + type: boolean + includeQuote: + description: When true, a contextual quote from the data that + triggered a finding is included in the response; see Finding.quote. + type: boolean + infoTypes: + description: Restricts what info_types to look for. The values + must correspond to InfoType values returned by ListInfoTypes + or listed at https://cloud.google.com/dlp/docs/infotypes-reference. + When no InfoTypes or CustomInfoTypes are specified in a request, + the system may automatically choose what detectors to run. By + default this may be all types, but may change over time as detectors + are updated. If you need precise control and predictability + as to what detectors are run you should specify specific InfoTypes + listed in the reference, otherwise a default list will be used, + which may change over time. + items: + properties: + name: + description: Name of the information type. Either a name + of your choosing when creating a CustomInfoType, or one + of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud DLP + results to Data Catalog, infoType names should conform + to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + limits: + description: Configuration to control the number of findings returned. + properties: + maxFindingsPerInfoType: + description: Configuration of findings limit given for specified + infoTypes. + items: + properties: + infoType: + description: Type of information the findings limit + applies to. Only one limit per info_type should be + provided. If InfoTypeLimit does not have an info_type, + the DLP API applies the limit against all info_types + that are found but not specified in another InfoTypeLimit. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType names + should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + maxFindings: + description: Max findings limit for the given infoType. + format: int64 + type: integer + type: object + type: array + maxFindingsPerItem: + description: Max number of findings that will be returned + for each item scanned. When set within `InspectJobConfig`, + the maximum returned is 2000 regardless if this is set higher. + When set within `InspectContentRequest`, this field is ignored. + format: int64 + type: integer + maxFindingsPerRequest: + description: Max number of findings that will be returned + per request/job. When set within `InspectContentRequest`, + the maximum returned is 2000 regardless if this is set higher. + format: int64 + type: integer + type: object + minLikelihood: + description: 'Only returns findings equal or above this threshold. + The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood + to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + ruleSet: + description: Set of rules to apply to the findings for this InspectConfig. + Exclusion rules, contained in the set are executed in the end, + other rules are executed in the order they are specified for + each info type. + items: + properties: + infoTypes: + description: List of infoTypes this rule set is applied + to. + items: + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + rules: + description: Set of rules to be applied to infoTypes. The + rules are applied in order. + items: + properties: + exclusionRule: + description: Exclusion rule. + properties: + dictionary: + description: Dictionary which defines the rule. + properties: + cloudStoragePath: + description: Newline-delimited file of words + in Cloud Storage. Only a single file is + accepted. + properties: + path: + description: 'A url representing a file + or path (no wildcards) in Cloud Storage. + Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases to search + for. + properties: + words: + description: Words or phrases defining + the dictionary. The dictionary must + contain at least one phrase and every + phrase must contain at least 2 characters + that are letters or digits. [required] + items: + type: string + type: array + type: object + type: object + excludeInfoTypes: + description: Set of infoTypes for which findings + would affect this rule. + properties: + infoTypes: + description: InfoType list in ExclusionRule + rule drops a finding when it overlaps or + contained within with a finding of an infoType + from this list. For example, for `InspectionRuleSet.info_types` + containing "PHONE_NUMBER"` and `exclusion_rule` + containing `exclude_info_types.info_types` + with "EMAIL_ADDRESS" the phone number findings + are dropped if they overlap with EMAIL_ADDRESS + finding. That leads to "555-222-2222@example.org" + to generate only a single finding, namely + email address. + items: + properties: + name: + description: Name of the information + type. Either a name of your choosing + when creating a CustomInfoType, or + one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data + Catalog, infoType names should conform + to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + type: object + matchingType: + description: 'How the rule is applied, see MatchingType + documentation for details. Possible values: + MATCHING_TYPE_UNSPECIFIED, MATCHING_TYPE_FULL_MATCH, + MATCHING_TYPE_PARTIAL_MATCH, MATCHING_TYPE_INVERSE_MATCH' + type: string + regex: + description: Regular expression which defines + the rule. + properties: + groupIndexes: + description: The index of the submatch to + extract as findings. When not specified, + the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + type: object + hotwordRule: + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch to + extract as findings. When not specified, + the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply to + all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a finding + to a fixed value. Possible values: LIKELIHOOD_UNSPECIFIED, + VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, + VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the likelihood + by the specified number of levels. For example, + if a finding would be `POSSIBLE` without + the detection rule and `relative_likelihood` + is 1, then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to `UNLIKELY`. + Likelihood may never drop below `VERY_UNLIKELY` + or exceed `VERY_LIKELY`, so applying an + adjustment of 1 followed by an adjustment + of -1 when base likelihood is `VERY_LIKELY` + will result in a final likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within which + the entire hotword must reside. The total length + of the window cannot exceed 1000 characters. + Note that the finding itself will be included + in the window, so that hotwords may be used + to match substrings of the finding itself. For + example, the certainty of a phone number regex + "(d{3}) d{3}-d{4}" could be adjusted upwards + if the area code is known to be the local area + code of a company office using the hotword regex + "(xxx)", where "xxx" is the area code in question. + properties: + windowAfter: + description: Number of characters after the + finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before the + finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + type: object + type: array + type: object + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of an inspectTemplate. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of an inspectTemplate. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpjobtriggers.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPJobTrigger + plural: dlpjobtriggers + shortNames: + - gcpdlpjobtrigger + - gcpdlpjobtriggers + singular: dlpjobtrigger + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: User provided description (max 256 chars) + type: string + displayName: + description: Display name (max 100 chars) + type: string + inspectJob: + description: For inspect jobs, a snapshot of the configuration. + properties: + actions: + description: Actions to execute at the completion of the job. + items: + properties: + jobNotificationEmails: + description: Enable email notification for project owners + and editors on job's completion/failure. + type: object + x-kubernetes-preserve-unknown-fields: true + pubSub: + description: Publish a notification to a pubsub topic. + properties: + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Cloud Pub/Sub topic to send notifications to. The topic must have given publishing access rights to the DLP API service account executing the long running DlpJob sending the notifications. Format is projects/{project}/topics/{topic}. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + publishFindingsToCloudDataCatalog: + description: Publish findings to Cloud Datahub. + type: object + x-kubernetes-preserve-unknown-fields: true + publishSummaryToCscc: + description: Publish summary to Cloud Security Command Center + (Alpha). + type: object + x-kubernetes-preserve-unknown-fields: true + publishToStackdriver: + description: Enable Stackdriver metric dlp.googleapis.com/finding_count. + type: object + x-kubernetes-preserve-unknown-fields: true + saveFindings: + description: Save resulting findings in a provided location. + properties: + outputConfig: + description: Location to store findings outside of DLP. + properties: + dlpStorage: + description: Store findings directly to DLP. If + neither this or bigquery is chosen only summary + stats of total infotype count will be stored. + Quotes will not be stored to dlp findings. If + quotes are needed, store to BigQuery. Currently + only for inspect jobs. + type: object + x-kubernetes-preserve-unknown-fields: true + outputSchema: + description: 'Schema used for writing the findings + for Inspect jobs. This field is only used for + Inspect and must be unspecified for Risk jobs. + Columns are derived from the `Finding` object. + If appending to an existing table, any columns + from the predefined schema that are missing will + be added. No columns in the existing table will + be deleted. If unspecified, then all available + columns will be used for a new table or an (existing) + table with no schema, and no changes will be made + to an existing table that has a schema. Only for + use with external storage. Possible values: OUTPUT_SCHEMA_UNSPECIFIED, + BASIC_COLUMNS, GCS_COLUMNS, DATASTORE_COLUMNS, + BIG_QUERY_COLUMNS, ALL_COLUMNS' + type: string + table: + description: 'Store findings in an existing table + or a new table in an existing dataset. If table_id + is not set a new one will be generated for you + with the following format: dlp_googleapis_yyyy_mm_dd_[dlp_job_id]. + Pacific timezone will be used for generating the + date details. For Inspect, each column in an existing + output table must have the same name, type, and + mode of a field in the `Finding` object. For Risk, + an existing output table should be the output + of a previous Risk analysis job run on the same + source table, with the same privacy metric and + quasi-identifiers. Risk jobs that analyze the + same table but compute a different privacy metric, + or use different sets of quasi-identifiers, cannot + store their results in the same table.' + properties: + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + type: object + type: object + type: array + inspectConfig: + description: How and what to scan for. + properties: + customInfoTypes: + description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes + to learn more. + items: + properties: + detectionRules: + description: Set of detection rules to apply to all + findings of this CustomInfoType. Rules are applied + in order that they are specified. Not supported for + the `surrogate_type` CustomInfoType. + items: + properties: + hotwordRule: + description: Hotword-based detection rule. + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply + to all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a + finding to a fixed value. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the + likelihood by the specified number of + levels. For example, if a finding would + be `POSSIBLE` without the detection + rule and `relative_likelihood` is 1, + then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to + `UNLIKELY`. Likelihood may never drop + below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, + so applying an adjustment of 1 followed + by an adjustment of -1 when base likelihood + is `VERY_LIKELY` will result in a final + likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within + which the entire hotword must reside. The + total length of the window cannot exceed + 1000 characters. Note that the finding itself + will be included in the window, so that + hotwords may be used to match substrings + of the finding itself. For example, the + certainty of a phone number regex "(d{3}) + d{3}-d{4}" could be adjusted upwards if + the area code is known to be the local area + code of a company office using the hotword + regex "(xxx)", where "xxx" is the area code + in question. + properties: + windowAfter: + description: Number of characters after + the finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before + the finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + dictionary: + description: A list of phrases to detect as a CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in + Cloud Storage. Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path + (no wildcards) in Cloud Storage. Example: + gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases to search + for. + properties: + words: + description: Words or phrases defining the dictionary. + The dictionary must contain at least one phrase + and every phrase must contain at least 2 characters + that are letters or digits. [required] + items: + type: string + type: array + type: object + type: object + exclusionType: + description: 'If set to EXCLUSION_TYPE_EXCLUDE this + infoType will not cause a finding to be returned. + It still can be used for rules matching. Possible + values: EXCLUSION_TYPE_UNSPECIFIED, EXCLUSION_TYPE_EXCLUDE' + type: string + infoType: + description: CustomInfoType can either be a new infoType, + or an extension of built-in infoType, when the name + matches one of existing infoTypes and that infoType + is specified in `InspectContent.info_types` field. + Specifying the latter adds findings to the one detected + by the system. If built-in info type is not specified + in `InspectContent.info_types` list then the name + is treated as a custom info type. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType names + should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this InfoType. + type: string + type: object + likelihood: + description: 'Likelihood to return for this CustomInfoType. + This base value can be altered by a detection rule + if the finding meets the criteria specified by the + rule. Defaults to `VERY_LIKELY` if not specified. + Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + regex: + description: Regular expression based CustomInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract + as findings. When not specified, the entire match + is returned. No more than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. + Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository on + GitHub. + type: string + type: object + storedType: + description: Load an existing `StoredInfoType` resource + for use in `InspectDataSource`. Not currently supported + in `InspectContent`. + properties: + createTime: + description: Timestamp indicating when the version + of the `StoredInfoType` used for inspection was + created. Output-only field, populated by the system. + format: date-time + type: string + nameRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. + + Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + surrogateType: + description: Message for detecting output from deidentification + transformations that support reversing. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + excludeInfoTypes: + description: When true, excludes type information of the findings. + This is not used for data profiling. + type: boolean + includeQuote: + description: When true, a contextual quote from the data that + triggered a finding is included in the response; see Finding.quote. + This is not used for data profiling. + type: boolean + infoTypes: + description: Restricts what info_types to look for. The values + must correspond to InfoType values returned by ListInfoTypes + or listed at https://cloud.google.com/dlp/docs/infotypes-reference. + When no InfoTypes or CustomInfoTypes are specified in a + request, the system may automatically choose what detectors + to run. By default this may be all types, but may change + over time as detectors are updated. If you need precise + control and predictability as to what detectors are run + you should specify specific InfoTypes listed in the reference, + otherwise a default list will be used, which may change + over time. + items: + properties: + name: + description: Name of the information type. Either a + name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + limits: + description: Configuration to control the number of findings + returned. This is not used for data profiling. + properties: + maxFindingsPerInfoType: + description: Configuration of findings limit given for + specified infoTypes. + items: + properties: + infoType: + description: Type of information the findings limit + applies to. Only one limit per info_type should + be provided. If InfoTypeLimit does not have an + info_type, the DLP API applies the limit against + all info_types that are found but not specified + in another InfoTypeLimit. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType + names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this + InfoType. + type: string + type: object + maxFindings: + description: Max findings limit for the given infoType. + format: int64 + type: integer + type: object + type: array + maxFindingsPerItem: + description: Max number of findings that will be returned + for each item scanned. When set within `InspectJobConfig`, + the maximum returned is 2000 regardless if this is set + higher. When set within `InspectContentRequest`, this + field is ignored. + format: int64 + type: integer + maxFindingsPerRequest: + description: Max number of findings that will be returned + per request/job. When set within `InspectContentRequest`, + the maximum returned is 2000 regardless if this is set + higher. + format: int64 + type: integer + type: object + minLikelihood: + description: 'Only returns findings equal or above this threshold. + The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood + to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, + VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + ruleSet: + description: Set of rules to apply to the findings for this + InspectConfig. Exclusion rules, contained in the set are + executed in the end, other rules are executed in the order + they are specified for each info type. + items: + properties: + infoTypes: + description: List of infoTypes this rule set is applied + to. + items: + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType + names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this InfoType. + type: string + type: object + type: array + rules: + description: Set of rules to be applied to infoTypes. + The rules are applied in order. + items: + properties: + exclusionRule: + description: Exclusion rule. + properties: + dictionary: + description: Dictionary which defines the + rule. + properties: + cloudStoragePath: + description: Newline-delimited file of + words in Cloud Storage. Only a single + file is accepted. + properties: + path: + description: 'A url representing a + file or path (no wildcards) in Cloud + Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases + to search for. + properties: + words: + description: Words or phrases defining + the dictionary. The dictionary must + contain at least one phrase and + every phrase must contain at least + 2 characters that are letters or + digits. [required] + items: + type: string + type: array + type: object + type: object + excludeInfoTypes: + description: Set of infoTypes for which findings + would affect this rule. + properties: + infoTypes: + description: InfoType list in ExclusionRule + rule drops a finding when it overlaps + or contained within with a finding of + an infoType from this list. For example, + for `InspectionRuleSet.info_types` containing + "PHONE_NUMBER"` and `exclusion_rule` + containing `exclude_info_types.info_types` + with "EMAIL_ADDRESS" the phone number + findings are dropped if they overlap + with EMAIL_ADDRESS finding. That leads + to "555-222-2222@example.org" to generate + only a single finding, namely email + address. + items: + properties: + name: + description: Name of the information + type. Either a name of your choosing + when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name + for this InfoType. + type: string + type: object + type: array + type: object + matchingType: + description: 'How the rule is applied, see + MatchingType documentation for details. + Possible values: MATCHING_TYPE_UNSPECIFIED, + MATCHING_TYPE_FULL_MATCH, MATCHING_TYPE_PARTIAL_MATCH, + MATCHING_TYPE_INVERSE_MATCH' + type: string + regex: + description: Regular expression which defines + the rule. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + type: object + hotwordRule: + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply + to all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a + finding to a fixed value. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the + likelihood by the specified number of + levels. For example, if a finding would + be `POSSIBLE` without the detection + rule and `relative_likelihood` is 1, + then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to + `UNLIKELY`. Likelihood may never drop + below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, + so applying an adjustment of 1 followed + by an adjustment of -1 when base likelihood + is `VERY_LIKELY` will result in a final + likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within + which the entire hotword must reside. The + total length of the window cannot exceed + 1000 characters. Note that the finding itself + will be included in the window, so that + hotwords may be used to match substrings + of the finding itself. For example, the + certainty of a phone number regex "(d{3}) + d{3}-d{4}" could be adjusted upwards if + the area code is known to be the local area + code of a company office using the hotword + regex "(xxx)", where "xxx" is the area code + in question. + properties: + windowAfter: + description: Number of characters after + the finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before + the finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + type: object + type: array + type: object + inspectTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + If provided, will be used as the default for all values in InspectConfig. `inspect_config` will be merged into the values persisted as part of the template. + + Allowed value: The Google Cloud resource name of a `DLPInspectTemplate` resource (format: `{{parent}}/inspectTemplates/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + storageConfig: + description: The data to scan. + properties: + bigQueryOptions: + description: BigQuery options. + properties: + excludedFields: + description: References to fields excluded from scanning. + This allows you to skip inspection of entire columns + which you know have no findings. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + identifyingFields: + description: Table fields that may uniquely identify a + row within the table. When `actions.saveFindings.outputConfig.table` + is specified, the values of columns specified here are + available in the output table under `location.content_locations.record_location.record_key.id_values`. + Nested fields such as `person.birthdate.year` are allowed. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + includedFields: + description: Limit scanning only to these fields. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + rowsLimit: + description: Max number of rows to scan. If the table + has more rows than this value, the rest of the rows + are omitted. If not set, or if set to 0, all rows will + be scanned. Only one of rows_limit and rows_limit_percent + can be specified. Cannot be used in conjunction with + TimespanConfig. + format: int64 + type: integer + rowsLimitPercent: + description: Max percentage of rows to scan. The rest + are omitted. The number of rows scanned is rounded down. + Must be between 0 and 100, inclusively. Both 0 and 100 + means no limit. Defaults to 0. Only one of rows_limit + and rows_limit_percent can be specified. Cannot be used + in conjunction with TimespanConfig. + format: int64 + type: integer + sampleMethod: + description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, + TOP, RANDOM_START' + type: string + tableReference: + description: Complete BigQuery table reference. + properties: + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + required: + - tableReference + type: object + cloudStorageOptions: + description: Google Cloud Storage options. + properties: + bytesLimitPerFile: + description: Max number of bytes to scan from a file. + If a scanned file's size is bigger than this value then + the rest of the bytes are omitted. Only one of bytes_limit_per_file + and bytes_limit_per_file_percent can be specified. Cannot + be set if de-identification is requested. + format: int64 + type: integer + bytesLimitPerFilePercent: + description: Max percentage of bytes to scan from a file. + The rest are omitted. The number of bytes scanned is + rounded down. Must be between 0 and 100, inclusively. + Both 0 and 100 means no limit. Defaults to 0. Only one + of bytes_limit_per_file and bytes_limit_per_file_percent + can be specified. Cannot be set if de-identification + is requested. + format: int64 + type: integer + fileSet: + description: The set of one or more files to scan. + properties: + regexFileSet: + description: The regex-filtered set of files to scan. + Exactly one of `url` or `regex_file_set` must be + set. + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of a Cloud Storage bucket. Required. + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + excludeRegex: + description: A list of regular expressions matching + file paths to exclude. All files in the bucket + that match at least one of these regular expressions + will be excluded from the scan. Regular expressions + use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); + a guide can be found under the google/re2 repository + on GitHub. + items: + type: string + type: array + includeRegex: + description: A list of regular expressions matching + file paths to include. All files in the bucket + that match at least one of these regular expressions + will be included in the set of files, except + for those that also match an item in `exclude_regex`. + Leaving this field empty will match all files + by default (this is equivalent to including + `.*` in the list). Regular expressions use RE2 + [syntax](https://github.com/google/re2/wiki/Syntax); + a guide can be found under the google/re2 repository + on GitHub. + items: + type: string + type: array + required: + - bucketRef + type: object + url: + description: The Cloud Storage url of the file(s) + to scan, in the format `gs:///`. Trailing wildcard + in the path is allowed. If the url ends in a trailing + slash, the bucket or directory represented by the + url will be scanned non-recursively (content in + sub-directories will not be scanned). This means + that `gs://mybucket/` is equivalent to `gs://mybucket/*`, + and `gs://mybucket/directory/` is equivalent to + `gs://mybucket/directory/*`. Exactly one of `url` + or `regex_file_set` must be set. + type: string + type: object + fileTypes: + description: List of file type groups to include in the + scan. If empty, all files are scanned and available + data format processors are applied. In addition, the + binary content of the selected files is always scanned + as well. Images are scanned only as binary if the specified + region does not support image inspection and no file_types + were specified. Image inspection is restricted to 'global', + 'us', 'asia', and 'europe'. + items: + type: string + type: array + filesLimitPercent: + description: Limits the number of files to scan to this + percentage of the input FileSet. Number of files scanned + is rounded down. Must be between 0 and 100, inclusively. + Both 0 and 100 means no limit. Defaults to 0. + format: int64 + type: integer + sampleMethod: + description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, + TOP, RANDOM_START' + type: string + type: object + datastoreOptions: + description: Google Cloud Datastore options. + properties: + kind: + description: The kind to process. + properties: + name: + description: The name of the kind. + type: string + type: object + partitionId: + description: A partition ID identifies a grouping of entities. + The grouping is always by project namespace ID may be + empty. + properties: + namespaceId: + description: If not empty, the ID of the namespace + to which the entities belong. + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The ID of the project to which the entities belong. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + hybridOptions: + description: Hybrid inspection options. + properties: + description: + description: A short description of where the data is + coming from. Will be stored once in the job. 256 max + length. + type: string + labels: + additionalProperties: + type: string + description: 'To organize findings, these labels will + be added to each finding. Label keys must be between + 1 and 63 characters long and must conform to the following + regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. Label + values must be between 0 and 63 characters long and + must conform to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. + No more than 10 labels can be associated with a given + finding. Examples: * `"environment" : "production"` + * `"pipeline" : "etl"`' + type: object + requiredFindingLabelKeys: + description: 'These are labels that each inspection request + must include within their ''finding_labels'' map. Request + may contain others, but any missing one of these will + be rejected. Label keys must be between 1 and 63 characters + long and must conform to the following regular expression: + `[a-z]([-a-z0-9]*[a-z0-9])?`. No more than 10 keys can + be required.' + items: + type: string + type: array + tableOptions: + description: If the container is a table, additional information + to make findings meaningful such as the columns that + are primary keys. + properties: + identifyingFields: + description: The columns that are the primary keys + for table objects included in ContentItem. A copy + of this cell's value will stored alongside alongside + each finding so that the finding can be traced to + the specific row it came from. No more than 3 may + be provided. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + type: object + type: object + timespanConfig: + properties: + enableAutoPopulationOfTimespanConfig: + description: When the job is started by a JobTrigger we + will automatically figure out a valid start_time to + avoid scanning files that have not been modified since + the last time the JobTrigger executed. This will be + based on the time of the execution of the last run of + the JobTrigger. + type: boolean + endTime: + description: Exclude files, tables, or rows newer than + this value. If not set, no upper time limit is applied. + format: date-time + type: string + startTime: + description: Exclude files, tables, or rows older than + this value. If not set, no lower time limit is applied. + format: date-time + type: string + timestampField: + description: 'Specification of the field containing the + timestamp of scanned items. Used for data sources like + Datastore and BigQuery. For BigQuery: If this value + is not specified and the table was modified between + the given start and end times, the entire table will + be scanned. If this value is specified, then rows are + filtered based on the given start and end times. Rows + with a `NULL` value in the provided BigQuery column + are skipped. Valid data types of the provided BigQuery + column are: `INTEGER`, `DATE`, `TIMESTAMP`, and `DATETIME`. + For Datastore: If this value is specified, then entities + are filtered based on the given start and end times. + If an entity does not contain the provided timestamp + property or contains empty or invalid values, then it + is included. Valid data types of the provided timestamp + property are: `TIMESTAMP`.' + properties: + name: + description: Name describing the field. + type: string + type: object + type: object + type: object + required: + - storageConfig + type: object + location: + description: Immutable. The location of the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + status: + description: 'Immutable. Required. A status for this trigger. Possible + values: STATUS_UNSPECIFIED, HEALTHY, PAUSED, CANCELLED' + type: string + triggers: + description: A list of triggers which will be OR'ed together. Only + one in the list needs to trigger for a job to be started. The list + may contain only a single Schedule trigger and must have at least + one object. + items: + properties: + manual: + description: For use with hybrid jobs. Jobs must be manually + created and finished. + type: object + x-kubernetes-preserve-unknown-fields: true + schedule: + description: Create a job on a repeating basis based on the + elapse of time. + properties: + recurrencePeriodDuration: + description: 'With this option a job is started a regular + periodic basis. For example: every day (86400 seconds). + A scheduled start time will be skipped if the previous + execution has not ended when its scheduled time occurs. + This value must be set to a time duration greater than + or equal to 1 day and can be no longer than 60 days.' + type: string + type: object + type: object + type: array + required: + - inspectJob + - projectRef + - status + - triggers + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of a triggeredJob. + format: date-time + type: string + errors: + description: Output only. A stream of errors encountered when the + trigger was activated. Repeated errors may result in the JobTrigger + automatically being paused. Will return the last 100 errors. Whenever + the JobTrigger is modified this list will be cleared. + items: + properties: + details: + description: Detailed error codes and messages. + properties: + code: + description: The status code, which should be an enum value + of google.rpc.Code. + format: int64 + type: integer + details: + description: A list of messages that carry the error details. + There is a common set of message types for APIs to use. + items: + properties: + typeUrl: + description: 'A URL/resource name that uniquely identifies + the type of the serialized protocol buffer message. + This string must contain at least one "/" character. + The last segment of the URL''s path must represent + the fully qualified name of the type (as in `path/google.protobuf.Duration`). + The name should be in a canonical form (e.g., leading + "." is not accepted). In practice, teams usually + precompile into the binary all types that they expect + it to use in the context of Any. However, for URLs + which use the scheme `http`, `https`, or no scheme, + one can optionally set up a type server that maps + type URLs to message definitions as follows: * If + no scheme is provided, `https` is assumed. * An + HTTP GET on the URL must yield a google.protobuf.Type + value in binary format, or produce an error. * Applications + are allowed to cache lookup results based on the + URL, or have them precompiled into a binary to avoid + any lookup. Therefore, binary compatibility needs + to be preserved on changes to types. (Use versioned + type names to manage breaking changes.) Note: this + functionality is not currently available in the + official protobuf release, and it is not used for + type URLs beginning with type.googleapis.com. Schemes + other than `http`, `https` (or the empty scheme) + might be used with implementation specific semantics.' + type: string + value: + description: Must be a valid serialized protocol buffer + of the above specified type. + type: string + type: object + type: array + message: + description: A developer-facing error message, which should + be in English. Any user-facing error message should be + localized and sent in the google.rpc.Status.details field, + or localized by the client. + type: string + type: object + timestamps: + description: The times the error occurred. + items: + format: date-time + type: string + type: array + type: object + type: array + lastRunTime: + description: Output only. The timestamp of the last time this trigger + executed. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of a triggeredJob. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpstoredinfotypes.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPStoredInfoType + plural: dlpstoredinfotypes + shortNames: + - gcpdlpstoredinfotype + - gcpdlpstoredinfotypes + singular: dlpstoredinfotype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - organizationRef + - required: + - projectRef + properties: + description: + description: Description of the StoredInfoType (max 256 characters). + type: string + dictionary: + description: Store dictionary-based CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in Cloud Storage. + Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path (no wildcards) + in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + required: + - path + type: object + wordList: + description: List of words or phrases to search for. + properties: + words: + description: Words or phrases defining the dictionary. The + dictionary must contain at least one phrase and every phrase + must contain at least 2 characters that are letters or digits. + [required] + items: + type: string + type: array + required: + - words + type: object + type: object + displayName: + description: Display name of the StoredInfoType (max 256 characters). + type: string + largeCustomDictionary: + description: StoredInfoType where findings are defined by a dictionary + of phrases. + properties: + bigQueryField: + description: Field in a BigQuery table where each cell represents + a dictionary phrase. + properties: + field: + description: Designated field in the BigQuery table. + properties: + name: + description: Name describing the field. + type: string + type: object + table: + description: Source table of the field. + properties: + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + cloudStorageFileSet: + description: Set of files containing newline-delimited lists of + dictionary phrases. + properties: + url: + description: The url, in the format `gs:///`. Trailing wildcard + in the path is allowed. + type: string + required: + - url + type: object + outputPath: + description: Location to store dictionary artifacts in Google + Cloud Storage. These files will only be accessible by project + owners and the DLP API. If any of these artifacts are modified, + the dictionary is considered invalid and can no longer be used. + properties: + path: + description: 'A url representing a file or path (no wildcards) + in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + required: + - path + type: object + type: object + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + regex: + description: Store regular expression-based StoredInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract as findings. + When not specified, the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. Its syntax + (https://github.com/google/re2/wiki/Syntax) can be found under + the google/re2 repository on GitHub. + type: string + required: + - pattern + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsmanagedzones.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSManagedZone + plural: dnsmanagedzones + shortNames: + - gcpdnsmanagedzone + - gcpdnsmanagedzones + singular: dnsmanagedzone + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cloudLoggingConfig: + description: Cloud logging configuration. + properties: + enableLogging: + description: If set, enable query logging for this ManagedZone. + False by default, making logging opt-in. + type: boolean + required: + - enableLogging + type: object + description: + description: A textual description field. Defaults to 'Managed by + Config Connector'. + type: string + dnsName: + description: Immutable. The DNS name of this managed zone, for instance + "example.com.". + type: string + dnssecConfig: + description: DNSSEC configuration. + properties: + defaultKeySpecs: + description: |- + Specifies parameters that will be used for generating initial DnsKeys + for this ManagedZone. If you provide a spec for keySigning or zoneSigning, + you must also provide one for the other. + default_key_specs can only be updated when the state is 'off'. + items: + properties: + algorithm: + description: 'String mnemonic specifying the DNSSEC algorithm + of this key Possible values: ["ecdsap256sha256", "ecdsap384sha384", + "rsasha1", "rsasha256", "rsasha512"].' + type: string + keyLength: + description: Length of the keys in bits. + type: integer + keyType: + description: |- + Specifies whether this is a key signing key (KSK) or a zone + signing key (ZSK). Key signing keys have the Secure Entry + Point flag set and, when active, will only be used to sign + resource record sets of type DNSKEY. Zone signing keys do + not have the Secure Entry Point flag set and will be used + to sign all other types of resource record sets. Possible values: ["keySigning", "zoneSigning"]. + type: string + kind: + description: Identifies what kind of resource this is. + type: string + type: object + type: array + kind: + description: Identifies what kind of resource this is. + type: string + nonExistence: + description: |- + Specifies the mechanism used to provide authenticated denial-of-existence responses. + non_existence can only be updated when the state is 'off'. Possible values: ["nsec", "nsec3"]. + type: string + state: + description: 'Specifies whether DNSSEC is enabled, and what mode + it is in Possible values: ["off", "on", "transfer"].' + type: string + type: object + forwardingConfig: + description: |- + The presence for this field indicates that outbound forwarding is enabled + for this zone. The value of this field contains the set of destinations + to forward to. + properties: + targetNameServers: + description: |- + List of target name servers to forward to. Cloud DNS will + select the best available name server if more than + one target is given. + items: + properties: + forwardingPath: + description: |- + Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding + decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go + to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. + type: string + ipv4Address: + description: IPv4 address of a target name server. + type: string + required: + - ipv4Address + type: object + type: array + required: + - targetNameServers + type: object + peeringConfig: + description: |- + The presence of this field indicates that DNS Peering is enabled for this + zone. The value of this field contains the network to peer with. + properties: + targetNetwork: + description: The network with which to peer. + properties: + networkRef: + description: VPC network to forward queries to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - networkRef + type: object + required: + - targetNetwork + type: object + privateVisibilityConfig: + description: |- + For privately visible zones, the set of Virtual Private Cloud + resources that the zone is visible from. At least one of 'gke_clusters' or 'networks' must be specified. + properties: + gkeClusters: + description: The list of Google Kubernetes Engine clusters that + can see this zone. + items: + properties: + gkeClusterNameRef: + description: |- + The resource name of the cluster to bind this ManagedZone to. + This should be specified in the format like + 'projects/*/locations/*/clusters/*'. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ContainerCluster` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - gkeClusterNameRef + type: object + type: array + networks: + items: + properties: + networkRef: + description: VPC network to bind to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - networkRef + type: object + type: array + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + reverseLookup: + description: |- + Immutable. Specifies if this is a managed reverse lookup zone. If true, Cloud DNS will resolve reverse + lookup queries using automatically configured records for VPC resources. This only applies + to networks listed under 'private_visibility_config'. + type: boolean + serviceDirectoryConfig: + description: Immutable. The presence of this field indicates that + this zone is backed by Service Directory. The value of this field + contains information related to the namespace associated with the + zone. + properties: + namespace: + description: The namespace associated with the zone. + properties: + namespaceUrl: + description: |- + The fully qualified or partial URL of the service directory namespace that should be + associated with the zone. This should be formatted like + 'https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace_id}' + or simply 'projects/{project}/locations/{location}/namespaces/{namespace_id}' + Ignored for 'public' visibility zones. + type: string + required: + - namespaceUrl + type: object + required: + - namespace + type: object + visibility: + description: |- + Immutable. The zone's visibility: public zones are exposed to the Internet, + while private zones are visible only to Virtual Private Cloud resources. Default value: "public" Possible values: ["private", "public"]. + type: string + required: + - dnsName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTime: + description: |- + The time that this resource was created on the server. + This is in RFC3339 text format. + type: string + managedZoneId: + description: Unique identifier for the resource; defined by the server. + type: integer + nameServers: + description: |- + Delegate your managed_zone to these virtual name servers; + defined by the server. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnspolicies.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSPolicy + plural: dnspolicies + shortNames: + - gcpdnspolicy + - gcpdnspolicies + singular: dnspolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + alternativeNameServerConfig: + description: |- + Sets an alternative name server for the associated networks. + When specified, all DNS queries are forwarded to a name server that you choose. + Names such as .internal are not available when an alternative name server is specified. + properties: + targetNameServers: + description: |- + Sets an alternative name server for the associated networks. When specified, + all DNS queries are forwarded to a name server that you choose. Names such as .internal + are not available when an alternative name server is specified. + items: + properties: + forwardingPath: + description: |- + Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding + decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go + to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. + type: string + ipv4Address: + description: IPv4 address to forward to. + type: string + required: + - ipv4Address + type: object + type: array + required: + - targetNameServers + type: object + description: + description: A textual description field. Defaults to 'Managed by + Config Connector'. + type: string + enableInboundForwarding: + description: |- + Allows networks bound to this policy to receive DNS queries sent + by VMs or applications over VPN connections. When enabled, a + virtual IP address will be allocated from each of the sub-networks + that are bound to this policy. + type: boolean + enableLogging: + description: |- + Controls whether logging is enabled for the networks bound to this policy. + Defaults to no logging if not set. + type: boolean + networks: + description: List of network names specifying networks to which this + policy is applied. + items: + properties: + networkRef: + description: VPC network to bind to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - networkRef + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsrecordsets.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSRecordSet + plural: dnsrecordsets + shortNames: + - gcpdnsrecordset + - gcpdnsrecordsets + singular: dnsrecordset + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - rrdatas + - required: + - rrdatasRefs + - required: + - routingPolicy + properties: + managedZoneRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `DNSManagedZone` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: Immutable. The DNS name this record set will apply to. + type: string + routingPolicy: + description: The configuration for steering traffic based on query. + You can specify either Weighted Round Robin(WRR) type or Geolocation(GEO) + type. + properties: + enableGeoFencing: + description: Specifies whether to enable fencing for geo queries. + type: boolean + geo: + description: The configuration for Geo location based routing + policy. + items: + properties: + healthCheckedTargets: + description: For A and AAAA types only. The list of targets + to be health checked. These can be specified along with + `rrdatas` within this item. + properties: + internalLoadBalancers: + description: The list of internal load balancers to + health check. + items: + properties: + ipAddressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` + field of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipProtocol: + description: 'The configured IP protocol of the + load balancer. This value is case-sensitive. + Possible values: ["tcp", "udp"].' + type: string + loadBalancerType: + description: 'The type of load balancer. This + value is case-sensitive. Possible values: ["regionalL4ilb", + "regionalL7ilb", "globalL7ilb"].' + type: string + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + port: + description: The configured port of the load balancer. + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field + of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + regionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `location` + field of a `ComputeForwardingRule` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - ipAddressRef + - ipProtocol + - loadBalancerType + - networkRef + - port + - projectRef + type: object + type: array + required: + - internalLoadBalancers + type: object + location: + description: The location name defined in Google Cloud. + type: string + rrdatasRefs: + items: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of + a `ComputeAddress` resource.' + type: string + kind: + description: 'Kind of the referent. Allowed values: + ComputeAddress' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - location + type: object + type: array + primaryBackup: + description: The configuration for a primary-backup policy with + global to regional failover. Queries are responded to with the + global primary targets, but if none of the primary targets are + healthy, then we fallback to a regional failover policy. + properties: + backupGeo: + description: The backup geo targets, which provide a regional + failover policy for the otherwise global primary targets. + items: + properties: + healthCheckedTargets: + description: For A and AAAA types only. The list of + targets to be health checked. These can be specified + along with `rrdatas` within this item. + properties: + internalLoadBalancers: + description: The list of internal load balancers + to health check. + items: + properties: + ipAddressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` + field of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipProtocol: + description: 'The configured IP protocol of + the load balancer. This value is case-sensitive. + Possible values: ["tcp", "udp"].' + type: string + loadBalancerType: + description: 'The type of load balancer. This + value is case-sensitive. Possible values: + ["regionalL4ilb", "regionalL7ilb", "globalL7ilb"].' + type: string + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + port: + description: The configured port of the load + balancer. + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` + field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + regionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `location` + field of a `ComputeForwardingRule` resource.' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - ipAddressRef + - ipProtocol + - loadBalancerType + - networkRef + - port + - projectRef + type: object + type: array + required: + - internalLoadBalancers + type: object + location: + description: The location name defined in Google Cloud. + type: string + rrdatasRefs: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field + of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - location + type: object + type: array + enableGeoFencingForBackups: + description: Specifies whether to enable fencing for backup + geo queries. + type: boolean + primary: + description: The list of global primary targets to be health + checked. + properties: + internalLoadBalancers: + description: The list of internal load balancers to health + check. + items: + properties: + ipAddressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field + of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipProtocol: + description: 'The configured IP protocol of the + load balancer. This value is case-sensitive. Possible + values: ["tcp", "udp"].' + type: string + loadBalancerType: + description: 'The type of load balancer. This value + is case-sensitive. Possible values: ["regionalL4ilb", + "regionalL7ilb", "globalL7ilb"].' + type: string + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + port: + description: The configured port of the load balancer. + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field + of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + regionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `location` + field of a `ComputeForwardingRule` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - ipAddressRef + - ipProtocol + - loadBalancerType + - networkRef + - port + - projectRef + type: object + type: array + required: + - internalLoadBalancers + type: object + trickleRatio: + description: Specifies the percentage of traffic to send to + the backup targets even when the primary targets are healthy. + type: number + required: + - backupGeo + - primary + type: object + wrr: + description: The configuration for Weighted Round Robin based + routing policy. + items: + properties: + healthCheckedTargets: + description: The list of targets to be health checked. Note + that if DNSSEC is enabled for this zone, only one of `rrdatas` + or `health_checked_targets` can be set. + properties: + internalLoadBalancers: + description: The list of internal load balancers to + health check. + items: + properties: + ipAddressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` + field of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipProtocol: + description: 'The configured IP protocol of the + load balancer. This value is case-sensitive. + Possible values: ["tcp", "udp"].' + type: string + loadBalancerType: + description: 'The type of load balancer. This + value is case-sensitive. Possible values: ["regionalL4ilb", + "regionalL7ilb", "globalL7ilb"].' + type: string + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + port: + description: The configured port of the load balancer. + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field + of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + regionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `location` + field of a `ComputeForwardingRule` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - ipAddressRef + - ipProtocol + - loadBalancerType + - networkRef + - port + - projectRef + type: object + type: array + required: + - internalLoadBalancers + type: object + rrdatasRefs: + items: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of + a `ComputeAddress` resource.' + type: string + kind: + description: 'Kind of the referent. Allowed values: + ComputeAddress' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + weight: + description: The ratio of traffic routed to the target. + type: number + required: + - weight + type: object + type: array + type: object + rrdatas: + description: DEPRECATED. Although this field is still available, there + is limited support. We recommend that you use `spec.rrdatasRefs` + instead. + items: + type: string + type: array + rrdatasRefs: + items: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + kind: + description: 'Kind of the referent. Allowed values: ComputeAddress' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + ttl: + description: The time-to-live of this record set (seconds). + type: integer + type: + description: The DNS record set type. + type: string + required: + - managedZoneRef + - name + - type + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsresponsepolicies.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSResponsePolicy + plural: dnsresponsepolicies + shortNames: + - gcpdnsresponsepolicy + - gcpdnsresponsepolicies + singular: dnsresponsepolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the response policy, such as 'My new + response policy'. + type: string + gkeClusters: + description: The list of Google Kubernetes Engine clusters that can + see this zone. + items: + properties: + gkeClusterName: + description: |- + The resource name of the cluster to bind this ManagedZone to. + This should be specified in the format like + 'projects/*/locations/*/clusters/*'. + type: string + required: + - gkeClusterName + type: object + type: array + networks: + description: The list of network names specifying networks to which + this policy is applied. + items: + properties: + networkUrl: + description: |- + The fully qualified URL of the VPC network to bind to. + This should be formatted like + 'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'. + type: string + required: + - networkUrl + type: object + type: array + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The responsePolicyName of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsresponsepolicyrules.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSResponsePolicyRule + plural: dnsresponsepolicyrules + shortNames: + - gcpdnsresponsepolicyrule + - gcpdnsresponsepolicyrules + singular: dnsresponsepolicyrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + behavior: + description: Answer this query with a behavior rather than DNS data. + Acceptable values are 'behaviorUnspecified', and 'bypassResponsePolicy'. + type: string + dnsName: + description: The DNS name (wildcard or exact) to apply this rule to. + Must be unique within the Response Policy Rule. + type: string + localData: + description: |- + Answer this query directly with DNS data. These ResourceRecordSets override any other DNS behavior for the matched name; + in particular they override private zones, the public internet, and GCP internal DNS. No SOA nor NS types are allowed. + properties: + localDatas: + description: All resource record sets for this selector, one per + resource record type. The name must match the dns_name. + items: + properties: + name: + description: For example, www.example.com. + type: string + rrdatas: + description: As defined in RFC 1035 (section 5) and RFC + 1034 (section 3.6.1). + items: + type: string + type: array + ttl: + description: |- + Number of seconds that this ResourceRecordSet can be cached by + resolvers. + type: integer + type: + description: 'One of valid DNS resource types. Possible + values: ["A", "AAAA", "CAA", "CNAME", "DNSKEY", "DS", + "HTTPS", "IPSECVPNKEY", "MX", "NAPTR", "NS", "PTR", "SOA", + "SPF", "SRV", "SSHFP", "SVCB", "TLSA", "TXT"].' + type: string + required: + - name + - type + type: object + type: array + required: + - localDatas + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The ruleName of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + responsePolicy: + description: Identifies the response policy addressed by this request. + type: string + required: + - dnsName + - projectRef + - responsePolicy + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: documentaiprocessordefaultversions.documentai.cnrm.cloud.google.com +spec: + group: documentai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DocumentAIProcessorDefaultVersion + plural: documentaiprocessordefaultversions + shortNames: + - gcpdocumentaiprocessordefaultversion + - gcpdocumentaiprocessordefaultversions + singular: documentaiprocessordefaultversion + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + resourceID: + description: Immutable. Optional. The processor of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + version: + description: |- + Immutable. The version to set. Using 'stable' or 'rc' will cause the API to return the latest version in that release channel. + Apply 'lifecycle.ignore_changes' to the 'version' field to suppress this diff. + type: string + required: + - version + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: documentaiprocessors.documentai.cnrm.cloud.google.com +spec: + group: documentai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DocumentAIProcessor + plural: documentaiprocessors + shortNames: + - gcpdocumentaiprocessor + - gcpdocumentaiprocessors + singular: documentaiprocessor + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Immutable. The display name. Must be unique. + type: string + kmsKeyName: + description: Immutable. The KMS key used for encryption/decryption + in CMEK scenarios. See https://cloud.google.com/security-key-management. + type: string + location: + description: Immutable. The location of the resource. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: + description: Immutable. The type of processor. For possible types + see the [official list](https://cloud.google.com/document-ai/docs/reference/rest/v1/projects.locations/fetchProcessorTypes#google.cloud.documentai.v1.DocumentProcessorService.FetchProcessorTypes). + type: string + required: + - displayName + - location + - projectRef + - type + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The resource name of the processor. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: edgecontainerclusters.edgecontainer.cnrm.cloud.google.com +spec: + group: edgecontainer.cnrm.cloud.google.com + names: + categories: + - gcp + kind: EdgeContainerCluster + plural: edgecontainerclusters + shortNames: + - gcpedgecontainercluster + - gcpedgecontainerclusters + singular: edgecontainercluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + authorization: + description: Immutable. RBAC policy that will be applied and managed + by GEC. + properties: + adminUsers: + description: |- + User that will be granted the cluster-admin role on the cluster, providing + full access to the cluster. Currently, this is a singular field, but will + be expanded to allow multiple admins in the future. + properties: + usernameRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - usernameRef + type: object + required: + - adminUsers + type: object + controlPlane: + description: The configuration of the cluster control plane. + properties: + local: + description: Immutable. Local control plane configuration. + properties: + machineFilter: + description: |- + Only machines matching this filter will be allowed to host control + plane nodes. The filtering language accepts strings like "name=", + and is documented here: [AIP-160](https://google.aip.dev/160). + type: string + nodeCount: + description: |- + The number of nodes to serve as replicas of the Control Plane. + Only 1 and 3 are supported. + type: integer + nodeLocation: + description: |- + Immutable. Name of the Google Distributed Cloud Edge zones where this node pool + will be created. For example: 'us-central1-edge-customer-a'. + type: string + sharedDeploymentPolicy: + description: 'Policy configuration about how user applications + are deployed. Possible values: ["SHARED_DEPLOYMENT_POLICY_UNSPECIFIED", + "ALLOWED", "DISALLOWED"].' + type: string + type: object + remote: + description: Immutable. Remote control plane configuration. + properties: + nodeLocation: + description: |- + Immutable. Name of the Google Distributed Cloud Edge zones where this node pool + will be created. For example: 'us-central1-edge-customer-a'. + type: string + type: object + type: object + controlPlaneEncryption: + description: |- + Remote control plane disk encryption options. This field is only used when + enabling CMEK support. + properties: + kmsKeyActiveVersion: + description: |- + The Cloud KMS CryptoKeyVersion currently in use for protecting control + plane disks. Only applicable if kms_key is set. + type: string + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyState: + description: |- + Availability of the Cloud KMS CryptoKey. If not 'KEY_AVAILABLE', then + nodes may go offline as they cannot access their local data. This can be + caused by a lack of permissions to use the key, or if the key is disabled + or deleted. + type: string + kmsStatus: + description: |- + Error status returned by Cloud KMS when using this key. This field may be + populated only if 'kms_key_state' is not 'KMS_KEY_STATE_KEY_AVAILABLE'. + If populated, this field contains the error status reported by Cloud KMS. + items: + properties: + code: + description: The status code, which should be an enum value + of google.rpc.Code. + type: integer + message: + description: A developer-facing error message, which should + be in English. Any user-facing error message should be + localized and sent in the google.rpc.Status.details field, + or localized by the client. + type: string + type: object + type: array + type: object + defaultMaxPodsPerNode: + description: |- + The default maximum number of pods per node used if a maximum value is not + specified explicitly for a node pool in this cluster. If unspecified, the + Kubernetes default value will be used. + type: integer + externalLoadBalancerIpv4AddressPools: + description: Address pools for cluster data plane external load balancing. + items: + type: string + type: array + fleet: + description: |- + Immutable. Fleet related configuration. + Fleets are a Google Cloud concept for logically organizing clusters, + letting you use and manage multi-cluster capabilities and apply + consistent policies across your systems. + properties: + membership: + description: |- + The name of the managed Hub Membership resource associated to this cluster. + Membership names are formatted as + 'projects//locations/global/membership/'. + type: string + projectRef: + description: The number of the Fleet host project where this cluster + will be registered. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{value}}`, + where {{value}} is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + type: object + location: + description: Immutable. The location of the resource. + type: string + maintenancePolicy: + description: Cluster-wide maintenance policy configuration. + properties: + window: + description: Specifies the maintenance window in which maintenance + may be performed. + properties: + recurringWindow: + description: Represents an arbitrary window of time that recurs. + properties: + recurrence: + description: |- + An RRULE (https://tools.ietf.org/html/rfc5545#section-3.8.5.3) for how + this window recurs. They go on for the span of time between the start and + end time. + type: string + window: + description: Represents an arbitrary window of time. + properties: + endTime: + description: |- + The time that the window ends. The end time must take place after the + start time. + type: string + startTime: + description: The time that the window first starts. + type: string + type: object + type: object + required: + - recurringWindow + type: object + required: + - window + type: object + networking: + description: |- + Fleet related configuration. + Fleets are a Google Cloud concept for logically organizing clusters, + letting you use and manage multi-cluster capabilities and apply + consistent policies across your systems. + properties: + clusterIpv4CidrBlocks: + description: |- + Immutable. All pods in the cluster are assigned an RFC1918 IPv4 address from these + blocks. Only a single block is supported. This field cannot be changed + after creation. + items: + type: string + type: array + clusterIpv6CidrBlocks: + description: |- + Immutable. If specified, dual stack mode is enabled and all pods in the cluster are + assigned an IPv6 address from these blocks alongside from an IPv4 + address. Only a single block is supported. This field cannot be changed + after creation. + items: + type: string + type: array + networkType: + description: IP addressing type of this cluster i.e. SINGLESTACK_V4 + vs DUALSTACK_V4_V6. + type: string + servicesIpv4CidrBlocks: + description: |- + Immutable. All services in the cluster are assigned an RFC1918 IPv4 address from these + blocks. Only a single block is supported. This field cannot be changed + after creation. + items: + type: string + type: array + servicesIpv6CidrBlocks: + description: |- + Immutable. If specified, dual stack mode is enabled and all services in the cluster are + assigned an IPv6 address from these blocks alongside from an IPv4 + address. Only a single block is supported. This field cannot be changed + after creation. + items: + type: string + type: array + required: + - clusterIpv4CidrBlocks + - servicesIpv4CidrBlocks + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + releaseChannel: + description: 'The release channel a cluster is subscribed to. Possible + values: ["RELEASE_CHANNEL_UNSPECIFIED", "NONE", "REGULAR"].' + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + systemAddonsConfig: + description: Config that customers are allowed to define for GDCE + system add-ons. + properties: + ingress: + description: |- + Config for the Ingress add-on which allows customers to create an Ingress + object to manage external access to the servers in a cluster. The add-on + consists of istiod and istio-ingress. + properties: + disabled: + description: Whether Ingress is disabled. + type: boolean + ipv4Vip: + description: Ingress VIP. + type: string + type: object + type: object + targetVersion: + description: 'The target cluster version. For example: "1.5.0".' + type: string + required: + - authorization + - fleet + - location + - networking + - projectRef + type: object + status: + properties: + clusterCaCertificate: + description: The PEM-encoded public certificate of the cluster's CA. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + controlPlaneVersion: + description: The control plane release version. + type: string + createTime: + description: The time the cluster was created, in RFC3339 text format. + type: string + endpoint: + description: The IP address of the Kubernetes API server. + type: string + maintenanceEvents: + description: |- + All the maintenance events scheduled for the cluster, including the ones + ongoing, planned for the future and done in the past (up to 90 days). + items: + properties: + createTime: + description: The time when the maintenance event request was + created. + type: string + endTime: + description: |- + The time when the maintenance event ended, either successfully or not. If + the maintenance event is split into multiple maintenance windows, + end_time is only updated when the whole flow ends. + type: string + operation: + description: |- + The operation for running the maintenance event. Specified in the format + projects/*/locations/*/operations/*. If the maintenance event is split + into multiple operations (e.g. due to maintenance windows), the latest + one is recorded. + type: string + schedule: + description: The schedule of the maintenance event. + type: string + startTime: + description: The time when the maintenance event started. + type: string + state: + description: Indicates the maintenance event state. + type: string + targetVersion: + description: The target version of the cluster. + type: string + type: + description: Indicates the maintenance event type. + type: string + updateTime: + description: The time when the maintenance event message was + updated. + type: string + uuid: + description: UUID of the maintenance event. + type: string + type: object + type: array + nodeVersion: + description: |- + The lowest release version among all worker nodes. This field can be empty + if the cluster does not have any worker nodes. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + port: + description: The port number of the Kubernetes API server. + type: integer + status: + description: Indicates the status of the cluster. + type: string + updateTime: + description: The time the cluster was last updated, in RFC3339 text + format. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: edgecontainernodepools.edgecontainer.cnrm.cloud.google.com +spec: + group: edgecontainer.cnrm.cloud.google.com + names: + categories: + - gcp + kind: EdgeContainerNodePool + plural: edgecontainernodepools + shortNames: + - gcpedgecontainernodepool + - gcpedgecontainernodepools + singular: edgecontainernodepool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clusterRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `EdgeContainerCluster` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + localDiskEncryption: + description: Local disk encryption options. This field is only used + when enabling CMEK support. + properties: + kmsKeyActiveVersion: + description: The Cloud KMS CryptoKeyVersion currently in use for + protecting node local disks. Only applicable if kmsKey is set. + type: string + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyState: + description: |- + Availability of the Cloud KMS CryptoKey. If not KEY_AVAILABLE, then nodes may go offline as they cannot access their local data. + This can be caused by a lack of permissions to use the key, or if the key is disabled or deleted. + type: string + type: object + location: + description: Immutable. The location of the resource. + type: string + machineFilter: + description: |- + Only machines matching this filter will be allowed to join the node pool. + The filtering language accepts strings like "name=", and is + documented in more detail in [AIP-160](https://google.aip.dev/160). + type: string + nodeConfig: + description: Configuration for each node in the NodePool. + properties: + labels: + additionalProperties: + type: string + description: '"The Kubernetes node labels".' + type: object + type: object + nodeCount: + description: The number of nodes in the pool. + type: integer + nodeLocation: + description: 'Immutable. Name of the Google Distributed Cloud Edge + zone where this node pool will be created. For example: ''us-central1-edge-customer-a''.' + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - clusterRef + - location + - nodeCount + - nodeLocation + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the node pool was created. + type: string + nodeVersion: + description: The lowest release version among all worker nodes. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: The time when the node pool was last updated. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: edgecontainervpnconnections.edgecontainer.cnrm.cloud.google.com +spec: + group: edgecontainer.cnrm.cloud.google.com + names: + categories: + - gcp + kind: EdgeContainerVpnConnection + plural: edgecontainervpnconnections + shortNames: + - gcpedgecontainervpnconnection + - gcpedgecontainervpnconnections + singular: edgecontainervpnconnection + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clusterRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `EdgeContainerCluster` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + enableHighAvailability: + description: Immutable. Whether this VPN connection has HA enabled + on cluster side. If enabled, when creating VPN connection we will + attempt to use 2 ANG floating IPs. + type: boolean + location: + description: Immutable. Google Cloud Platform location. + type: string + natGatewayIp: + description: |- + Immutable. NAT gateway IP, or WAN IP address. If a customer has multiple NAT IPs, the customer needs to configure NAT such that only one external IP maps to the GMEC Anthos cluster. + This is empty if NAT is not used. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + router: + description: The VPN connection Cloud Router name. + type: string + vpc: + description: Immutable. The network ID of VPC to connect to. + type: string + vpcProject: + description: Project detail of the VPC network. Required if VPC is + in a different project than the cluster project. + properties: + projectId: + description: Immutable. The project of the VPC to connect to. + If not specified, it is the same as the cluster project. + type: string + type: object + required: + - clusterRef + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the VPN connection was created. + type: string + details: + description: A nested object resource. + items: + properties: + cloudRouter: + description: The Cloud Router info. + items: + properties: + name: + description: The associated Cloud Router name. + type: string + type: object + type: array + cloudVpns: + description: Each connection has multiple Cloud VPN gateways. + items: + properties: + gateway: + description: The created Cloud VPN gateway name. + type: string + type: object + type: array + error: + description: The error message. This is only populated when + state=ERROR. + type: string + state: + description: The current connection state. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: The time when the VPN connection was last updated. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: edgenetworknetworks.edgenetwork.cnrm.cloud.google.com +spec: + group: edgenetwork.cnrm.cloud.google.com + names: + categories: + - gcp + kind: EdgeNetworkNetwork + plural: edgenetworknetworks + shortNames: + - gcpedgenetworknetwork + - gcpedgenetworknetworks + singular: edgenetworknetwork + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. A free-text description of the resource. Max + length 1024 characters. + type: string + location: + description: Immutable. The Google Cloud region to which the target + Distributed Cloud Edge zone belongs. + type: string + mtu: + description: 'Immutable. IP (L3) MTU value of the network. Default + value is ''1500''. Possible values are: ''1500'', ''9000''.' + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The networkId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. The name of the target Distributed Cloud Edge + zone. + type: string + required: + - location + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + The time when the subnet was created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'. + type: string + name: + description: |- + The canonical name of this resource, with format + 'projects/{{project}}/locations/{{location}}/zones/{{zone}}/networks/{{network_id}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + The time when the subnet was last updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: edgenetworksubnets.edgenetwork.cnrm.cloud.google.com +spec: + group: edgenetwork.cnrm.cloud.google.com + names: + categories: + - gcp + kind: EdgeNetworkSubnet + plural: edgenetworksubnets + shortNames: + - gcpedgenetworksubnet + - gcpedgenetworksubnets + singular: edgenetworksubnet + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. A free-text description of the resource. Max + length 1024 characters. + type: string + ipv4Cidr: + description: Immutable. The ranges of ipv4 addresses that are owned + by this subnetwork, in CIDR format. + items: + type: string + type: array + ipv6Cidr: + description: Immutable. The ranges of ipv6 addresses that are owned + by this subnetwork, in CIDR format. + items: + type: string + type: array + location: + description: Immutable. The Google Cloud region to which the target + Distributed Cloud Edge zone belongs. + type: string + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `EdgeNetworkNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The subnetId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + vlanId: + description: Immutable. VLAN ID for this subnetwork. If not specified, + one is assigned automatically. + type: integer + zone: + description: Immutable. The name of the target Distributed Cloud Edge + zone. + type: string + required: + - location + - networkRef + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + The time when the subnet was created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'. + type: string + name: + description: |- + The canonical name of this resource, with format + 'projects/{{project}}/locations/{{location}}/zones/{{zone}}/subnets/{{subnet_id}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: Current stage of the resource to the device by config + push. + type: string + updateTime: + description: |- + The time when the subnet was last updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: essentialcontactscontacts.essentialcontacts.cnrm.cloud.google.com +spec: + group: essentialcontacts.cnrm.cloud.google.com + names: + categories: + - gcp + kind: EssentialContactsContact + plural: essentialcontactscontacts + shortNames: + - gcpessentialcontactscontact + - gcpessentialcontactscontacts + singular: essentialcontactscontact + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + email: + description: Immutable. The email address to send notifications to. + This does not need to be a Google account. + type: string + languageTag: + description: The preferred language for notifications, as a ISO 639-1 + language code. See Supported languages for a list of supported languages. + type: string + notificationCategorySubscriptions: + description: The categories of notifications that the contact will + receive communications for. + items: + type: string + type: array + parent: + description: 'Immutable. The resource to save this contact for. Format: + organizations/{organization_id}, folders/{folder_id} or projects/{project_id}.' + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - email + - languageTag + - notificationCategorySubscriptions + - parent + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The identifier for the contact. Format: {resourceType}/{resource_id}/contacts/{contact_id}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: eventarctriggers.eventarc.cnrm.cloud.google.com +spec: + group: eventarc.cnrm.cloud.google.com + names: + categories: + - gcp + kind: EventarcTrigger + plural: eventarctriggers + shortNames: + - gcpeventarctrigger + - gcpeventarctriggers + singular: eventarctrigger + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + channelRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: Optional. The name of the channel associated with + the trigger in `projects/{project}/locations/{location}/channels/{channel}` + format. You must provide a channel to receive events from Eventarc + SaaS partners. + type: string + name: + description: |- + [WARNING] EventarcChannel not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + destination: + description: Required. Destination specifies where the events should + be sent to. + properties: + cloudFunctionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + [WARNING] Configuring a Cloud Function in Trigger is not supported as of today. The Cloud Function resource name. Format: projects/{project}/locations/{location}/functions/{function} + + Allowed value: The Google Cloud resource name of a `CloudFunctionsFunction` resource (format: `projects/{{project}}/locations/{{region}}/functions/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + cloudRunService: + description: Cloud Run fully-managed service that receives the + events. The service should be running in the same project of + the trigger. + properties: + path: + description: 'Optional. The relative path on the Cloud Run + service the events should be sent to. The value must conform + to the definition of URI path segment (section 3.3 of RFC2396). + Examples: "/route", "route", "route/subroute".' + type: string + region: + description: Required. The region the Cloud Run service is + deployed in. + type: string + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the Cloud Run service being addressed. See https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services. Only services located in the same project of the trigger object can be addressed. + + Allowed value: The Google Cloud resource name of a `RunService` resource (format: `projects/{{project}}/locations/{{location}}/services/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + - serviceRef + type: object + gke: + description: A GKE service capable of receiving events. The service + should be running in the same project as the trigger. + properties: + clusterRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the cluster the GKE service is running in. The cluster must be running in the same project as the trigger being created. + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Required. The name of the Google Compute Engine + in which the cluster resides, which can either be compute + zone (for example, us-central1-a) for the zonal clusters + or region (for example, us-central1) for regional clusters. + type: string + namespace: + description: Required. The namespace the GKE service is running + in. + type: string + path: + description: 'Optional. The relative path on the GKE service + the events should be sent to. The value must conform to + the definition of a URI path segment (section 3.3 of RFC2396). + Examples: "/route", "route", "route/subroute".' + type: string + service: + description: Required. Name of the GKE service. + type: string + required: + - clusterRef + - location + - namespace + - service + type: object + httpEndpoint: + description: An HTTP endpoint destination described by an URI. + properties: + uri: + description: 'Required. The URI of the HTTP enpdoint. The + value must be a RFC2396 URI string. Examples: `http://10.10.10.8:80/route`, + `http://svc.us-central1.p.local:8080/`. Only HTTP and HTTPS + protocols are supported. The host can be either a static + IP addressable from the VPC specified by the network config, + or an internal DNS hostname of the service resolvable via + Cloud DNS.' + type: string + required: + - uri + type: object + networkConfig: + description: Optional. Network config is used to configure how + Eventarc resolves and connect to a destination. This should + only be used with HttpEndpoint destination type. + properties: + networkAttachmentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Required. Name of the NetworkAttachment + that allows access to the destination VPC. Format: `projects/{PROJECT_ID}/regions/{REGION}/networkAttachments/{NETWORK_ATTACHMENT_NAME}`' + type: string + name: + description: |- + [WARNING] ComputeNetworkAttachment not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - networkAttachmentRef + type: object + workflowRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'The resource name of the Workflow whose Executions + are triggered by the events. The Workflow resource should + be deployed in the same project as the trigger. Format: + `projects/{project}/locations/{location}/workflows/{workflow}`' + type: string + name: + description: |- + [WARNING] WorkflowsWorkflow not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + eventDataContentType: + description: Optional. EventDataContentType specifies the type of + payload in MIME format that is expected from the CloudEvent data + field. This is set to `application/json` if the value is not defined. + type: string + location: + description: Immutable. The location for the resource + type: string + matchingCriteria: + description: Required. null The list of filters that applies to event + attributes. Only events that match all the provided filters will + be sent to the destination. + items: + properties: + attribute: + description: Required. The name of a CloudEvents attribute. + Currently, only a subset of attributes are supported for filtering. + All triggers MUST provide a filter for the 'type' attribute. + type: string + operator: + description: Optional. The operator used for matching the events + with the value of the filter. If not specified, only events + that have an exact key-value pair specified in the filter + are matched. The only allowed value is `match-path-pattern`. + type: string + value: + description: Required. The value for the attribute. See https://cloud.google.com/eventarc/docs/creating-triggers#trigger-gcloud + for available values. + type: string + required: + - attribute + - value + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The IAM service account email associated with the trigger. The service account represents the identity of the trigger. The principal who calls this API must have `iam.serviceAccounts.actAs` permission in the service account. See https://cloud.google.com/iam/docs/understanding-service-accounts#sa_common for more information. For Cloud Run destinations, this service account is used to generate identity tokens when invoking the service. See https://cloud.google.com/run/docs/triggering/pubsub-push#create-service-account for information on how to invoke authenticated Cloud Run services. In order to create Audit Log triggers, the service account should also have `roles/eventarc.eventReceiver` IAM role. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + transport: + description: Immutable. Optional. In order to deliver messages, Eventarc + may use other GCP products as transport intermediary. This field + contains a reference to that transport intermediary. This information + can be used for debugging purposes. + properties: + pubsub: + description: Immutable. The Pub/Sub topic and subscription used + by Eventarc as delivery intermediary. + properties: + topicRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/topics/{TOPIC_NAME}. You may set an existing topic for triggers of the type google.cloud.pubsub.topic.v1.messagePublished` only. The topic you provide here will not be deleted by Eventarc at trigger deletion. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + required: + - destination + - location + - matchingCriteria + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation time. + format: date-time + type: string + etag: + description: Output only. This checksum is computed by the server + based on the value of other fields, and may be sent only on create + requests to ensure the client has an up-to-date value before proceeding. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + resourceConditions: + additionalProperties: + type: string + description: Output only. The reason(s) why a trigger is in FAILED + state. + type: object + transport: + properties: + pubsub: + properties: + subscription: + description: 'Output only. The name of the Pub/Sub subscription + created and managed by Eventarc system as a transport for + the event delivery. Format: `projects/{PROJECT_ID}/subscriptions/{SUBSCRIPTION_NAME}`.' + type: string + type: object + type: object + uid: + description: Output only. Server assigned unique identifier for the + trigger. The value is a UUID4 string and guaranteed to remain unchanged + until the resource is deleted. + type: string + updateTime: + description: Output only. The last-modified time. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: filestorebackups.filestore.cnrm.cloud.google.com +spec: + group: filestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FilestoreBackup + plural: filestorebackups + shortNames: + - gcpfilestorebackup + - gcpfilestorebackups + singular: filestorebackup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A description of the backup with 2048 characters or less. + Requests with longer descriptions will be rejected. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceFileShare: + description: Immutable. Name of the file share in the source Cloud + Filestore instance that the backup is created from. + type: string + sourceInstanceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The resource name of the source Cloud Filestore instance, in the format projects/{project_number}/locations/{location_id}/instances/{instance_id}, used to create this backup. + + Allowed value: The Google Cloud resource name of a `FilestoreInstance` resource (format: `projects/{{project}}/locations/{{location}}/instances/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - projectRef + - sourceFileShare + - sourceInstanceRef + type: object + status: + properties: + capacityGb: + description: Output only. Capacity of the source file share when the + backup was created. + format: int64 + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when the backup was created. + format: date-time + type: string + downloadBytes: + description: Output only. Amount of bytes that will be downloaded + if the backup is restored. This may be different than storage bytes, + since sequential backups of the same disk will share storage. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + sourceInstanceTier: + description: 'Output only. The service tier of the source Cloud Filestore + instance that this backup is created from. Possible values: TIER_UNSPECIFIED, + STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD' + type: string + state: + description: 'Output only. The backup state. Possible values: STATE_UNSPECIFIED, + CREATING, READY, REPAIRING, DELETING, ERROR, RESTORING' + type: string + storageBytes: + description: Output only. The size of the storage used by the backup. + As backups share storage, this number is expected to change with + backup creation/deletion. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: filestoreinstances.filestore.cnrm.cloud.google.com +spec: + group: filestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FilestoreInstance + plural: filestoreinstances + shortNames: + - gcpfilestoreinstance + - gcpfilestoreinstances + singular: filestoreinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the instance (2048 characters or less). + type: string + fileShares: + description: File system shares on the instance. For this version, + only a single file share is supported. + items: + properties: + capacityGb: + description: File share capacity in gigabytes (GB). Cloud Filestore + defines 1 GB as 1024^3 bytes. + format: int64 + type: integer + name: + description: The name of the file share (must be 16 characters + or less). + type: string + nfsExportOptions: + description: Nfs Export Options. There is a limit of 10 export + options per file share. + items: + properties: + accessMode: + description: 'Either READ_ONLY, for allowing only read + requests on the exported directory, or READ_WRITE, for + allowing both read and write requests. The default is + READ_WRITE. Possible values: ACCESS_MODE_UNSPECIFIED, + READ_ONLY, READ_WRITE' + type: string + anonGid: + description: An integer representing the anonymous group + id with a default value of 65534. Anon_gid may only + be set with squash_mode of ROOT_SQUASH. An error will + be returned if this field is specified for other squash_mode + settings. + format: int64 + type: integer + anonUid: + description: An integer representing the anonymous user + id with a default value of 65534. Anon_uid may only + be set with squash_mode of ROOT_SQUASH. An error will + be returned if this field is specified for other squash_mode + settings. + format: int64 + type: integer + ipRanges: + description: List of either an IPv4 addresses in the format + `{octet1}.{octet2}.{octet3}.{octet4}` or CIDR ranges + in the format `{octet1}.{octet2}.{octet3}.{octet4}/{mask + size}` which may mount the file share. Overlapping IP + ranges are not allowed, both within and across NfsExportOptions. + An error will be returned. The limit is 64 IP ranges/addresses + for each FileShareConfig among all NfsExportOptions. + items: + type: string + type: array + squashMode: + description: 'Either NO_ROOT_SQUASH, for allowing root + access on the exported directory, or ROOT_SQUASH, for + not allowing root access. The default is NO_ROOT_SQUASH. + Possible values: SQUASH_MODE_UNSPECIFIED, NO_ROOT_SQUASH, + ROOT_SQUASH' + type: string + type: object + type: array + sourceBackupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The resource name of the backup, in the format `projects/{project_number}/locations/{location_id}/backups/{backup_id}`, that this file share has been restored from. + + Allowed value: The Google Cloud resource name of a `FilestoreBackup` resource (format: `projects/{{project}}/locations/{{location}}/backups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + networks: + description: Immutable. VPC networks to which the instance is connected. + For this version, only a single network is supported. + items: + properties: + ipAddresses: + description: Immutable. Output only. IPv4 addresses in the format + `{octet1}.{octet2}.{octet3}.{octet4}` or IPv6 addresses in + the format `{block1}:{block2}:{block3}:{block4}:{block5}:{block6}:{block7}:{block8}`. + items: + type: string + type: array + modes: + description: Immutable. Internet protocol versions for which + the instance has IP addresses assigned. For this version, + only MODE_IPV4 is supported. + items: + type: string + type: array + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of the Google Compute Engine [VPC network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected. + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + reservedIPRange: + description: Immutable. A /29 CIDR block in one of the [internal + IP address ranges](https://www.arin.net/reference/research/statistics/address_filters/) + that identifies the range of IP addresses reserved for this + instance. For example, 10.0.0.0/29 or 192.168.0.0/29. The + range you specify can't overlap with either existing subnets + or assigned IP address ranges for other Cloud Filestore instances + in the selected VPC network. + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tier: + description: 'Immutable. The service tier of the instance. Possible + values: TIER_UNSPECIFIED, STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, + HIGH_SCALE_SSD, ENTERPRISE' + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when the instance was created. + format: date-time + type: string + etag: + description: Server-specified ETag for the instance resource to prevent + simultaneous updates from overwriting each other. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The instance state. Possible values: STATE_UNSPECIFIED, + CREATING, READY, REPAIRING, DELETING, ERROR' + type: string + statusMessage: + description: Output only. Additional information about the instance + state, if available. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: filestoresnapshots.filestore.cnrm.cloud.google.com +spec: + group: filestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FilestoreSnapshot + plural: filestoresnapshots + shortNames: + - gcpfilestoresnapshot + - gcpfilestoresnapshots + singular: filestoresnapshot + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A description of the snapshot with 2048 characters or + less. Requests with longer descriptions will be rejected. + type: string + instance: + description: Immutable. The resource name of the filestore instance. + type: string + location: + description: Immutable. The name of the location of the instance. + This can be a region for ENTERPRISE tier instances. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - instance + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the snapshot was created in RFC3339 text + format. + type: string + filesystemUsedBytes: + description: The amount of bytes needed to allocate a full copy of + the snapshot content. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The snapshot state. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebaseandroidapps.firebase.cnrm.cloud.google.com +spec: + group: firebase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseAndroidApp + plural: firebaseandroidapps + shortNames: + - gcpfirebaseandroidapp + - gcpfirebaseandroidapps + singular: firebaseandroidapp + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + apiKeyId: + description: |- + The globally unique, Google-assigned identifier (UID) for the Firebase API key associated with the AndroidApp. + If apiKeyId is not set during creation, then Firebase automatically associates an apiKeyId with the AndroidApp. + This auto-associated key may be an existing valid key or, if no valid key exists, a new one will be provisioned. + type: string + deletionPolicy: + type: string + displayName: + description: The user-assigned display name of the AndroidApp. + type: string + packageName: + description: |- + Immutable. The canonical package name of the Android app as would appear in the Google Play + Developer Console. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated appId of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + sha1Hashes: + description: The SHA1 certificate hashes for the AndroidApp. + items: + type: string + type: array + sha256Hashes: + description: The SHA256 certificate hashes for the AndroidApp. + items: + type: string + type: array + required: + - displayName + - projectRef + type: object + status: + properties: + appId: + description: |- + The globally unique, Firebase-assigned identifier of the AndroidApp. + This identifier should be treated as an opaque token, as the data format is not specified. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: |- + This checksum is computed by the server based on the value of other fields, and it may be sent + with update requests to ensure the client has an up-to-date value before proceeding. + type: string + name: + description: |- + The fully qualified resource name of the AndroidApp, for example: + projects/projectId/androidApps/appId. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasedatabaseinstances.firebasedatabase.cnrm.cloud.google.com +spec: + group: firebasedatabase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseDatabaseInstance + plural: firebasedatabaseinstances + shortNames: + - gcpfirebasedatabaseinstance + - gcpfirebasedatabaseinstances + singular: firebasedatabaseinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + desiredState: + description: The intended database state. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: |- + Immutable. A reference to the region where the Firebase Realtime database resides. + Check all [available regions](https://firebase.google.com/docs/projects/locations#rtdb-locations). + type: string + resourceID: + description: Immutable. Optional. The instanceId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The database type. + Each project can create one default Firebase Realtime Database, which cannot be deleted once created. + Creating user Databases is only available for projects on the Blaze plan. + Projects can be upgraded using the Cloud Billing API https://cloud.google.com/billing/reference/rest/v1/projects/updateBillingInfo. Default value: "USER_DATABASE" Possible values: ["DEFAULT_DATABASE", "USER_DATABASE"]. + type: string + required: + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + databaseUrl: + description: |- + The database URL in the form of https://{instance-id}.firebaseio.com for us-central1 instances + or https://{instance-id}.{region}.firebasedatabase.app in other regions. + type: string + name: + description: |- + The fully-qualified resource name of the Firebase Realtime Database, in the + format: projects/PROJECT_NUMBER/locations/REGION_IDENTIFIER/instances/INSTANCE_ID + PROJECT_NUMBER: The Firebase project's ['ProjectNumber'](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_number) + Learn more about using project identifiers in Google's [AIP 2510 standard](https://google.aip.dev/cloud/2510). + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The current database state. Set desired_state to :DISABLED + to disable the database and :ACTIVE to reenable the database. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasehostingchannels.firebasehosting.cnrm.cloud.google.com +spec: + group: firebasehosting.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseHostingChannel + plural: firebasehostingchannels + shortNames: + - gcpfirebasehostingchannel + - gcpfirebasehostingchannels + singular: firebasehostingchannel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + expireTime: + description: |- + The time at which the channel will be automatically deleted. If null, the channel + will not be automatically deleted. This field is present in the output whether it's + set directly or via the 'ttl' field. + type: string + resourceID: + description: Immutable. Optional. The channelId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retainedReleaseCount: + description: |- + The number of previous releases to retain on the channel for rollback or other + purposes. Must be a number between 1-100. Defaults to 10 for new channels. + type: integer + siteId: + description: Immutable. Required. The ID of the site in which to create + this channel. + type: string + ttl: + description: |- + Immutable. Input only. A time-to-live for this channel. Sets 'expire_time' to the provided + duration past the time of the request. A duration in seconds with up to nine fractional + digits, terminated by 's'. Example: "86400s" (one day). + type: string + required: + - siteId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The fully-qualified resource name for the channel, in the format: + sites/SITE_ID/channels/CHANNEL_ID. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasehostingsites.firebasehosting.cnrm.cloud.google.com +spec: + group: firebasehosting.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseHostingSite + plural: firebasehostingsites + shortNames: + - gcpfirebasehostingsite + - gcpfirebasehostingsites + singular: firebasehostingsite + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + appId: + description: |- + Optional. The [ID of a Web App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.webApps#WebApp.FIELDS.app_id) + associated with the Hosting site. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The siteId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + defaultUrl: + description: The default URL for the site in the form of https://{name}.web.app. + type: string + name: + description: |- + Output only. The fully-qualified resource name of the Hosting site, in the + format: projects/PROJECT_IDENTIFIER/sites/SITE_ID PROJECT_IDENTIFIER: the + Firebase project's + ['ProjectNumber'](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_number) ***(recommended)*** or its + ['ProjectId'](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_id). + Learn more about using project identifiers in Google's + [AIP 2510 standard](https://google.aip.dev/cloud/2510). + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebaseprojects.firebase.cnrm.cloud.google.com +spec: + group: firebase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseProject + plural: firebaseprojects + shortNames: + - gcpfirebaseproject + - gcpfirebaseprojects + singular: firebaseproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The project of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + displayName: + description: The GCP project display name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + projectNumber: + description: The number of the google project that firebase is enabled + on. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasestoragebuckets.firebasestorage.cnrm.cloud.google.com +spec: + group: firebasestorage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseStorageBucket + plural: firebasestoragebuckets + shortNames: + - gcpfirebasestoragebucket + - gcpfirebasestoragebuckets + singular: firebasestoragebucket + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The bucketId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: Resource name of the bucket in the format projects/PROJECT_IDENTIFIER/buckets/BUCKET_ID. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasewebapps.firebase.cnrm.cloud.google.com +spec: + group: firebase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseWebApp + plural: firebasewebapps + shortNames: + - gcpfirebasewebapp + - gcpfirebasewebapps + singular: firebasewebapp + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + apiKeyId: + description: |- + The globally unique, Google-assigned identifier (UID) for the Firebase API key associated with the WebApp. + If apiKeyId is not set during creation, then Firebase automatically associates an apiKeyId with the WebApp. + This auto-associated key may be an existing valid key or, if no valid key exists, a new one will be provisioned. + type: string + deletionPolicy: + type: string + displayName: + description: The user-assigned display name of the App. + type: string + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + type: object + status: + properties: + appId: + description: |- + The globally unique, Firebase-assigned identifier of the App. + This identifier should be treated as an opaque token, as the data format is not specified. + type: string + appUrls: + description: The URLs where the 'WebApp' is hosted. + items: + type: string + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The fully qualified resource name of the App, for example: + projects/projectId/webApps/appId. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: firestoredatabases.firestore.cnrm.cloud.google.com +spec: + group: firestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirestoreDatabase + listKind: FirestoreDatabaseList + plural: firestoredatabases + singular: firestoredatabase + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: FirestoreDatabase is the Schema for the FirestoreDatabase API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FirestoreDatabaseSpec defines the desired state of FirestoreDatabase + properties: + concurrencyMode: + description: The concurrency control mode to use for this database. + See https://cloud.google.com/firestore/docs/reference/rest/v1/projects.databases#concurrencymode + for more info. + type: string + locationID: + description: The location of the database. Available locations are + listed at https://cloud.google.com/firestore/docs/locations. + type: string + pointInTimeRecoveryEnablement: + description: Whether to enable the PITR feature on this database. + See https://cloud.google.com/firestore/docs/reference/rest/v1/projects.databases#pointintimerecoveryenablement + for more info. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: The FirestoreDatabase name. If not given, the metadata.name + will be used. + type: string + required: + - projectRef + type: object + status: + description: FirestoreDatabaseStatus defines the config connector machine + state of FirestoreDatabase + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the FirestoreDatabase resource + in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + createTime: + description: Output only. The timestamp at which this database + was created. Databases created before 2016 do not populate create_time. + type: string + earliestVersionTime: + description: |- + Output only. The earliest timestamp at which older versions of the data can + be read from the database. See [version_retention_period] above; this field + is populated with `now - version_retention_period`. + + This value is continuously updated, and becomes stale the moment it is + queried. If you are using this value to recover data, make sure to account + for the time from the moment when the value is queried to the moment when + you initiate the recovery. + type: string + etag: + description: This checksum is computed by the server based on + the value of other fields, and may be sent on update and delete + requests to ensure the client has an up-to-date value before + proceeding. + type: string + keyPrefix: + description: |- + Output only. The key_prefix for this database. This key_prefix is used, in + combination with the project id ("~") to construct + the application id that is returned from the Cloud Datastore APIs in Google + App Engine first generation runtimes. + + This value may be empty in which case the appid to use for URL-encoded keys + is the project_id (eg: foo instead of v~foo). + type: string + uid: + description: Output only. The system-generated UUID4 for this + Database. + type: string + updateTime: + description: Output only. The timestamp at which this database + was most recently updated. Note this only includes updates to + the database resource and not data contained by the database. + type: string + versionRetentionPeriod: + description: |- + Output only. The period during which past versions of data are retained in + the database. + + Any [read][google.firestore.v1.GetDocumentRequest.read_time] + or [query][google.firestore.v1.ListDocumentsRequest.read_time] can specify + a `read_time` within this window, and will read the state of the database + at that time. + + If the PITR feature is enabled, the retention period is 7 days. Otherwise, + the retention period is 1 hour. + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firestoreindexes.firestore.cnrm.cloud.google.com +spec: + group: firestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirestoreIndex + plural: firestoreindexes + shortNames: + - gcpfirestoreindex + - gcpfirestoreindexes + singular: firestoreindex + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + collection: + description: Immutable. The collection being indexed. + type: string + database: + description: Immutable. The Firestore database id. Defaults to '"(default)"'. + type: string + fields: + description: |- + Immutable. The fields supported by this index. The last field entry is always for + the field path '__name__'. If, on creation, '__name__' was not + specified as the last field, it will be added automatically with the + same direction as that of the last field defined. If the final field + in a composite index is not directional, the '__name__' will be + ordered '"ASCENDING"' (unless explicitly specified otherwise). + items: + properties: + arrayConfig: + description: |- + Immutable. Indicates that this field supports operations on arrayValues. Only one of 'order' and 'arrayConfig' can + be specified. Possible values: ["CONTAINS"]. + type: string + fieldPath: + description: Immutable. Name of the field. + type: string + order: + description: |- + Immutable. Indicates that this field supports ordering by the specified order or comparing using =, <, <=, >, >=. + Only one of 'order' and 'arrayConfig' can be specified. Possible values: ["ASCENDING", "DESCENDING"]. + type: string + type: object + type: array + queryScope: + description: 'Immutable. The scope at which a query is run. Default + value: "COLLECTION" Possible values: ["COLLECTION", "COLLECTION_GROUP"].' + type: string + required: + - collection + - fields + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + A server defined name for this index. Format: + 'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: folders.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: Folder + plural: folders + shortNames: + - gcpfolder + - gcpfolders + singular: folder + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef + - not: + anyOf: + - required: + - folderRef + - required: + - organizationRef + properties: + displayName: + description: The folder's display name. A folder's display name must + be unique amongst its siblings, e.g. no two folders with the same + parent can share the same display name. The display name must start + and end with a letter or digit, may contain letters, digits, spaces, + hyphens and underscores and can be no longer than 30 characters. + type: string + folderRef: + description: |- + The folder that this resource belongs to. Changing this forces the + resource to be migrated to the newly specified folder. Only one of + folderRef or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `folderId` field of a `Folder` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + organizationRef: + description: |- + The organization that this resource belongs to. Changing this + forces the resource to be migrated to the newly specified + organization. Only one of folderRef or organizationRef may be + specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: 'Timestamp when the Folder was created. Assigned by the + server. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. + Example: "2014-10-02T15:01:23.045123456Z".' + type: string + folderId: + description: The folder id from the name "folders/{folder_id}". + type: string + lifecycleState: + description: The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED. + type: string + name: + description: The resource name of the Folder. Its format is folders/{folder_id}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: gkebackupbackupplans.gkebackup.cnrm.cloud.google.com +spec: + group: gkebackup.cnrm.cloud.google.com + names: + categories: + - gcp + kind: GKEBackupBackupPlan + plural: gkebackupbackupplans + shortNames: + - gcpgkebackupbackupplan + - gcpgkebackupbackupplans + singular: gkebackupbackupplan + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backupConfig: + description: Defines the configuration of Backups created via this + BackupPlan. + properties: + allNamespaces: + description: If True, include all namespaced resources. + type: boolean + encryptionKey: + description: |- + This defines a customer managed encryption key that will be used to encrypt the "config" + portion (the Kubernetes resources) of Backups created via this plan. + properties: + gcpKmsEncryptionKey: + description: 'Google Cloud KMS encryption key. Format: projects/*/locations/*/keyRings/*/cryptoKeys/*.' + type: string + required: + - gcpKmsEncryptionKey + type: object + includeSecrets: + description: |- + This flag specifies whether Kubernetes Secret resources should be included + when they fall into the scope of Backups. + type: boolean + includeVolumeData: + description: |- + This flag specifies whether volume data should be backed up when PVCs are + included in the scope of a Backup. + type: boolean + selectedApplications: + description: A list of namespaced Kubernetes Resources. + properties: + namespacedNames: + description: A list of namespaced Kubernetes resources. + items: + properties: + name: + description: The name of a Kubernetes Resource. + type: string + namespace: + description: The namespace of a Kubernetes Resource. + type: string + required: + - name + - namespace + type: object + type: array + required: + - namespacedNames + type: object + selectedNamespaces: + description: If set, include just the resources in the listed + namespaces. + properties: + namespaces: + description: A list of Kubernetes Namespaces. + items: + type: string + type: array + required: + - namespaces + type: object + type: object + backupSchedule: + description: Defines a schedule for automatic Backup creation via + this BackupPlan. + properties: + cronSchedule: + description: |- + A standard cron string that defines a repeating schedule for + creating Backups via this BackupPlan. + If this is defined, then backupRetainDays must also be defined. + type: string + paused: + description: This flag denotes whether automatic Backup creation + is paused for this BackupPlan. + type: boolean + type: object + cluster: + description: Immutable. The source cluster from which Backups will + be created via this BackupPlan. + type: string + deactivated: + description: |- + This flag indicates whether this BackupPlan has been deactivated. + Setting this field to True locks the BackupPlan such that no further updates will be allowed + (except deletes), including the deactivated field itself. It also prevents any new Backups + from being created via this BackupPlan (including scheduled Backups). + type: boolean + description: + description: User specified descriptive string for this BackupPlan. + type: string + location: + description: Immutable. The region of the Backup Plan. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retentionPolicy: + description: RetentionPolicy governs lifecycle of Backups created + under this plan. + properties: + backupDeleteLockDays: + description: |- + Minimum age for a Backup created via this BackupPlan (in days). + Must be an integer value between 0-90 (inclusive). + A Backup created under this BackupPlan will not be deletable + until it reaches Backup's (create time + backup_delete_lock_days). + Updating this field of a BackupPlan does not affect existing Backups. + Backups created after a successful update will inherit this new value. + type: integer + backupRetainDays: + description: |- + The default maximum age of a Backup created via this BackupPlan. + This field MUST be an integer value >= 0 and <= 365. If specified, + a Backup created under this BackupPlan will be automatically deleted + after its age reaches (createTime + backupRetainDays). + If not specified, Backups created under this BackupPlan will NOT be + subject to automatic deletion. Updating this field does NOT affect + existing Backups under it. Backups created AFTER a successful update + will automatically pick up the new value. + NOTE: backupRetainDays must be >= backupDeleteLockDays. + If cronSchedule is defined, then this must be <= 360 * the creation interval.]. + type: integer + locked: + description: |- + This flag denotes whether the retention policy of this BackupPlan is locked. + If set to True, no further update is allowed on this policy, including + the locked field itself. + type: boolean + type: object + required: + - cluster + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: |- + etag is used for optimistic concurrency control as a way to help prevent simultaneous + updates of a backup plan from overwriting each other. It is strongly suggested that + systems make use of the 'etag' in the read-modify-write cycle to perform BackupPlan updates + in order to avoid race conditions: An etag is returned in the response to backupPlans.get, + and systems are expected to put that etag in the request to backupPlans.patch or + backupPlans.delete to ensure that their change will be applied to the same version of the resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + protectedPodCount: + description: The number of Kubernetes Pods backed up in the last successful + Backup created via this BackupPlan. + type: integer + state: + description: The State of the BackupPlan. + type: string + stateReason: + description: Detailed description of why BackupPlan is in its current + state. + type: string + uid: + description: Server generated, unique identifier of UUID format. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: gkehubfeaturememberships.gkehub.cnrm.cloud.google.com +spec: + group: gkehub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: GKEHubFeatureMembership + listKind: GKEHubFeatureMembershipList + plural: gkehubfeaturememberships + shortNames: + - gcpgkehubfeaturemembership + - gcpgkehubfeaturememberships + singular: gkehubfeaturemembership + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: GKEHubFeatureMembership is the Schema for the gkehub API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + configmanagement: + description: Config Management-specific spec. + properties: + binauthz: + description: '**DEPRECATED** Binauthz configuration for the cluster. + This field will be ignored and should not be set.' + properties: + enabled: + description: Whether binauthz is enabled in this cluster. + type: boolean + type: object + configSync: + description: Config Sync configuration for the cluster. + properties: + git: + properties: + gcpServiceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `email` field of an `IAMServiceAccount` + resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + httpsProxy: + description: URL for the HTTPS proxy to be used when communicating + with the Git repo. + type: string + policyDir: + description: 'The path within the Git repository that + represents the top level of the repo to sync. Default: + the root directory of the repository.' + type: string + secretType: + description: Type of secret configured for access to the + Git repo. Must be one of ssh, cookiefile, gcenode, token, + gcpserviceaccount or none. The validation of this is + case-sensitive. + type: string + syncBranch: + description: 'The branch of the repository to sync from. + Default: master.' + type: string + syncRepo: + description: The URL of the Git repository to use as the + source of truth. + type: string + syncRev: + description: Git revision (tag or hash) to check out. + Default HEAD. + type: string + syncWaitSecs: + description: 'Period in seconds between consecutive syncs. + Default: 15.' + type: string + type: object + metricsGcpServiceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'The Email of the Google Cloud Service Account + (GSA) used for exporting Config Sync metrics to Cloud + Monitoring. The GSA should have the Monitoring Metric + Writer(roles/monitoring.metricWriter) IAM role. The + Kubernetes ServiceAccount `default` in the namespace + `config-management-monitoring` should be bound to the + GSA. Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + oci: + properties: + gcpServiceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `email` field of an `IAMServiceAccount` + resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + policyDir: + description: 'The absolute path of the directory that + contains the local resources. Default: the root directory + of the image.' + type: string + secretType: + description: Type of secret configured for access to the + OCI Image. Must be one of gcenode, gcpserviceaccount + or none. The validation of this is case-sensitive. + type: string + syncRepo: + description: The OCI image repository URL for the package + to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME. + type: string + syncWaitSecs: + description: 'Period in seconds(int64 format) between + consecutive syncs. Default: 15.' + type: string + type: object + preventDrift: + description: Set to true to enable the Config Sync admission + webhook to prevent drifts. If set to `false`, disables the + Config Sync admission webhook and does not prevent drifts. + type: boolean + sourceFormat: + description: Specifies whether the Config Sync Repo is in + "hierarchical" or "unstructured" mode. + type: string + type: object + hierarchyController: + description: Hierarchy Controller is no longer available. Use + https://github.com/kubernetes-sigs/hierarchical-namespaces instead. + properties: + enableHierarchicalResourceQuota: + description: Whether hierarchical resource quota is enabled + in this cluster. + type: boolean + enablePodTreeLabels: + description: Whether pod tree labels are enabled in this cluster. + type: boolean + enabled: + description: Whether Hierarchy Controller is enabled in this + cluster. + type: boolean + type: object + policyController: + description: '**DEPRECATED** Configuring Policy Controller through + the configmanagement feature is no longer recommended. Use the + policycontroller feature instead.' + properties: + auditIntervalSeconds: + description: Sets the interval for Policy Controller Audit + Scans (in seconds). When set to 0, this disables audit functionality + altogether. + type: string + enabled: + description: Enables the installation of Policy Controller. + If false, the rest of PolicyController fields take no effect. + type: boolean + exemptableNamespaces: + description: The set of namespaces that are excluded from + Policy Controller checks. Namespaces do not need to currently + exist on the cluster. + items: + type: string + type: array + logDeniesEnabled: + description: Logs all denies and dry run failures. + type: boolean + monitoring: + description: 'Specifies the backends Policy Controller should + export metrics to. For example, to specify metrics should + be exported to Cloud Monitoring and Prometheus, specify + backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", + "prometheus"]' + properties: + backends: + description: Specifies the list of backends Policy Controller + will export to. Specifying an empty value `[]` disables + metrics export. + items: + type: string + type: array + type: object + mutationEnabled: + description: Enable or disable mutation in policy controller. + If true, mutation CRDs, webhook and controller deployment + will be deployed to the cluster. + type: boolean + referentialRulesEnabled: + description: Enables the ability to use Constraint Templates + that reference to objects other than the object currently + being evaluated. + type: boolean + templateLibraryInstalled: + description: Installs the default template library along with + Policy Controller. + type: boolean + type: object + version: + description: Optional. Version of ACM to install. Defaults to + the latest version. + type: string + type: object + featureRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'The name of the feature. Allowed value: The Google + Cloud resource name of a `GKEHubFeature` resource (format: `projects/{{project}}/locations/{{location}}/features/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Immutable. The location of the feature + type: string + membershipLocation: + description: Immutable. The location of the membership + type: string + membershipRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'The name of the membership. Allowed value: The Google + Cloud resource name of a `GKEHubMembership` resource (format: + `projects/{{project}}/locations/{{location}}/memberships/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + mesh: + description: Manage Mesh Features + properties: + controlPlane: + description: '**DEPRECATED** Whether to automatically manage Service + Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, + AUTOMATIC, MANUAL' + type: string + management: + description: 'Whether to automatically manage Service Mesh. Possible + values: MANAGEMENT_UNSPECIFIED, MANAGEMENT_AUTOMATIC, MANAGEMENT_MANUAL' + type: string + type: object + policycontroller: + description: Policy Controller-specific spec. + properties: + policyControllerHubConfig: + description: Policy Controller configuration for the cluster. + properties: + auditIntervalSeconds: + description: Sets the interval for Policy Controller Audit + Scans (in seconds). When set to 0, this disables audit functionality + altogether. + format: int64 + type: integer + constraintViolationLimit: + description: The maximum number of audit violations to be + stored in a constraint. If not set, the internal default + of 20 will be used. + format: int64 + type: integer + exemptableNamespaces: + description: The set of namespaces that are excluded from + Policy Controller checks. Namespaces do not need to currently + exist on the cluster. + items: + type: string + type: array + installSpec: + description: 'Configures the mode of the Policy Controller + installation. Possible values: INSTALL_SPEC_UNSPECIFIED, + INSTALL_SPEC_NOT_INSTALLED, INSTALL_SPEC_ENABLED, INSTALL_SPEC_SUSPENDED, + INSTALL_SPEC_DETACHED' + type: string + logDeniesEnabled: + description: Logs all denies and dry run failures. + type: boolean + monitoring: + description: 'Specifies the backends Policy Controller should + export metrics to. For example, to specify metrics should + be exported to Cloud Monitoring and Prometheus, specify + backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", + "prometheus"]' + properties: + backends: + description: Specifies the list of backends Policy Controller + will export to. Specifying an empty value `[]` disables + metrics export. + items: + type: string + type: array + type: object + mutationEnabled: + description: Enables the ability to mutate resources using + Policy Controller. + type: boolean + policyContent: + description: Specifies the desired policy content on the cluster. + properties: + templateLibrary: + description: Configures the installation of the Template + Library. + properties: + installation: + description: 'Configures the manner in which the template + library is installed on the cluster. Possible values: + INSTALLATION_UNSPECIFIED, NOT_INSTALLED, ALL' + type: string + type: object + type: object + referentialRulesEnabled: + description: Enables the ability to use Constraint Templates + that reference to objects other than the object currently + being evaluated. + type: boolean + type: object + version: + description: Optional. Version of Policy Controller to install. + Defaults to the latest version. + type: string + required: + - policyControllerHubConfig + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'The project of the feature. Allowed value: The Google + Cloud resource name of a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - featureRef + - location + - membershipRef + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observations + of the GKEHubFeatureMembership's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: gkehubfeatures.gkehub.cnrm.cloud.google.com +spec: + group: gkehub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: GKEHubFeature + plural: gkehubfeatures + shortNames: + - gcpgkehubfeature + - gcpgkehubfeatures + singular: gkehubfeature + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + spec: + description: Optional. Hub-wide Feature configuration. If this Feature + does not support any Hub-wide configuration, this field may be unused. + properties: + fleetobservability: + description: Fleet Observability spec. + properties: + loggingConfig: + description: Fleet Observability Logging-specific spec. + properties: + defaultConfig: + description: Specified if applying the default routing + config to logs not specified in other configs. + properties: + mode: + description: 'The logs routing mode Possible values: + MODE_UNSPECIFIED, COPY, MOVE' + type: string + type: object + fleetScopeLogsConfig: + description: Specified if applying the routing config + to all logs for all fleet scopes. + properties: + mode: + description: 'The logs routing mode Possible values: + MODE_UNSPECIFIED, COPY, MOVE' + type: string + type: object + type: object + type: object + multiclusteringress: + description: Multicluster Ingress-specific spec. + properties: + configMembershipRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Fully-qualified Membership name which hosts the MultiClusterIngress CRD. Example: `projects/foo-proj/locations/global/memberships/bar` + + Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - configMembershipRef + type: object + type: object + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. When the Feature resource was created. + format: date-time + type: string + deleteTime: + description: Output only. When the Feature resource was deleted. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + resourceState: + description: State of the Feature resource itself. + properties: + hasResources: + description: Whether this Feature has outstanding resources that + need to be cleaned up before it can be disabled. + type: boolean + state: + description: 'The current state of the Feature resource in the + Hub API. Possible values: STATE_UNSPECIFIED, ENABLING, ACTIVE, + DISABLING, UPDATING, SERVICE_UPDATING' + type: string + type: object + state: + description: Output only. The Hub-wide Feature state + properties: + state: + description: Output only. The "running state" of the Feature in + this Hub. + properties: + code: + description: 'The high-level, machine-readable status of this + Feature. Possible values: CODE_UNSPECIFIED, OK, WARNING, + ERROR' + type: string + description: + description: A human-readable description of the current status. + type: string + updateTime: + description: 'The time this status and any related Feature-specific + details were updated. A timestamp in RFC3339 UTC "Zulu" + format, with nanosecond resolution and up to nine fractional + digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"' + type: string + type: object + type: object + updateTime: + description: Output only. When the Feature resource was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: gkehubmemberships.gkehub.cnrm.cloud.google.com +spec: + group: gkehub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: GKEHubMembership + plural: gkehubmemberships + shortNames: + - gcpgkehubmembership + - gcpgkehubmemberships + singular: gkehubmembership + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + authority: + description: 'Optional. How to identify workloads from this Membership. + See the documentation on Workload Identity for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity' + properties: + issuer: + description: Optional. A JSON Web Token (JWT) issuer URI. `issuer` + must start with `https://` and be a valid URL with length <2000 + characters. If set, then Google will allow valid OIDC tokens + from this issuer to authenticate within the workload_identity_pool. + OIDC discovery will be performed on this URI to validate tokens + from the issuer. Clearing `issuer` disables Workload Identity. + `issuer` cannot be directly modified; it must be cleared (and + Workload Identity disabled) before using a new issuer (and re-enabling + Workload Identity). + type: string + type: object + description: + description: 'Description of this membership, limited to 63 characters. + Must match the regex: `*` This field is present for legacy purposes.' + type: string + endpoint: + description: Optional. Endpoint information to reach this member. + properties: + gkeCluster: + description: Optional. GKE-specific information. Only present + if this Membership is a GKE cluster. + properties: + resourceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. Self-link of the GCP resource for the GKE cluster. For example: //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster Zonal clusters are also supported. + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + kubernetesResource: + description: 'Optional. The in-cluster Kubernetes Resources that + should be applied for a correctly registered cluster, in the + steady state. These resources: * Ensure that the cluster is + exclusively registered to one and only one Hub Membership. * + Propagate Workload Pool Information available in the Membership + Authority field. * Ensure proper initial configuration of default + Hub Features.' + properties: + membershipCrManifest: + description: Input only. The YAML representation of the Membership + CR. This field is ignored for GKE clusters where Hub can + read the CR directly. Callers should provide the CR that + is currently present in the cluster during CreateMembership + or UpdateMembership, or leave this field empty if none exists. + The CR manifest is used to validate the cluster has not + been registered with another Membership. + type: string + resourceOptions: + description: Optional. Options for Kubernetes resource generation. + properties: + connectVersion: + description: Optional. The Connect agent version to use + for connect_resources. Defaults to the latest GKE Connect + version. The version must be a currently supported version, + obsolete versions will be rejected. + type: string + v1beta1Crd: + description: Optional. Use `apiextensions/v1beta1` instead + of `apiextensions/v1` for CustomResourceDefinition resources. + This option should be set for clusters with Kubernetes + apiserver versions <1.16. + type: boolean + type: object + type: object + type: object + externalId: + description: 'Optional. An externally-generated and managed ID for + this Membership. This ID may be modified after creation, but this + is not recommended. The ID must match the regex: `*` If this Membership + represents a Kubernetes cluster, this value should be set to the + UID of the `kube-system` namespace object.' + type: string + infrastructureType: + description: 'Optional. The infrastructure type this Membership is + running on. Possible values: INFRASTRUCTURE_TYPE_UNSPECIFIED, ON_PREM, + MULTI_CLOUD' + type: string + location: + description: Immutable. The location for the resource + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + type: object + status: + properties: + authority: + properties: + identityProvider: + description: Output only. An identity provider that reflects the + `issuer` in the workload identity pool. + type: string + workloadIdentityPool: + description: 'Output only. The name of the workload identity pool + in which `issuer` will be recognized. There is a single Workload + Identity Pool per Hub that is shared between all Memberships + that belong to that Hub. For a Hub hosted in: {PROJECT_ID}, + the workload pool format is `{PROJECT_ID}.hub.id.goog`, although + this is subject to change in newer versions of this API.' + type: string + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. When the Membership was created. + format: date-time + type: string + deleteTime: + description: Output only. When the Membership was deleted. + format: date-time + type: string + endpoint: + properties: + kubernetesMetadata: + description: Output only. Useful Kubernetes-specific metadata. + properties: + kubernetesApiServerVersion: + description: Output only. Kubernetes API server version string + as reported by `/version`. + type: string + memoryMb: + description: Output only. The total memory capacity as reported + by the sum of all Kubernetes nodes resources, defined in + MB. + format: int64 + type: integer + nodeCount: + description: Output only. Node count as reported by Kubernetes + nodes resources. + format: int64 + type: integer + nodeProviderId: + description: Output only. Node providerID as reported by the + first node in the list of nodes on the Kubernetes endpoint. + On Kubernetes platforms that support zero-node clusters + (like GKE-on-GCP), the node_count will be zero and the node_provider_id + will be empty. + type: string + updateTime: + description: Output only. The time at which these details + were last updated. This update_time is different from the + Membership-level update_time since EndpointDetails are updated + internally for API consumers. + format: date-time + type: string + vcpuCount: + description: Output only. vCPU count as reported by Kubernetes + nodes resources. + format: int64 + type: integer + type: object + kubernetesResource: + properties: + connectResources: + description: Output only. The Kubernetes resources for installing + the GKE Connect agent This field is only populated in the + Membership returned from a successful long-running operation + from CreateMembership or UpdateMembership. It is not populated + during normal GetMembership or ListMemberships requests. + To get the resource manifest after the initial registration, + the caller should make a UpdateMembership call with an empty + field mask. + items: + properties: + clusterScoped: + description: Whether the resource provided in the manifest + is `cluster_scoped`. If unset, the manifest is assumed + to be namespace scoped. This field is used for REST + mapping when applying the resource in a cluster. + type: boolean + manifest: + description: YAML manifest of the resource. + type: string + type: object + type: array + membershipResources: + description: Output only. Additional Kubernetes resources + that need to be applied to the cluster after Membership + creation, and after every update. This field is only populated + in the Membership returned from a successful long-running + operation from CreateMembership or UpdateMembership. It + is not populated during normal GetMembership or ListMemberships + requests. To get the resource manifest after the initial + registration, the caller should make a UpdateMembership + call with an empty field mask. + items: + properties: + clusterScoped: + description: Whether the resource provided in the manifest + is `cluster_scoped`. If unset, the manifest is assumed + to be namespace scoped. This field is used for REST + mapping when applying the resource in a cluster. + type: boolean + manifest: + description: YAML manifest of the resource. + type: string + type: object + type: array + type: object + type: object + lastConnectionTime: + description: Output only. For clusters using Connect, the timestamp + of the most recent connection established with Google Cloud. This + time is updated every several minutes, not continuously. For clusters + that do not use GKE Connect, or that have never connected successfully, + this field will be unset. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: Output only. State of the Membership resource. + properties: + code: + description: 'Output only. The current state of the Membership + resource. Possible values: CODE_UNSPECIFIED, CREATING, READY, + DELETING, UPDATING, SERVICE_UPDATING' + type: string + type: object + uniqueId: + description: Output only. Google-generated UUID for this resource. + This is unique across all Membership resources. If a Membership + resource is deleted and another resource with the same name is created, + it gets a different unique_id. + type: string + updateTime: + description: Output only. When the Membership was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: healthcareconsentstores.healthcare.cnrm.cloud.google.com +spec: + group: healthcare.cnrm.cloud.google.com + names: + categories: + - gcp + kind: HealthcareConsentStore + plural: healthcareconsentstores + shortNames: + - gcphealthcareconsentstore + - gcphealthcareconsentstores + singular: healthcareconsentstore + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. + type: string + defaultConsentTtl: + description: |- + Default time to live for consents in this store. Must be at least 24 hours. Updating this field will not affect the expiration time of existing consents. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + enableConsentCreateOnUpdate: + description: If true, [consents.patch] [google.cloud.healthcare.v1.consent.UpdateConsent] + creates the consent if it does not already exist. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - dataset + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: healthcaredatasets.healthcare.cnrm.cloud.google.com +spec: + group: healthcare.cnrm.cloud.google.com + names: + categories: + - gcp + kind: HealthcareDataset + plural: healthcaredatasets + shortNames: + - gcphealthcaredataset + - gcphealthcaredatasets + singular: healthcaredataset + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: + description: Immutable. The location for the Dataset. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + timeZone: + description: |- + The default timezone used by this dataset. Must be a either a valid IANA time zone name such as + "America/New_York" or empty, which defaults to UTC. This is used for parsing times in resources + (e.g., HL7 messages) where no explicit timezone is specified. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The fully qualified name of this dataset. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: healthcaredicomstores.healthcare.cnrm.cloud.google.com +spec: + group: healthcare.cnrm.cloud.google.com + names: + categories: + - gcp + kind: HealthcareDICOMStore + plural: healthcaredicomstores + shortNames: + - gcphealthcaredicomstore + - gcphealthcaredicomstores + singular: healthcaredicomstore + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. + type: string + notificationConfig: + description: A nested object resource. + properties: + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + type: string + required: + - pubsubTopic + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + streamConfigs: + description: |- + To enable streaming to BigQuery, configure the streamConfigs object in your DICOM store. + streamConfigs is an array, so you can specify multiple BigQuery destinations. You can stream metadata from a single DICOM store to up to five BigQuery tables in a BigQuery dataset. + items: + properties: + bigqueryDestination: + description: BigQueryDestination to include a fully qualified + BigQuery table URI where DICOM instance metadata will be streamed. + properties: + tableUri: + description: a fully qualified BigQuery table URI where + DICOM instance metadata will be streamed. + type: string + required: + - tableUri + type: object + required: + - bigqueryDestination + type: object + type: array + required: + - dataset + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The fully qualified name of this dataset. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: healthcarefhirstores.healthcare.cnrm.cloud.google.com +spec: + group: healthcare.cnrm.cloud.google.com + names: + categories: + - gcp + kind: HealthcareFHIRStore + plural: healthcarefhirstores + shortNames: + - gcphealthcarefhirstore + - gcphealthcarefhirstores + singular: healthcarefhirstore + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + complexDataTypeReferenceParsing: + description: 'Enable parsing of references within complex FHIR data + types such as Extensions. If this value is set to ENABLED, then + features like referential integrity and Bundle reference rewriting + apply to all references. If this flag has not been specified the + behavior of the FHIR store will not change, references in complex + data types will not be parsed. New stores will have this value set + to ENABLED by default after a notification period. Warning: turning + on this flag causes processing existing resources to fail if they + contain references to non-existent resources. Possible values: ["COMPLEX_DATA_TYPE_REFERENCE_PARSING_UNSPECIFIED", + "DISABLED", "ENABLED"].' + type: string + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. + type: string + defaultSearchHandlingStrict: + description: |- + If true, overrides the default search behavior for this FHIR store to handling=strict which returns an error for unrecognized search parameters. + If false, uses the FHIR specification default handling=lenient which ignores unrecognized search parameters. + The handling can always be changed from the default on an individual API call by setting the HTTP header Prefer: handling=strict or Prefer: handling=lenient. + type: boolean + disableReferentialIntegrity: + description: |- + Immutable. Whether to disable referential integrity in this FHIR store. This field is immutable after FHIR store + creation. The default value is false, meaning that the API will enforce referential integrity and fail the + requests that will result in inconsistent state in the FHIR store. When this field is set to true, the API + will skip referential integrity check. Consequently, operations that rely on references, such as + Patient.get$everything, will not return all the results if broken references exist. + + ** Changing this property may recreate the FHIR store (removing all data) **. + type: boolean + disableResourceVersioning: + description: |- + Immutable. Whether to disable resource versioning for this FHIR store. This field can not be changed after the creation + of FHIR store. If set to false, which is the default behavior, all write operations will cause historical + versions to be recorded automatically. The historical versions can be fetched through the history APIs, but + cannot be updated. If set to true, no historical versions will be kept. The server will send back errors for + attempts to read the historical versions. + + ** Changing this property may recreate the FHIR store (removing all data) **. + type: boolean + enableHistoryImport: + description: |- + Immutable. Whether to allow the bulk import API to accept history bundles and directly insert historical resource + versions into the FHIR store. Importing resource histories creates resource interactions that appear to have + occurred in the past, which clients may not want to allow. If set to false, history bundles within an import + will fail with an error. + + ** Changing this property may recreate the FHIR store (removing all data) ** + + ** This property can be changed manually in the Google Cloud Healthcare admin console without recreating the FHIR store **. + type: boolean + enableUpdateCreate: + description: |- + Whether this FHIR store has the updateCreate capability. This determines if the client can use an Update + operation to create a new resource with a client-specified ID. If false, all IDs are server-assigned through + the Create operation and attempts to Update a non-existent resource will return errors. Please treat the audit + logs with appropriate levels of care if client-specified resource IDs contain sensitive data such as patient + identifiers, those IDs will be part of the FHIR resource path recorded in Cloud audit logs and Cloud Pub/Sub + notifications. + type: boolean + notificationConfig: + description: A nested object resource. + properties: + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + type: string + required: + - pubsubTopic + type: object + notificationConfigs: + description: A list of notifcation configs that configure the notification + for every resource mutation in this FHIR store. + items: + properties: + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + type: string + sendFullResource: + description: |- + Whether to send full FHIR resource to this Pub/Sub topic for Create and Update operation. + Note that setting this to true does not guarantee that all resources will be sent in the format of + full FHIR resource. When a resource change is too large or during heavy traffic, only the resource name will be + sent. Clients should always check the "payloadType" label from a Pub/Sub message to determine whether + it needs to fetch the full resource as a separate operation. + type: boolean + sendPreviousResourceOnDelete: + description: |- + Whether to send full FHIR resource to this Pub/Sub topic for deleting FHIR resource. Note that setting this to + true does not guarantee that all previous resources will be sent in the format of full FHIR resource. When a + resource change is too large or during heavy traffic, only the resource name will be sent. Clients should always + check the "payloadType" label from a Pub/Sub message to determine whether it needs to fetch the full previous + resource as a separate operation. + type: boolean + required: + - pubsubTopic + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + streamConfigs: + description: |- + A list of streaming configs that configure the destinations of streaming export for every resource mutation in + this FHIR store. Each store is allowed to have up to 10 streaming configs. After a new config is added, the next + resource mutation is streamed to the new location in addition to the existing ones. When a location is removed + from the list, the server stops streaming to that location. Before adding a new config, you must add the required + bigquery.dataEditor role to your project's Cloud Healthcare Service Agent service account. Some lag (typically on + the order of dozens of seconds) is expected before the results show up in the streaming destination. + items: + properties: + bigqueryDestination: + description: |- + The destination BigQuery structure that contains both the dataset location and corresponding schema config. + The output is organized in one table per resource type. The server reuses the existing tables (if any) that + are named after the resource types, e.g. "Patient", "Observation". When there is no existing table for a given + resource type, the server attempts to create one. + See the [streaming config reference](https://cloud.google.com/healthcare/docs/reference/rest/v1beta1/projects.locations.datasets.fhirStores#streamconfig) for more details. + properties: + datasetUri: + description: BigQuery URI to a dataset, up to 2000 characters + long, in the format bq://projectId.bqDatasetId. + type: string + schemaConfig: + description: The configuration for the exported BigQuery + schema. + properties: + lastUpdatedPartitionConfig: + description: The configuration for exported BigQuery + tables to be partitioned by FHIR resource's last updated + time column. + properties: + expirationMs: + description: Number of milliseconds for which to + keep the storage for a partition. + type: string + type: + description: 'Type of partitioning. Possible values: + ["PARTITION_TYPE_UNSPECIFIED", "HOUR", "DAY", + "MONTH", "YEAR"].' + type: string + required: + - type + type: object + recursiveStructureDepth: + description: |- + The depth for all recursive structures in the output analytics schema. For example, concept in the CodeSystem + resource is a recursive structure; when the depth is 2, the CodeSystem table will have a column called + concept.concept but not concept.concept.concept. If not specified or set to 0, the server will use the default + value 2. The maximum depth allowed is 5. + type: integer + schemaType: + description: |- + Specifies the output schema type. + * ANALYTICS: Analytics schema defined by the FHIR community. + See https://github.com/FHIR/sql-on-fhir/blob/master/sql-on-fhir.md. + * ANALYTICS_V2: Analytics V2, similar to schema defined by the FHIR community, with added support for extensions with one or more occurrences and contained resources in stringified JSON. + * LOSSLESS: A data-driven schema generated from the fields present in the FHIR data being exported, with no additional simplification. Default value: "ANALYTICS" Possible values: ["ANALYTICS", "ANALYTICS_V2", "LOSSLESS"]. + type: string + required: + - recursiveStructureDepth + type: object + required: + - datasetUri + - schemaConfig + type: object + resourceTypes: + description: |- + Supply a FHIR resource type (such as "Patient" or "Observation"). See + https://www.hl7.org/fhir/valueset-resource-types.html for a list of all FHIR resource types. The server treats + an empty list as an intent to stream all the supported resource types in this FHIR store. + items: + type: string + type: array + required: + - bigqueryDestination + type: object + type: array + version: + description: 'Immutable. The FHIR specification version. Default value: + "STU3" Possible values: ["DSTU2", "STU3", "R4"].' + type: string + required: + - dataset + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The fully qualified name of this dataset. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: healthcarehl7v2stores.healthcare.cnrm.cloud.google.com +spec: + group: healthcare.cnrm.cloud.google.com + names: + categories: + - gcp + kind: HealthcareHL7V2Store + plural: healthcarehl7v2stores + shortNames: + - gcphealthcarehl7v2store + - gcphealthcarehl7v2stores + singular: healthcarehl7v2store + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. + type: string + notificationConfig: + description: DEPRECATED. `notification_config` is deprecated. Use + `notification_configs` instead. A nested object resource. + properties: + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + type: string + required: + - pubsubTopic + type: object + notificationConfigs: + description: |- + A list of notification configs. Each configuration uses a filter to determine whether to publish a + message (both Ingest & Create) on the corresponding notification destination. Only the message name + is sent as part of the notification. Supplied by the client. + items: + properties: + filter: + description: |- + Restricts notifications sent for messages matching a filter. If this is empty, all messages + are matched. Syntax: https://cloud.google.com/appengine/docs/standard/python/search/query_strings + + Fields/functions available for filtering are: + + * messageType, from the MSH-9.1 field. For example, NOT messageType = "ADT". + * send_date or sendDate, the YYYY-MM-DD date the message was sent in the dataset's timeZone, from the MSH-7 segment. For example, send_date < "2017-01-02". + * sendTime, the timestamp when the message was sent, using the RFC3339 time format for comparisons, from the MSH-7 segment. For example, sendTime < "2017-01-02T00:00:00-05:00". + * sendFacility, the care center that the message came from, from the MSH-4 segment. For example, sendFacility = "ABC". + * PatientId(value, type), which matches if the message lists a patient having an ID of the given value and type in the PID-2, PID-3, or PID-4 segments. For example, PatientId("123456", "MRN"). + * labels.x, a string value of the label with key x as set using the Message.labels map. For example, labels."priority"="high". The operator :* can be used to assert the existence of a label. For example, labels."priority":*. + type: string + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + + If a notification cannot be published to Cloud Pub/Sub, errors will be logged to Stackdriver. + type: string + required: + - pubsubTopic + type: object + type: array + parserConfig: + description: A nested object resource. + properties: + allowNullHeader: + description: Determines whether messages with no header are allowed. + type: boolean + schema: + description: |- + JSON encoded string for schemas used to parse messages in this + store if schematized parsing is desired. + type: string + segmentTerminator: + description: |- + Byte(s) to be used as the segment terminator. If this is unset, '\r' will be used as segment terminator. + + A base64-encoded string. + type: string + version: + description: 'Immutable. The version of the unschematized parser + to be used when a custom ''schema'' is not set. Default value: + "V1" Possible values: ["V1", "V2", "V3"].' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - dataset + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The fully qualified name of this dataset. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: iamaccessboundarypolicies.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMAccessBoundaryPolicy + plural: iamaccessboundarypolicies + shortNames: + - gcpiamaccessboundarypolicy + - gcpiamaccessboundarypolicies + singular: iamaccessboundarypolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The display name of the rule. + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `cloudresourcemanager.googleapis.com%2Fprojects%2F{{value}}`, + where {{value}} is the `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Rules to be applied. + items: + properties: + accessBoundaryRule: + description: An access boundary rule in an IAM policy. + properties: + availabilityCondition: + description: The availability condition further constrains + the access allowed by the access boundary rule. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression + in Common Expression Language syntax. + type: string + location: + description: |- + String indicating the location of the expression for error reporting, + e.g. a file name and a position in the file. + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression + type: object + availablePermissions: + description: A list of permissions that may be allowed for + use on the specified resource. + items: + type: string + type: array + availableResource: + description: The full resource name of a Google Cloud resource + entity. + type: string + type: object + description: + description: The description of the rule. + type: string + type: object + type: array + required: + - projectRef + - rules + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: The hash of the resource. Used internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: iamauditconfigs.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMAuditConfig + plural: iamauditconfigs + shortNames: + - gcpiamauditconfig + - gcpiamauditconfigs + singular: iamauditconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True' the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: IAMAuditConfig is the schema for the IAM audit logging API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IAMAuditConfigSpec defines the desired state of IAMAuditConfig. + properties: + auditLogConfigs: + description: Required. The configuration for logging of each type + of permission. + items: + properties: + exemptedMembers: + description: Identities that do not cause logging for this type + of permission. The format is the same as that for 'members' + in IAMPolicy/IAMPolicyMember. + items: + type: string + type: array + logType: + description: Permission type for which logging is to be configured. + Must be one of 'DATA_READ', 'DATA_WRITE', or 'ADMIN_READ'. + pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ + type: string + required: + - logType + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAMAuditConfig + on (e.g. project). + properties: + apiVersion: + type: string + external: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + type: object + service: + description: 'Immutable. Required. The service for which to enable + Data Access audit logs. The special value ''allServices'' covers + all services. Note that if there are audit configs covering both + ''allServices'' and a specific service, then the union of the two + audit configs is used for that service: the ''logTypes'' specified + in each ''auditLogConfig'' are enabled, and the ''exemptedMembers'' + in each ''auditLogConfig'' are exempted.' + type: string + required: + - auditLogConfigs + - resourceRef + - service + type: object + status: + description: IAMAuditConfigStatus defines the observed state of IAMAuditConfig. + properties: + conditions: + description: Conditions represent the latest available observations + of the IAMAuditConfig's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: iamcustomroles.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMCustomRole + plural: iamcustomroles + shortNames: + - gcpiamcustomrole + - gcpiamcustomroles + singular: iamcustomrole + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description for the role. + type: string + permissions: + description: The names of the permissions this role grants when bound + in an IAM policy. At least one permission must be specified. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The roleId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + stage: + description: The current launch stage of the role. Defaults to GA. + type: string + title: + description: A human-readable title for the role. + type: string + required: + - permissions + - title + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + deleted: + description: The current deleted state of the role. + type: boolean + name: + description: The full name of the role. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: iampartialpolicies.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMPartialPolicy + plural: iampartialpolicies + shortNames: + - gcpiampartialpolicy + - gcpiampartialpolicies + singular: iampartialpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True' the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: IAMPartialPolicy is the Schema for the iampartialpolicy API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IAMPartialPolicySpec defines the desired state of IAMPartialPolicy + properties: + bindings: + description: Optional. The list of IAM bindings managed by Config + Connector. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + oneOf: + - required: + - member + - required: + - memberFrom + properties: + member: + description: The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used. + type: string + memberFrom: + description: The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used, + and only one subfield within 'memberFrom' can be used. + oneOf: + - required: + - logSinkRef + - required: + - serviceAccountRef + - required: + - serviceIdentityRef + - required: + - sqlInstanceRef + properties: + logSinkRef: + description: The LoggingLogSink whose writer identity + (i.e. its 'status.writerIdentity') is to be bound + to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceAccountRef: + description: The IAMServiceAccount to be bound to + the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceIdentityRef: + description: The ServiceIdentity whose service account + (i.e., its 'status.email') is to be bound to the + role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + sqlInstanceRef: + description: The SQLInstance whose service account + (i.e. its 'status.serviceAccountEmailAddress') is + to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: object + type: object + type: array + role: + description: Required. The role to bind the users to. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + type: string + required: + - role + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAM + policy on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external + properties: + apiVersion: + type: string + external: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + type: object + required: + - resourceRef + type: object + status: + description: IAMPartialPolicyStatus defines the observed state of IAMPartialPolicy + properties: + allBindings: + description: AllBindings surfaces all IAM bindings for the referenced + resource. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + type: string + type: array + role: + description: Required. The role to bind the users to. + type: string + required: + - role + type: object + type: array + conditions: + description: Conditions represent the latest available observations + of the IAM policy's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + lastAppliedBindings: + description: LastAppliedBindings is the list of IAM bindings that + were most recently applied by Config Connector. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + type: string + type: array + role: + description: Required. The role to bind the users to. + type: string + required: + - role + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: iampolicies.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMPolicy + plural: iampolicies + shortNames: + - gcpiampolicy + - gcpiampolicies + singular: iampolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True' the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: IAMPolicy is the Schema for the iampolicies API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IAMPolicySpec defines the desired state of IAMPolicy + properties: + auditConfigs: + description: Optional. The list of IAM audit configs. + items: + description: Specifies the Cloud Audit Logs configuration for the + IAM policy. + properties: + auditLogConfigs: + description: Required. The configuration for logging of each + type of permission. + items: + properties: + exemptedMembers: + description: Identities that do not cause logging for + this type of permission. The format is the same as that + for 'members' in IAMPolicy/IAMPolicyMember. + items: + type: string + type: array + logType: + description: Permission type for which logging is to be + configured. Must be one of 'DATA_READ', 'DATA_WRITE', + or 'ADMIN_READ'. + pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ + type: string + required: + - logType + type: object + type: array + service: + description: 'Required. The service for which to enable Data + Access audit logs. The special value ''allServices'' covers + all services. Note that if there are audit configs covering + both ''allServices'' and a specific service, then the union + of the two audit configs is used for that service: the ''logTypes'' + specified in each ''auditLogConfig'' are enabled, and the + ''exemptedMembers'' in each ''auditLogConfig'' are exempted.' + type: string + required: + - auditLogConfigs + - service + type: object + type: array + bindings: + description: Optional. The list of IAM bindings. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + type: string + type: array + role: + description: Required. The role to bind the users to. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + type: string + required: + - role + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAM + policy on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external + properties: + apiVersion: + type: string + external: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + type: object + required: + - resourceRef + type: object + status: + description: IAMPolicyStatus defines the observed state of IAMPolicy + properties: + conditions: + description: Conditions represent the latest available observations + of the IAM policy's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: iampolicymembers.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMPolicyMember + plural: iampolicymembers + shortNames: + - gcpiampolicymember + - gcpiampolicymembers + singular: iampolicymember + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True' the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: IAMPolicyMember is the Schema for the iampolicies API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IAMPolicyMemberSpec defines the desired state of IAMPolicyMember + oneOf: + - required: + - member + - required: + - memberFrom + properties: + condition: + description: Immutable. Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + member: + description: Immutable. The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used. + type: string + memberFrom: + description: Immutable. The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used, and only one + subfield within 'memberFrom' can be used. + oneOf: + - required: + - logSinkRef + - required: + - serviceAccountRef + - required: + - serviceIdentityRef + - required: + - sqlInstanceRef + properties: + logSinkRef: + description: The LoggingLogSink whose writer identity (i.e. its + 'status.writerIdentity') is to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceAccountRef: + description: The IAMServiceAccount to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceIdentityRef: + description: The ServiceIdentity whose service account (i.e., + its 'status.email') is to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + sqlInstanceRef: + description: The SQLInstance whose service account (i.e. its 'status.serviceAccountEmailAddress') + is to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: object + resourceRef: + description: Immutable. Required. The GCP resource to set the IAM + policy on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external + properties: + apiVersion: + type: string + external: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + type: object + role: + description: Immutable. Required. The role for which the Member will + be bound. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + type: string + required: + - resourceRef + - role + type: object + status: + description: IAMPolicyMemberStatus defines the observed state of IAMPolicyMember + properties: + conditions: + description: Conditions represent the latest available observations + of the IAM policy's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: iamserviceaccountkeys.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMServiceAccountKey + plural: iamserviceaccountkeys + shortNames: + - gcpiamserviceaccountkey + - gcpiamserviceaccountkeys + singular: iamserviceaccountkey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + keyAlgorithm: + description: 'Immutable. The algorithm used to generate the key, used + only on create. KEY_ALG_RSA_2048 is the default algorithm. Valid + values are: "KEY_ALG_RSA_1024", "KEY_ALG_RSA_2048".' + type: string + privateKeyType: + description: Immutable. + type: string + publicKeyData: + description: Immutable. A field that allows clients to upload their + own public key. If set, use this public key data to create a service + account key for given service account. Please note, the expected + format for this field is a base64 encoded X509_PEM. + type: string + publicKeyType: + description: Immutable. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - serviceAccountRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: Immutable. The name used for this key pair. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + privateKey: + description: The private key in JSON format, base64 encoded. This + is what you normally get as a file when creating service account + keys through the CLI or web console. This is only populated when + creating a new key. + type: string + publicKey: + description: Immutable. The public key, base64 encoded. + type: string + validAfter: + description: 'The key can be used after this timestamp. A timestamp + in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: + "2014-10-02T15:01:23.045123456Z".' + type: string + validBefore: + description: 'The key can be used before this timestamp. A timestamp + in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: + "2014-10-02T15:01:23.045123456Z".' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: iamserviceaccounts.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMServiceAccount + plural: iamserviceaccounts + shortNames: + - gcpiamserviceaccount + - gcpiamserviceaccounts + singular: iamserviceaccount + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A text description of the service account. Must be less + than or equal to 256 UTF-8 bytes. + type: string + disabled: + description: Whether the service account is disabled. Defaults to + false. + type: boolean + displayName: + description: The display name for the service account. Can be updated + without creating a new resource. + type: string + resourceID: + description: Immutable. Optional. The accountId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + email: + description: The e-mail address of the service account. This value + should be referenced from any google_iam_policy data sources that + would grant the service account privileges. + type: string + member: + description: The Identity of the service account in the form 'serviceAccount:{email}'. + This value is often used to refer to the service account in order + to grant IAM permissions. + type: string + name: + description: The fully-qualified name of the service account. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + uniqueId: + description: The unique id of the service account. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iamworkforcepoolproviders.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMWorkforcePoolProvider + plural: iamworkforcepoolproviders + shortNames: + - gcpiamworkforcepoolprovider + - gcpiamworkforcepoolproviders + singular: iamworkforcepoolprovider + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attributeCondition: + description: 'A [Common Expression Language](https://opensource.google/projects/cel) + expression, in plain text, to restrict what otherwise valid authentication + credentials issued by the provider should not be accepted. The expression + must output a boolean representing whether to allow the federation. + The following keywords may be referenced in the expressions: * `assertion`: + JSON representing the authentication credential issued by the provider. + * `google`: The Google attributes mapped from the assertion in the + `attribute_mappings`. `google.profile_photo` and `google.display_name` + are not supported. * `attribute`: The custom attributes mapped from + the assertion in the `attribute_mappings`. The maximum length of + the attribute condition expression is 4096 characters. If unspecified, + all valid authentication credentials will be accepted. The following + example shows how to only allow credentials with a mapped `google.groups` + value of `admins`: ``` "''admins'' in google.groups" ```' + type: string + attributeMapping: + additionalProperties: + type: string + description: 'Required. Maps attributes from the authentication credentials + issued by an external identity provider to Google Cloud attributes, + such as `subject` and `segment`. Each key must be a string specifying + the Google Cloud IAM attribute to map to. The following keys are + supported: * `google.subject`: The principal IAM is authenticating. + You can reference this value in IAM bindings. This is also the subject + that appears in Cloud Logging logs. This is a required field and + the mapped subject cannot exceed 127 bytes. * `google.groups`: Groups + the authenticating user belongs to. You can grant groups access + to resources using an IAM `principalSet` binding; access applies + to all members of the group. * `google.display_name`: The name of + the authenticated user. This is an optional field and the mapped + display name cannot exceed 100 bytes. If not set, `google.subject` + will be displayed instead. This attribute cannot be referenced in + IAM bindings. * `google.profile_photo`: The URL that specifies the + authenticated user''s thumbnail photo. This is an optional field. + When set, the image will be visible as the user''s profile picture. + If not set, a generic user icon will be displayed instead. This + attribute cannot be referenced in IAM bindings. You can also provide + custom attributes by specifying `attribute.{custom_attribute}`, + where {custom_attribute} is the name of the custom attribute to + be mapped. You can define a maximum of 50 custom attributes. The + maximum length of a mapped attribute key is 100 characters, and + the key may only contain the characters [a-z0-9_]. You can reference + these attributes in IAM policies to define fine-grained access for + a workforce pool to Google Cloud resources. For example:' + type: object + description: + description: A user-specified description of the provider. Cannot + exceed 256 characters. + type: string + disabled: + description: Whether the provider is disabled. You cannot use a disabled + provider to exchange tokens. However, existing tokens still grant + access. + type: boolean + displayName: + description: A user-specified display name for the provider. Cannot + exceed 32 characters. + type: string + location: + description: Immutable. The location for the resource + type: string + oidc: + description: An OpenId Connect 1.0 identity provider configuration. + properties: + clientId: + description: Required. The client ID. Must match the audience + claim of the JWT issued by the identity provider. + type: string + clientSecret: + description: The optional client secret. Required to enable Authorization + Code flow for web sign-in. + properties: + value: + description: The value of the client secret. + properties: + plainText: + description: Input only. The plain text of the client + secret value. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + type: object + type: object + issuerUri: + description: Required. The OIDC issuer URI. Must be a valid URI + using the 'https' scheme. + type: string + jwksJson: + description: 'OIDC JWKs in JSON String format. For details on + definition of a JWK, see https:tools.ietf.org/html/rfc7517. + If not set, then we use the `jwks_uri` from the discovery document + fetched from the .well-known path for the `issuer_uri`. Currently, + RSA and EC asymmetric keys are supported. The JWK must use following + format and include only the following fields: ```{"keys": [{"kty": + "RSA/EC", "alg": "", "use": "sig", "kid": "", + "n": "", "e": "", "x": "", "y": "", "crv": ""}]}```' + type: string + webSsoConfig: + description: Required. Configuration for web single sign-on for + the OIDC provider. Here, web sign-in refers to console sign-in + and gcloud sign-in through the browser. + properties: + additionalScopes: + description: Additional scopes to request for in the OIDC + authentication request on top of scopes requested by default. + By default, the `openid`, `profile` and `email` scopes that + are supported by the identity provider are requested. Each + additional scope may be at most 256 characters. A maximum + of 10 additional scopes may be configured. + items: + type: string + type: array + assertionClaimsBehavior: + description: 'Required. The behavior for how OIDC Claims are + included in the `assertion` object used for attribute mapping + and attribute condition. Possible values: ASSERTION_CLAIMS_BEHAVIOR_UNSPECIFIED, + MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS, ONLY_ID_TOKEN_CLAIMS' + type: string + responseType: + description: 'Required. The Response Type to request for in + the OIDC Authorization Request for web sign-in. The `CODE` + Response Type is recommended to avoid the Implicit Flow, + for security reasons. Possible values: RESPONSE_TYPE_UNSPECIFIED, + CODE, ID_TOKEN' + type: string + required: + - assertionClaimsBehavior + - responseType + type: object + required: + - clientId + - issuerUri + - webSsoConfig + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + saml: + description: A SAML identity provider configuration. + properties: + idpMetadataXml: + description: 'Required. SAML Identity provider configuration metadata + xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). + The max size of the acceptable xml document will be bounded + to 128k characters. The metadata xml document should satisfy + the following constraints: 1) Must contain an Identity Provider + Entity ID. 2) Must contain at least one non-expired signing + key certificate. 3) For each signing key: a) Valid from should + be no more than 7 days from now. b) Valid to should be no more + than 10 years in the future. 4) Up to 3 IdP signing keys are + allowed in the metadata xml. When updating the provider''s metadata + xml, at least one non-expired signing key must overlap with + the existing metadata. This requirement is skipped if there + are no non-expired signing keys present in the existing metadata.' + type: string + required: + - idpMetadataXml + type: object + workforcePoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The workforce_pool for the resource + + Allowed value: The Google Cloud resource name of an `IAMWorkforcePool` resource (format: `locations/{{location}}/workforcePools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - attributeMapping + - location + - workforcePoolRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + oidc: + properties: + clientSecret: + properties: + value: + properties: + thumbprint: + description: Output only. A thumbprint to represent the + current client secret value. + type: string + type: object + type: object + type: object + state: + description: 'Output only. The state of the provider. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iamworkforcepools.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMWorkforcePool + plural: iamworkforcepools + shortNames: + - gcpiamworkforcepool + - gcpiamworkforcepools + singular: iamworkforcepool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A user-specified description of the pool. Cannot exceed + 256 characters. + type: string + disabled: + description: Whether the pool is disabled. You cannot use a disabled + pool to exchange tokens, or use existing tokens to access resources. + If the pool is re-enabled, existing tokens grant access again. + type: boolean + displayName: + description: A user-specified display name of the pool in Google Cloud + Console. Cannot exceed 32 characters. + type: string + location: + description: Immutable. The location for the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sessionDuration: + description: How long the Google Cloud access tokens, console sign-in + sessions, and gcloud sign-in sessions from this pool are valid. + Must be greater than 15 minutes (900s) and less than 12 hours (43200s). + If `session_duration` is not configured, minted credentials will + have a default duration of one hour (3600s). + type: string + required: + - location + - organizationRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: 'Output only. The resource name of the pool. Format: + `locations/{location}/workforcePools/{workforce_pool_id}`' + type: string + state: + description: 'Output only. The state of the pool. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iamworkloadidentitypoolproviders.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMWorkloadIdentityPoolProvider + plural: iamworkloadidentitypoolproviders + shortNames: + - gcpiamworkloadidentitypoolprovider + - gcpiamworkloadidentitypoolproviders + singular: iamworkloadidentitypoolprovider + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attributeCondition: + description: '[A Common Expression Language](https://opensource.google/projects/cel) + expression, in plain text, to restrict what otherwise valid authentication + credentials issued by the provider should not be accepted. The expression + must output a boolean representing whether to allow the federation. + The following keywords may be referenced in the expressions: * `assertion`: + JSON representing the authentication credential issued by the provider. + * `google`: The Google attributes mapped from the assertion in the + `attribute_mappings`. * `attribute`: The custom attributes mapped + from the assertion in the `attribute_mappings`. The maximum length + of the attribute condition expression is 4096 characters. If unspecified, + all valid authentication credential are accepted. The following + example shows how to only allow credentials with a mapped `google.groups` + value of `admins`: ``` "''admins'' in google.groups" ```' + type: string + attributeMapping: + additionalProperties: + type: string + description: 'Maps attributes from authentication credentials issued + by an external identity provider to Google Cloud attributes, such + as `subject` and `segment`. Each key must be a string specifying + the Google Cloud IAM attribute to map to. The following keys are + supported: * `google.subject`: The principal IAM is authenticating. + You can reference this value in IAM bindings. This is also the subject + that appears in Cloud Logging logs. Cannot exceed 127 characters. + * `google.groups`: Groups the external identity belongs to. You + can grant groups access to resources using an IAM `principalSet` + binding; access applies to all members of the group. You can also + provide custom attributes by specifying `attribute.{custom_attribute}`, + where `{custom_attribute}` is the name of the custom attribute to + be mapped. You can define a maximum of 50 custom attributes. The + maximum length of a mapped attribute key is 100 characters, and + the key may only contain the characters [a-z0-9_]. You can reference + these attributes in IAM policies to define fine-grained access for + a workload to Google Cloud resources. For example: * `google.subject`: + `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` + * `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` + * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` + Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) + function that maps an identity provider credential to the normalized + attribute specified by the corresponding map key. You can use the + `assertion` keyword in the expression to access a JSON representation + of the authentication credential issued by the provider. The maximum + length of an attribute mapping expression is 2048 characters. When + evaluated, the total size of all mapped attributes must not exceed + 8KB. For AWS providers, if no attribute mapping is defined, the + following default mapping applies: ``` { "google.subject":"assertion.arn", + "attribute.aws_role": "assertion.arn.contains(''assumed-role'')" + " ? assertion.arn.extract(''{account_arn}assumed-role/'')" " + ''assumed-role/''" + " + assertion.arn.extract(''assumed-role/{role_name}/'')" " : assertion.arn", + } ``` If any custom attribute mappings are defined, they must include + a mapping to the `google.subject` attribute. For OIDC providers, + you must supply a custom mapping, which must include the `google.subject` + attribute. For example, the following maps the `sub` claim of the + incoming credential to the `subject` attribute on a Google token: + ``` {"google.subject": "assertion.sub"} ```' + type: object + aws: + description: An Amazon Web Services identity provider. + properties: + accountId: + description: Required. The AWS account ID. + type: string + stsUri: + description: A list of AWS STS URIs that can be used when exchanging + credentials. If not provided, any valid AWS STS URI is allowed. + URIs must use the form `https://sts.amazonaws.com` or `https://sts.{region}.amazonaws.com`, + where {region} is a valid AWS region. You can specify a maximum + of 25 URIs. + items: + type: string + type: array + required: + - accountId + type: object + description: + description: A description for the provider. Cannot exceed 256 characters. + type: string + disabled: + description: Whether the provider is disabled. You cannot use a disabled + provider to exchange tokens. However, existing tokens still grant + access. + type: boolean + displayName: + description: A display name for the provider. Cannot exceed 32 characters. + type: string + location: + description: Immutable. The location for the resource + type: string + oidc: + description: An OpenId Connect 1.0 identity provider. + properties: + allowedAudiences: + description: 'Acceptable values for the `aud` field (audience) + in the OIDC token. Token exchange requests are rejected if the + token audience does not match one of the configured values. + Each audience may be at most 256 characters. A maximum of 10 + audiences may be configured. If this list is empty, the OIDC + token audience must be equal to the full canonical resource + name of the WorkloadIdentityPoolProvider, with or without the + HTTPS prefix. For example: ``` //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ + https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ + ```' + items: + type: string + type: array + issuerUri: + description: Required. The OIDC issuer URL. Must be an HTTPS endpoint. + type: string + required: + - issuerUri + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + workloadIdentityPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The workloadIdentityPool for the resource + + Allowed value: The Google Cloud resource name of an `IAMWorkloadIdentityPool` resource (format: `projects/{{project}}/locations/{{location}}/workloadIdentityPools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - projectRef + - workloadIdentityPoolRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The state of the provider. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iamworkloadidentitypools.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMWorkloadIdentityPool + plural: iamworkloadidentitypools + shortNames: + - gcpiamworkloadidentitypool + - gcpiamworkloadidentitypools + singular: iamworkloadidentitypool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A description of the pool. Cannot exceed 256 characters. + type: string + disabled: + description: Whether the pool is disabled. You cannot use a disabled + pool to exchange tokens, or use existing tokens to access resources. + If the pool is re-enabled, existing tokens grant access again. + type: boolean + displayName: + description: A display name for the pool. Cannot exceed 32 characters. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The state of the pool. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iapbrands.iap.cnrm.cloud.google.com +spec: + group: iap.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAPBrand + plural: iapbrands + shortNames: + - gcpiapbrand + - gcpiapbrands + singular: iapbrand + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + applicationTitle: + description: Immutable. Application name displayed on OAuth consent + screen. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + supportEmail: + description: Immutable. Support email displayed on the OAuth consent + screen. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + orgInternalOnly: + description: Output only. Whether the brand is only intended for usage + inside the G Suite organization only. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iapidentityawareproxyclients.iap.cnrm.cloud.google.com +spec: + group: iap.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAPIdentityAwareProxyClient + plural: iapidentityawareproxyclients + shortNames: + - gcpiapidentityawareproxyclient + - gcpiapidentityawareproxyclients + singular: iapidentityawareproxyclient + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + brandRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The brand for the resource + + Allowed value: The Google Cloud resource name of an `IAPBrand` resource (format: `projects/{{project}}/brands/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + displayName: + description: Immutable. Human-friendly name given to the OAuth client. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - brandRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + secret: + description: Output only. Client secret of the OAuth client. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: identityplatformconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformConfig + plural: identityplatformconfigs + shortNames: + - gcpidentityplatformconfig + - gcpidentityplatformconfigs + singular: identityplatformconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + authorizedDomains: + description: List of domains authorized for OAuth redirects + items: + type: string + type: array + blockingFunctions: + description: Configuration related to blocking functions. + properties: + triggers: + additionalProperties: + properties: + functionUriRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + HTTP URI trigger for the Cloud Function. + + Allowed value: The `httpsTrigger.url` field of a `CloudFunctionsFunction` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + updateTime: + description: When the trigger was changed. + format: date-time + type: string + type: object + description: 'Map of Trigger to event type. Key should be one + of the supported event types: "beforeCreate", "beforeSignIn"' + type: object + type: object + client: + description: Options related to how clients making requests on behalf + of a project should be configured. + properties: + permissions: + description: Configuration related to restricting a user's ability + to affect their account. + properties: + disabledUserDeletion: + description: When true, end users cannot delete their account + on the associated project through any of our API methods + type: boolean + disabledUserSignup: + description: When true, end users cannot sign up for a new + account on the associated project through any of our API + methods + type: boolean + type: object + type: object + mfa: + description: Configuration for this project's multi-factor authentication, + including whether it is active and what factors can be used for + the second factor + properties: + state: + description: 'Whether MultiFactor Authentication has been enabled + for this project. Possible values: STATE_UNSPECIFIED, DISABLED, + ENABLED, MANDATORY' + type: string + type: object + monitoring: + description: Configuration related to monitoring project activity. + properties: + requestLogging: + description: Configuration for logging requests made to this project + to Stackdriver Logging + properties: + enabled: + description: Whether logging is enabled for this project or + not. + type: boolean + type: object + type: object + multiTenant: + description: Configuration related to multi-tenant functionality. + properties: + allowTenants: + description: Whether this project can have tenants or not. + type: boolean + defaultTenantLocationRef: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: |- + The default cloud parent org or folder that the tenant project should be created under. The parent resource name should be in the format of "/", such as "folders/123" or "organizations/456". If the value is not set, the tenant will be created under the same organization or folder as the agent project. + + Allowed values: + * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). + * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). + type: string + kind: + description: 'Kind of the referent. Allowed values: Folder' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + notification: + description: Configuration related to sending notifications to users. + properties: + defaultLocale: + description: Default locale used for email and SMS in IETF BCP + 47 format. + type: string + sendEmail: + description: Options for email sending. + properties: + callbackUri: + description: action url in email template. + type: string + changeEmailTemplate: + description: Email template for change email + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + dnsInfo: + description: Information of custom domain DNS verification. + properties: + useCustomDomain: + description: Whether to use custom domain. + type: boolean + type: object + method: + description: 'The method used for sending an email. Possible + values: METHOD_UNSPECIFIED, DEFAULT, CUSTOM_SMTP' + type: string + resetPasswordTemplate: + description: Email template for reset password + properties: + body: + description: Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + revertSecondFactorAdditionTemplate: + description: Email template for reverting second factor addition + emails + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + smtp: + description: Use a custom SMTP relay + properties: + host: + description: SMTP relay host + type: string + password: + description: SMTP relay password + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: SMTP relay port + format: int64 + type: integer + securityMode: + description: 'SMTP security mode. Possible values: SECURITY_MODE_UNSPECIFIED, + SSL, START_TLS' + type: string + senderEmail: + description: Sender email for the SMTP relay + type: string + username: + description: SMTP relay username + type: string + type: object + verifyEmailTemplate: + description: Email template for verify email + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + type: object + sendSms: + description: Options for SMS sending. + properties: + useDeviceLocale: + description: Whether to use the accept_language header for + SMS. + type: boolean + type: object + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project of the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + quota: + description: Configuration related to quotas. + properties: + signUpQuotaConfig: + description: Quota for the Signup endpoint, if overwritten. Signup + quota is measured in sign ups per project per hour per IP. + properties: + quota: + description: Corresponds to the 'refill_token_count' field + in QuotaServer config + format: int64 + type: integer + quotaDuration: + description: How long this quota will be active for + type: string + startTime: + description: When this quota will take affect + format: date-time + type: string + type: object + type: object + signIn: + description: Configuration related to local sign in methods. + properties: + allowDuplicateEmails: + description: Whether to allow more than one account to have the + same email. + type: boolean + anonymous: + description: Configuration options related to authenticating an + anonymous user. + properties: + enabled: + description: Whether anonymous user auth is enabled for the + project or not. + type: boolean + type: object + email: + description: Configuration options related to authenticating a + user by their email address. + properties: + enabled: + description: Whether email auth is enabled for the project + or not. + type: boolean + passwordRequired: + description: Whether a password is required for email auth + or not. If true, both an email and password must be provided + to sign in. If false, a user may sign in via either email/password + or email link. + type: boolean + type: object + phoneNumber: + description: Configuration options related to authenticated a + user by their phone number. + properties: + enabled: + description: Whether phone number auth is enabled for the + project or not. + type: boolean + testPhoneNumbers: + additionalProperties: + type: string + description: A map of that can be used for phone auth testing. + type: object + type: object + type: object + required: + - projectRef + type: object + status: + properties: + client: + properties: + apiKey: + description: Output only. API key that can be used when making + requests for this project. + type: string + firebaseSubdomain: + description: Output only. Firebase subdomain. + type: string + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + notification: + properties: + sendEmail: + properties: + changeEmailTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + dnsInfo: + properties: + customDomain: + description: Output only. The applied verified custom + domain. + type: string + customDomainState: + description: 'Output only. The current verification state + of the custom domain. The custom domain will only be + used once the domain verification is successful. Possible + values: VERIFICATION_STATE_UNSPECIFIED, NOT_STARTED, + IN_PROGRESS, FAILED, SUCCEEDED' + type: string + domainVerificationRequestTime: + description: Output only. The timestamp of initial request + for the current domain verification. + format: date-time + type: string + pendingCustomDomain: + description: Output only. The custom domain that's to + be verified. + type: string + type: object + resetPasswordTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + revertSecondFactorAdditionTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + verifyEmailTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + type: object + sendSms: + properties: + smsTemplate: + description: Output only. The template to use when sending + an SMS. + properties: + content: + description: 'Output only. The SMS''s content. Can contain + the following placeholders which will be replaced with + the appropriate values: %APP_NAME% - For Android or + iOS apps, the app''s display name. For web apps, the + domain hosting the application. %LOGIN_CODE% - The OOB + code being sent in the SMS.' + type: string + type: object + type: object + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + signIn: + properties: + email: + properties: + hashConfig: + description: Output only. Hash config information. + properties: + algorithm: + description: 'Output only. Different password hash algorithms + used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, + HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, + MD5, HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, + SHA512, STANDARD_SCRYPT' + type: string + memoryCost: + description: Output only. Memory cost for hash calculation. + Used by scrypt and other similar password derivation + algorithms. See https://tools.ietf.org/html/rfc7914 + for explanation of field. + format: int64 + type: integer + rounds: + description: Output only. How many rounds for hash calculation. + Used by scrypt and other similar password derivation + algorithms. + format: int64 + type: integer + saltSeparator: + description: Output only. Non-printable character to be + inserted between the salt and plain text password in + base64. + type: string + signerKey: + description: Output only. Signer key in base64. + type: string + type: object + type: object + hashConfig: + description: Output only. Hash config information. + properties: + algorithm: + description: 'Output only. Different password hash algorithms + used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, + HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, MD5, + HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, SHA512, + STANDARD_SCRYPT' + type: string + memoryCost: + description: Output only. Memory cost for hash calculation. + Used by scrypt and other similar password derivation algorithms. + See https://tools.ietf.org/html/rfc7914 for explanation + of field. + format: int64 + type: integer + rounds: + description: Output only. How many rounds for hash calculation. + Used by scrypt and other similar password derivation algorithms. + format: int64 + type: integer + saltSeparator: + description: Output only. Non-printable character to be inserted + between the salt and plain text password in base64. + type: string + signerKey: + description: Output only. Signer key in base64. + type: string + type: object + type: object + subtype: + description: 'Output only. The subtype of this config. Possible values: + SUBTYPE_UNSPECIFIED, IDENTITY_PLATFORM, FIREBASE_AUTH' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformdefaultsupportedidpconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformDefaultSupportedIDPConfig + plural: identityplatformdefaultsupportedidpconfigs + shortNames: + - gcpidentityplatformdefaultsupportedidpconfig + - gcpidentityplatformdefaultsupportedidpconfigs + singular: identityplatformdefaultsupportedidpconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clientId: + description: OAuth client ID. + type: string + clientSecret: + description: OAuth client secret. + type: string + enabled: + description: If this IDP allows the user to sign in. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The idpId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - clientId + - clientSecret + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The name of the DefaultSupportedIdpConfig resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatforminboundsamlconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformInboundSAMLConfig + plural: identityplatforminboundsamlconfigs + shortNames: + - gcpidentityplatforminboundsamlconfig + - gcpidentityplatforminboundsamlconfigs + singular: identityplatforminboundsamlconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Human friendly display name. + type: string + enabled: + description: If this config allows users to sign in with the provider. + type: boolean + idpConfig: + description: SAML IdP configuration when the project acts as the relying + party. + properties: + idpCertificates: + description: The IdP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The IdP's x509 certificate. + type: string + type: object + type: array + idpEntityId: + description: Unique identifier for all SAML entities. + type: string + signRequest: + description: Indicates if outbounding SAMLRequest should be signed. + type: boolean + ssoUrl: + description: URL to send Authentication request to. + type: string + required: + - idpCertificates + - idpEntityId + - ssoUrl + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + spConfig: + description: |- + SAML SP (Service Provider) configuration when the project acts as the relying party to receive + and accept an authentication assertion issued by a SAML identity provider. + properties: + callbackUri: + description: Callback URI where responses from IDP are handled. + Must start with 'https://'. + type: string + spCertificates: + description: The IDP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The x509 certificate. + type: string + type: object + type: array + spEntityId: + description: Unique identifier for all SAML entities. + type: string + type: object + required: + - displayName + - idpConfig + - projectRef + - spConfig + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: identityplatformoauthidpconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformOAuthIDPConfig + plural: identityplatformoauthidpconfigs + shortNames: + - gcpidentityplatformoauthidpconfig + - gcpidentityplatformoauthidpconfigs + singular: identityplatformoauthidpconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clientId: + description: The client id of an OAuth client. + type: string + clientSecret: + description: The client secret of the OAuth client, to enable OIDC + code flow. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + displayName: + description: The config's display name set by developers. + type: string + enabled: + description: True if allows the user to sign in with the provider. + type: boolean + issuer: + description: For OIDC Idps, the issuer identifier. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + responseType: + description: 'The multiple response type to request for in the OAuth + authorization flow. This can possibly be a combination of set bits + (e.g.: {id\_token, token}).' + properties: + code: + description: If true, authorization code is returned from IdP's + authorization endpoint. + type: boolean + idToken: + description: If true, ID token is returned from IdP's authorization + endpoint. + type: boolean + token: + description: If true, access token is returned from IdP's authorization + endpoint. + type: boolean + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformprojectdefaultconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformProjectDefaultConfig + plural: identityplatformprojectdefaultconfigs + shortNames: + - gcpidentityplatformprojectdefaultconfig + - gcpidentityplatformprojectdefaultconfigs + singular: identityplatformprojectdefaultconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + signIn: + description: Configuration related to local sign in methods. + properties: + allowDuplicateEmails: + description: Whether to allow more than one account to have the + same email. + type: boolean + anonymous: + description: Configuration options related to authenticating an + anonymous user. + properties: + enabled: + description: Whether anonymous user auth is enabled for the + project or not. + type: boolean + required: + - enabled + type: object + email: + description: Configuration options related to authenticating a + user by their email address. + properties: + enabled: + description: Whether email auth is enabled for the project + or not. + type: boolean + passwordRequired: + description: |- + Whether a password is required for email auth or not. If true, both an email and + password must be provided to sign in. If false, a user may sign in via either + email/password or email link. + type: boolean + type: object + hashConfig: + description: Output only. Hash config information. + items: + properties: + algorithm: + description: Different password hash algorithms used in + Identity Toolkit. + type: string + memoryCost: + description: Memory cost for hash calculation. Used by scrypt + and other similar password derivation algorithms. See + https://tools.ietf.org/html/rfc7914 for explanation of + field. + type: integer + rounds: + description: How many rounds for hash calculation. Used + by scrypt and other similar password derivation algorithms. + type: integer + saltSeparator: + description: Non-printable character to be inserted between + the salt and plain text password in base64. + type: string + signerKey: + description: Signer key in base64. + type: string + type: object + type: array + phoneNumber: + description: Configuration options related to authenticated a + user by their phone number. + properties: + enabled: + description: Whether phone number auth is enabled for the + project or not. + type: boolean + testPhoneNumbers: + additionalProperties: + type: string + description: A map of that + can be used for phone auth testing. + type: object + type: object + type: object + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The name of the Config resource. Example: "projects/my-awesome-project/config".' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformtenantdefaultsupportedidpconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformTenantDefaultSupportedIDPConfig + plural: identityplatformtenantdefaultsupportedidpconfigs + shortNames: + - gcpidentityplatformtenantdefaultsupportedidpconfig + - gcpidentityplatformtenantdefaultsupportedidpconfigs + singular: identityplatformtenantdefaultsupportedidpconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clientId: + description: OAuth client ID. + type: string + clientSecret: + description: OAuth client secret. + type: string + enabled: + description: If this IDP allows the user to sign in. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The idpId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tenant: + description: Immutable. The name of the tenant where this DefaultSupportedIdpConfig + resource exists. + type: string + required: + - clientId + - clientSecret + - projectRef + - tenant + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The name of the default supported IDP config resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformtenantinboundsamlconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformTenantInboundSAMLConfig + plural: identityplatformtenantinboundsamlconfigs + shortNames: + - gcpidentityplatformtenantinboundsamlconfig + - gcpidentityplatformtenantinboundsamlconfigs + singular: identityplatformtenantinboundsamlconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Human friendly display name. + type: string + enabled: + description: If this config allows users to sign in with the provider. + type: boolean + idpConfig: + description: SAML IdP configuration when the project acts as the relying + party. + properties: + idpCertificates: + description: The IDP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The x509 certificate. + type: string + type: object + type: array + idpEntityId: + description: Unique identifier for all SAML entities. + type: string + signRequest: + description: Indicates if outbounding SAMLRequest should be signed. + type: boolean + ssoUrl: + description: URL to send Authentication request to. + type: string + required: + - idpCertificates + - idpEntityId + - ssoUrl + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + spConfig: + description: |- + SAML SP (Service Provider) configuration when the project acts as the relying party to receive + and accept an authentication assertion issued by a SAML identity provider. + properties: + callbackUri: + description: Callback URI where responses from IDP are handled. + Must start with 'https://'. + type: string + spCertificates: + description: The IDP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The x509 certificate. + type: string + type: object + type: array + spEntityId: + description: Unique identifier for all SAML entities. + type: string + required: + - callbackUri + - spEntityId + type: object + tenant: + description: Immutable. The name of the tenant where this inbound + SAML config resource exists. + type: string + required: + - displayName + - idpConfig + - projectRef + - spConfig + - tenant + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: identityplatformtenantoauthidpconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformTenantOAuthIDPConfig + plural: identityplatformtenantoauthidpconfigs + shortNames: + - gcpidentityplatformtenantoauthidpconfig + - gcpidentityplatformtenantoauthidpconfigs + singular: identityplatformtenantoauthidpconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clientId: + description: The client id of an OAuth client. + type: string + clientSecret: + description: The client secret of the OAuth client, to enable OIDC + code flow. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + displayName: + description: The config's display name set by developers. + type: string + enabled: + description: True if allows the user to sign in with the provider. + type: boolean + issuer: + description: For OIDC Idps, the issuer identifier. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + responseType: + description: 'The multiple response type to request for in the OAuth + authorization flow. This can possibly be a combination of set bits + (e.g.: {id\_token, token}).' + properties: + code: + description: If true, authorization code is returned from IdP's + authorization endpoint. + type: boolean + idToken: + description: If true, ID token is returned from IdP's authorization + endpoint. + type: boolean + token: + description: If true, access token is returned from IdP's authorization + endpoint. + type: boolean + type: object + tenantRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The tenant for the resource + + Allowed value: The Google Cloud resource name of an `IdentityPlatformTenant` resource (format: `projects/{{project}}/tenants/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tenantRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: identityplatformtenants.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformTenant + plural: identityplatformtenants + shortNames: + - gcpidentityplatformtenant + - gcpidentityplatformtenants + singular: identityplatformtenant + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + allowPasswordSignup: + description: Whether to allow email/password user authentication. + type: boolean + disableAuth: + description: Whether authentication is disabled for the tenant. If + true, the users under the disabled tenant are not allowed to sign-in. + Admins of the disabled tenant are not able to manage its users. + type: boolean + displayName: + description: Display name of the tenant. + type: string + enableAnonymousUser: + description: Whether to enable anonymous user authentication. + type: boolean + enableEmailLinkSignin: + description: Whether to enable email link user authentication. + type: boolean + mfaConfig: + description: The tenant-level configuration of MFA options. + properties: + enabledProviders: + description: A list of usable second factors for this project. + items: + type: string + type: array + state: + description: 'Whether MultiFactor Authentication has been enabled + for this project. Possible values: STATE_UNSPECIFIED, DISABLED, + ENABLED, MANDATORY' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + testPhoneNumbers: + additionalProperties: + type: string + description: A map of pairs that can + be used for MFA. The phone number should be in E.164 format (https://www.itu.int/rec/T-REC-E.164/) + and a maximum of 10 pairs can be added (error will be thrown once + exceeded). + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: beta + cnrm.cloud.google.com/system: "true" + name: kmsautokeyconfigs.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSAutokeyConfig + listKind: KMSAutokeyConfigList + plural: kmsautokeyconfigs + shortNames: + - gcpkmsautokeyconfig + - gcpkmsautokeyconfigs + singular: kmsautokeyconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: KMSAutokeyConfig is the Schema for the KMSAutokeyConfig API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KMSAutokeyConfigSpec defines the desired state of KMSAutokeyConfig + properties: + folderRef: + description: Immutable. The folder that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The 'name' field of a folder, when not managed by + Config Connector. This field must be set when 'name' field is + not set. + type: string + name: + description: The 'name' field of a 'Folder' resource. This field + must be set when 'external' field is not set. + type: string + namespace: + description: The 'namespace' field of a 'Folder' resource. If + unset, the namespace is defaulted to the namespace of the referencer + resource. + type: string + type: object + keyProject: + description: The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + required: + - folderRef + type: object + status: + description: KMSAutokeyConfigStatus defines the config connector machine + state of KMSAutokeyConfig + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the KMSAutokeyConfig resource + in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + state: + description: Output only. Current state of this AutokeyConfig. + type: string + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: KMSAutokeyConfig is the Schema for the KMSAutokeyConfig API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KMSAutokeyConfigSpec defines the desired state of KMSAutokeyConfig + properties: + folderRef: + description: Immutable. The folder that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The 'name' field of a folder, when not managed by + Config Connector. This field must be set when 'name' field is + not set. + type: string + name: + description: The 'name' field of a 'Folder' resource. This field + must be set when 'external' field is not set. + type: string + namespace: + description: The 'namespace' field of a 'Folder' resource. If + unset, the namespace is defaulted to the namespace of the referencer + resource. + type: string + type: object + keyProject: + description: The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + required: + - folderRef + type: object + status: + description: KMSAutokeyConfigStatus defines the config connector machine + state of KMSAutokeyConfig + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the KMSAutokeyConfig resource + in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + state: + description: Output only. Current state of this AutokeyConfig. + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmscryptokeys.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSCryptoKey + plural: kmscryptokeys + shortNames: + - gcpkmscryptokey + - gcpkmscryptokeys + singular: kmscryptokey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + destroyScheduledDuration: + description: |- + Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. + If not specified at creation time, the default duration is 24 hours. + type: string + importOnly: + description: Immutable. Whether this key may contain imported versions + only. + type: boolean + keyRingRef: + description: The KMSKeyRing that this key belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSKeyRing` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + purpose: + description: |- + Immutable. The immutable purpose of this CryptoKey. See the + [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) + for possible inputs. + Default value is "ENCRYPT_DECRYPT". + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rotationPeriod: + description: |- + Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. + The first rotation will take place after the specified period. The rotation period has + the format of a decimal number with up to 9 fractional digits, followed by the + letter 's' (seconds). It must be greater than a day (ie, 86400). + type: string + skipInitialVersionCreation: + description: |- + Immutable. If set to true, the request will create a CryptoKey without any CryptoKeyVersions. + You must use the 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion. + type: boolean + versionTemplate: + description: A template describing settings for new crypto key versions. + properties: + algorithm: + description: |- + The algorithm to use when creating a version based on this template. + See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs. + type: string + protectionLevel: + description: Immutable. The protection level to use when creating + a version based on this template. Possible values include "SOFTWARE", + "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE". + type: string + required: + - algorithm + type: object + required: + - keyRingRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The self link of the created key in the format projects/{project}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{name}. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmscryptokeyversions.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSCryptoKeyVersion + plural: kmscryptokeyversions + shortNames: + - gcpkmscryptokeyversion + - gcpkmscryptokeyversions + singular: kmscryptokeyversion + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cryptoKey: + description: |- + Immutable. The name of the cryptoKey associated with the CryptoKeyVersions. + Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}''. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + state: + description: 'The current state of the CryptoKeyVersion. Possible + values: ["PENDING_GENERATION", "ENABLED", "DISABLED", "DESTROYED", + "DESTROY_SCHEDULED", "PENDING_IMPORT", "IMPORT_FAILED"].' + type: string + required: + - cryptoKey + type: object + status: + properties: + algorithm: + description: The CryptoKeyVersionAlgorithm that this CryptoKeyVersion + supports. + type: string + attestation: + description: |- + Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. + Only provided for key versions with protectionLevel HSM. + items: + properties: + certChains: + description: The certificate chains needed to validate the attestation. + properties: + caviumCerts: + description: Cavium certificate chain corresponding to the + attestation. + type: string + googleCardCerts: + description: Google card certificate chain corresponding + to the attestation. + type: string + googlePartitionCerts: + description: Google partition certificate chain corresponding + to the attestation. + type: string + type: object + content: + description: The attestation data provided by the HSM when the + key operation was performed. + type: string + externalProtectionLevelOptions: + description: ExternalProtectionLevelOptions stores a group of + additional fields for configuring a CryptoKeyVersion that + are specific to the EXTERNAL protection level and EXTERNAL_VPC + protection levels. + properties: + ekmConnectionKeyPath: + description: The path to the external key material on the + EKM when using EkmConnection e.g., "v0/my/key". Set this + field instead of externalKeyUri when using an EkmConnection. + type: string + externalKeyUri: + description: The URI for an external resource that this + CryptoKeyVersion represents. + type: string + type: object + format: + description: The format of the attestation data. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + generateTime: + description: The time this CryptoKeyVersion key material was generated. + type: string + name: + description: The resource name for this CryptoKeyVersion. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + protectionLevel: + description: The ProtectionLevel describing how crypto operations + are performed with this CryptoKeyVersion. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: kmskeyhandles.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSKeyHandle + listKind: KMSKeyHandleList + plural: kmskeyhandles + shortNames: + - gcpkmskeyhandle + - gcpkmskeyhandles + singular: kmskeyhandle + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: KMSKeyHandle is the Schema for the KMSKeyHandle API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KMSKeyHandleSpec defines the desired state of KMSKeyHandle + properties: + location: + description: Location name to create KeyHandle + type: string + projectRef: + description: Project hosting KMSKeyHandle + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: 'Immutable. The KMS Key Handle ID used for resource creation + or acquisition. For creation: If specified, this value is used as + the key handle ID. If not provided, a UUID will be generated and + assigned as the key handle ID. For acquisition: This field must + be provided to identify the key handle resource to acquire.' + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + resourceTypeSelector: + description: Indicates the resource type that the resulting [CryptoKey][] + is meant to protect, e.g. `{SERVICE}.googleapis.com/{TYPE}`. See + documentation for supported resource types https://cloud.google.com/kms/docs/autokey-overview#compatible-services. + type: string + type: object + status: + description: KMSKeyHandleStatus defines the config connector machine state + of KMSKeyHandle + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the KMSKeyHandle resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + kmsKey: + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmskeyringimportjobs.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSKeyRingImportJob + plural: kmskeyringimportjobs + shortNames: + - gcpkmskeyringimportjob + - gcpkmskeyringimportjobs + singular: kmskeyringimportjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + importJobId: + description: Immutable. It must be unique within a KeyRing and match + the regular expression [a-zA-Z0-9_-]{1,63}. + type: string + importMethod: + description: 'Immutable. The wrapping method to be used for incoming + key material. Possible values: ["RSA_OAEP_3072_SHA1_AES_256", "RSA_OAEP_4096_SHA1_AES_256"].' + type: string + keyRing: + description: |- + Immutable. The KeyRing that this import job belongs to. + Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}''. + type: string + protectionLevel: + description: |- + Immutable. The protection level of the ImportJob. This must match the protectionLevel of the + versionTemplate on the CryptoKey you attempt to import into. Possible values: ["SOFTWARE", "HSM", "EXTERNAL"]. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - importJobId + - importMethod + - keyRing + - protectionLevel + type: object + status: + properties: + attestation: + description: |- + Statement that was generated and signed by the key creator (for example, an HSM) at key creation time. + Use this statement to verify attributes of the key as stored on the HSM, independently of Google. + Only present if the chosen ImportMethod is one with a protection level of HSM. + items: + properties: + content: + description: |- + The attestation data provided by the HSM when the key operation was performed. + A base64-encoded string. + type: string + format: + description: The format of the attestation data. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + expireTime: + description: |- + The time at which this resource is scheduled for expiration and can no longer be used. + This is in RFC3339 text format. + type: string + name: + description: The resource name for this ImportJob in the format projects/*/locations/*/keyRings/*/importJobs/*. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + publicKey: + description: The public key with which to wrap key material prior + to import. Only returned if state is 'ACTIVE'. + items: + properties: + pem: + description: |- + The public key, encoded in PEM format. For more information, see the RFC 7468 sections + for General Considerations and Textual Encoding of Subject Public Key Info. + type: string + type: object + type: array + state: + description: The current state of the ImportJob, indicating if it + can be used. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmskeyrings.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSKeyRing + listKind: KMSKeyRingList + plural: kmskeyrings + shortNames: + - gcpkmskeyring + - gcpkmskeyrings + singular: kmskeyring + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: KMSKeyRing represents a KMS KeyRing. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: + description: Immutable. The location for the KeyRing. A full list + of valid locations can be found by running 'gcloud kms locations + list'. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observations + of the KMSKeyRing's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + selfLink: + description: The self link of the created KeyRing in the format projects/{project}/locations/{location}/keyRings/{name}. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmssecretciphertexts.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSSecretCiphertext + plural: kmssecretciphertexts + shortNames: + - gcpkmssecretciphertext + - gcpkmssecretciphertexts + singular: kmssecretciphertext + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + additionalAuthenticatedData: + description: Immutable. The additional authenticated data used for + integrity checks during encryption and decryption. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + cryptoKey: + description: |- + Immutable. The full name of the CryptoKey that will be used to encrypt the provided plaintext. + Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}''. + type: string + plaintext: + description: Immutable. The plaintext to be encrypted. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + resourceID: + description: Immutable. Optional. The service-generated ciphertext + of the resource. Used for acquisition only. Leave unset to create + a new resource. + type: string + required: + - cryptoKey + - plaintext + type: object + status: + properties: + ciphertext: + description: Contains the result of encrypting the provided plaintext, + encoded in base64. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: logginglogbuckets.logging.cnrm.cloud.google.com +spec: + group: logging.cnrm.cloud.google.com + names: + categories: + - gcp + kind: LoggingLogBucket + plural: logginglogbuckets + shortNames: + - gcplogginglogbucket + - gcplogginglogbuckets + singular: logginglogbucket + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - billingAccountRef + - required: + - folderRef + - required: + - organizationRef + - required: + - projectRef + properties: + billingAccountRef: + description: Immutable. The BillingAccount that this resource belongs + to. Only one of [billingAccountRef, folderRef, organizationRef, + projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Billing Account (format: `billingAccounts/{{name}}`).' + type: string + name: + description: |- + [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Describes this bucket. + type: string + enableAnalytics: + description: ' Whether or not Log Analytics is enabled. Logs for buckets + with Log Analytics enabled can be queried in the Log Analytics page + using SQL queries. Cannot be disabled once enabled.' + type: boolean + folderRef: + description: Immutable. The Folder that this resource belongs to. + Only one of [billingAccountRef, folderRef, organizationRef, projectRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Folder` resource (format: `folders/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: 'Immutable. The location of the resource. The supported + locations are: global, us-central1, us-east1, us-west1, asia-east1, + europe-west1.' + type: string + locked: + description: Whether the bucket has been locked. The retention period + on a locked bucket may not be changed. Locked buckets may only be + deleted if they are empty. + type: boolean + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [billingAccountRef, folderRef, organizationRef, + projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [billingAccountRef, folderRef, organizationRef, projectRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retentionDays: + description: Logs will be retained by default for this amount of time, + after which they will automatically be deleted. The minimum retention + period is 1 day. If this value is set to zero at bucket creation + time, the default time of 30 days will be used. + format: int64 + type: integer + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of the bucket. This + is not set for any of the default buckets. + format: date-time + type: string + lifecycleState: + description: 'Output only. The bucket lifecycle state. Possible values: + LIFECYCLE_STATE_UNSPECIFIED, ACTIVE, DELETE_REQUESTED' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of the bucket. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: logginglogexclusions.logging.cnrm.cloud.google.com +spec: + group: logging.cnrm.cloud.google.com + names: + categories: + - gcp + kind: LoggingLogExclusion + plural: logginglogexclusions + shortNames: + - gcplogginglogexclusion + - gcplogginglogexclusions + singular: logginglogexclusion + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - projectRef + - required: + - folderRef + - required: + - organizationRef + - required: + - billingAccountRef + properties: + billingAccountRef: + description: Immutable. The BillingAccount that this resource belongs + to. Only one of [projectRef, folderRef, organizationRef, billingAccountRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Billing Account (format: `billingAccounts/{{name}}`).' + type: string + name: + description: |- + [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Optional. A description of this exclusion. + type: string + disabled: + description: Optional. If set to True, then this exclusion is disabled + and it does not exclude any log entries. You can update an exclusion + to change the value of this field. + type: boolean + filter: + description: 'Required. An (https://cloud.google.com/logging/docs/view/advanced-queries#sample), + you can exclude less than 100% of the matching log entries. For + example, the following query matches 99% of low-severity log entries + from Google Cloud Storage buckets: `"resource.type=gcs_bucket severity' + type: string + folderRef: + description: Immutable. The Folder that this resource belongs to. + Only one of [projectRef, folderRef, organizationRef, billingAccountRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Folder` resource (format: `folders/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [projectRef, folderRef, organizationRef, billingAccountRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [projectRef, folderRef, organizationRef, billingAccountRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - filter + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of the exclusion. + This field may not be present for older exclusions. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of the exclusion. + This field may not be present for older exclusions. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: logginglogmetrics.logging.cnrm.cloud.google.com +spec: + group: logging.cnrm.cloud.google.com + names: + categories: + - gcp + kind: LoggingLogMetric + listKind: LoggingLogMetricList + plural: logginglogmetrics + shortNames: + - gcplogginglogmetric + - gcplogginglogmetrics + singular: logginglogmetric + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: LoggingLogMetric is the Schema for the logging API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bucketOptions: + description: Optional. The `bucket_options` are required when the + logs-based metric is using a DISTRIBUTION value type and it describes + the bucket boundaries used to create a histogram of the extracted + values. + properties: + explicitBuckets: + description: The explicit buckets. + properties: + bounds: + description: The values must be monotonically increasing. + format: double + items: + type: number + type: array + type: object + exponentialBuckets: + description: The exponential buckets. + properties: + growthFactor: + description: Must be greater than 1. + format: double + type: number + numFiniteBuckets: + description: Must be greater than 0. + format: int64 + type: integer + scale: + description: Must be greater than 0. + format: double + type: number + type: object + linearBuckets: + description: The linear bucket. + properties: + numFiniteBuckets: + description: Must be greater than 0. + format: int64 + type: integer + offset: + description: Lower bound of the first bucket. + format: double + type: number + width: + description: Must be greater than 0. + format: double + type: number + type: object + type: object + description: + description: Optional. A description of this metric, which is used + in documentation. The maximum length of the description is 8000 + characters. + type: string + disabled: + description: Optional. If set to True, then this metric is disabled + and it does not generate any points. + type: boolean + filter: + description: 'Required. An [advanced logs filter](https://cloud.google.com/logging/docs/view/advanced_filters) + which is used to match log entries. Example: "resource.type=gae_app + AND severity>=ERROR" The maximum length of the filter is 20000 characters.' + type: string + labelExtractors: + additionalProperties: + type: string + description: Optional. A map from a label key string to an extractor + expression which is used to extract data from a log entry field + and assign as the label value. Each label key specified in the LabelDescriptor + must have an associated extractor expression in this map. The syntax + of the extractor expression is the same as for the `value_extractor` + field. The extracted value is converted to the type defined in the + label descriptor. If the either the extraction or the type conversion + fails, the label will have a default value. The default value for + a string label is an empty string, for an integer label its 0, and + for a boolean label its `false`. Note that there are upper bounds + on the maximum number of labels and the number of active time series + that are allowed in a project. + type: object + loggingLogBucketRef: + description: The reference to the Log Bucket that owns the Log Metric. + Only Log Buckets in projects are supported. The bucket has to be + in the same project as the metric. For example:projects/my-project/locations/global/buckets/my-bucket + If empty, then the Log Metric is considered a non-Bucket Log Metric. + Only `external` field is supported to configure the reference for + now. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: The external name of the referenced resource + type: string + kind: + description: Kind of the referent. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + metricDescriptor: + description: Optional. The metric descriptor associated with the logs-based + metric. If unspecified, it uses a default metric descriptor with + a DELTA metric kind, INT64 value type, with no labels and a unit + of "1". Such a metric counts the number of log entries matching + the `filter` expression. The `name`, `type`, and `description` fields + in the `metric_descriptor` are output only, and is constructed using + the `name` and `description` field in the LogMetric. To create a + logs-based metric that records a distribution of log values, a DELTA + metric kind with a DISTRIBUTION value type must be used along with + a `value_extractor` expression in the LogMetric. Each label in the + metric descriptor must have a matching label name as the key and + an extractor expression as the value in the `label_extractors` map. + The `metric_kind` and `value_type` fields in the `metric_descriptor` + cannot be updated once initially configured. New labels can be added + in the `metric_descriptor`, but existing labels cannot be modified + except for their description. + properties: + displayName: + description: A concise name for the metric, which can be displayed + in user interfaces. Use sentence case without an ending period, + for example "Request count". This field is optional but it is + recommended to be set for any metrics associated with user-visible + concepts, such as Quota. + type: string + labels: + description: The set of labels that can be used to describe a + specific instance of this metric type. For example, the `appengine.googleapis.com/http/server/response_latencies` + metric type has a label for the HTTP response code, `response_code`, + so you can look at latencies for successful responses or just + for responses that failed. + items: + properties: + description: + description: Immutable. A human-readable description for + the label. + type: string + key: + description: Immutable. The label key. + type: string + valueType: + description: 'Immutable. The type of data that can be assigned + to the label. Possible values: STRING, BOOL, INT64, DOUBLE, + DISTRIBUTION, MONEY' + type: string + type: object + type: array + launchStage: + description: 'Optional. The launch stage of the metric definition. + Possible values: UNIMPLEMENTED, PRELAUNCH, EARLY_ACCESS, ALPHA, + BETA, GA, DEPRECATED' + type: string + metadata: + description: Optional. Metadata which can be used to guide usage + of the metric. + properties: + ingestDelay: + description: The delay of data points caused by ingestion. + Data points older than this age are guaranteed to be ingested + and available to be read, excluding data loss due to errors. + type: string + samplePeriod: + description: The sampling period of metric data points. For + metrics which are written periodically, consecutive data + points are stored at this time interval, excluding data + loss due to errors. Metrics with a higher granularity have + a smaller sampling period. + type: string + type: object + metricKind: + description: 'Immutable. Whether the metric records instantaneous + values, changes to a value, etc. Some combinations of `metric_kind` + and `value_type` might not be supported. Possible values: GAUGE, + DELTA, CUMULATIVE' + type: string + unit: + description: 'The units in which the metric value is reported. + It is only applicable if the `value_type` is `INT64`, `DOUBLE`, + or `DISTRIBUTION`. The `unit` defines the representation of + the stored metric values. Different systems might scale the + values to be more easily displayed (so a value of `0.02kBy` + _might_ be displayed as `20By`, and a value of `3523kBy` _might_ + be displayed as `3.5MBy`). However, if the `unit` is `kBy`, + then the value of the metric is always in thousands of bytes, + no matter how it might be displayed. If you want a custom metric + to record the exact number of CPU-seconds used by a job, you + can create an `INT64 CUMULATIVE` metric whose `unit` is `s{CPU}` + (or equivalently `1s{CPU}` or just `s`). If the job uses 12,005 + CPU-seconds, then the value is written as `12005`. Alternatively, + if you want a custom metric to record data in a more granular + way, you can create a `DOUBLE CUMULATIVE` metric whose `unit` + is `ks{CPU}`, and then write the value `12.005` (which is `12005/1000`), + or use `Kis{CPU}` and write `11.723` (which is `12005/1024`). + The supported units are a subset of [The Unified Code for Units + of Measure](https://unitsofmeasure.org/ucum.html) standard: + **Basic units (UNIT)** * `bit` bit * `By` byte * `s` second + * `min` minute * `h` hour * `d` day * `1` dimensionless **Prefixes + (PREFIX)** * `k` kilo (10^3) * `M` mega (10^6) * `G` giga (10^9) + * `T` tera (10^12) * `P` peta (10^15) * `E` exa (10^18) * `Z` + zetta (10^21) * `Y` yotta (10^24) * `m` milli (10^-3) * `u` + micro (10^-6) * `n` nano (10^-9) * `p` pico (10^-12) * `f` femto + (10^-15) * `a` atto (10^-18) * `z` zepto (10^-21) * `y` yocto + (10^-24) * `Ki` kibi (2^10) * `Mi` mebi (2^20) * `Gi` gibi (2^30) + * `Ti` tebi (2^40) * `Pi` pebi (2^50) **Grammar** The grammar + also includes these connectors: * `/` division or ratio (as + an infix operator). For examples, `kBy/{email}` or `MiBy/10ms` + (although you should almost never have `/s` in a metric `unit`; + rates should always be computed at query time from the underlying + cumulative or delta value). * `.` multiplication or composition + (as an infix operator). For examples, `GBy.d` or `k{watt}.h`. + The grammar for a unit is as follows: Expression = Component: + { "." Component } { "/" Component } ; Component = ( [ PREFIX + ] UNIT | "%" ) [ Annotation ] | Annotation | "1" ; Annotation + = "{" NAME "}" ; Notes: * `Annotation` is just a comment if + it follows a `UNIT`. If the annotation is used alone, then the + unit is equivalent to `1`. For examples, `{request}/s == 1/s`, + `By{transmitted}/s == By/s`. * `NAME` is a sequence of non-blank + printable ASCII characters not containing `{` or `}`. * `1` + represents a unitary [dimensionless unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) + of 1, such as in `1/s`. It is typically used when none of the + basic units are appropriate. For example, "new users per day" + can be represented as `1/d` or `{new-users}/d` (and a metric + value `5` would mean "5 new users). Alternatively, "thousands + of page views per day" would be represented as `1000/d` or `k1/d` + or `k{page_views}/d` (and a metric value of `5.3` would mean + "5300 page views per day"). * `%` represents dimensionless value + of 1/100, and annotates values giving a percentage (so the metric + values are typically in the range of 0..100, and a metric value + `3` means "3 percent"). * `10^2.%` indicates a metric contains + a ratio, typically in the range 0..1, that will be multiplied + by 100 and displayed as a percentage (so a metric value `0.03` + means "3 percent").' + type: string + valueType: + description: 'Immutable. Whether the measurement is an integer, + a floating-point number, etc. Some combinations of `metric_kind` + and `value_type` might not be supported. Possible values: STRING, + BOOL, INT64, DOUBLE, DISTRIBUTION, MONEY' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + valueExtractor: + description: 'Optional. A `value_extractor` is required when using + a distribution logs-based metric to extract the values to record + from a log entry. Two functions are supported for value extraction: + `EXTRACT(field)` or `REGEXP_EXTRACT(field, regex)`. The argument + are: 1. field: The name of the log entry field from which the value + is to be extracted. 2. regex: A regular expression using the Google + RE2 syntax (https://github.com/google/re2/wiki/Syntax) with a single + capture group to extract data from the specified log entry field. + The value of the field is converted to a string before applying + the regex. It is an error to specify a regex that does not include + exactly one capture group. The result of the extraction must be + convertible to a double type, as the distribution always records + double values. If either the extraction or the conversion to double + fails, then those values are not recorded in the distribution. Example: + `REGEXP_EXTRACT(jsonPayload.request, ".*quantity=(d+).*")`' + type: string + required: + - filter + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observations + of the LoggingLogMetric's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of the metric. This + field may not be present for older metrics. + format: date-time + type: string + metricDescriptor: + properties: + description: + description: A detailed description of the metric, which can be + used in documentation. + type: string + monitoredResourceTypes: + description: Read-only. If present, then a time series, which + is identified partially by a metric type and a MonitoredResourceDescriptor, + that is associated with this metric type can only be associated + with one of the monitored resource types listed here. + items: + type: string + type: array + name: + description: The resource name of the metric descriptor. + type: string + type: + description: 'The metric type, including its DNS name prefix. + The type is not URL-encoded. All user-defined metric types have + the DNS name `custom.googleapis.com` or `external.googleapis.com`. + Metric types should use a natural hierarchical grouping. For + example: "custom.googleapis.com/invoice/paid/amount" "external.googleapis.com/prometheus/up" + "appengine.googleapis.com/http/server/response_latencies"' + type: string + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of the metric. + This field may not be present for older metrics. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: logginglogsinks.logging.cnrm.cloud.google.com +spec: + group: logging.cnrm.cloud.google.com + names: + categories: + - gcp + kind: LoggingLogSink + plural: logginglogsinks + shortNames: + - gcplogginglogsink + - gcplogginglogsinks + singular: logginglogsink + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bigqueryOptions: + description: Options that affect sinks exporting data to BigQuery. + properties: + usePartitionedTables: + description: Whether to use BigQuery's partition tables. By default, + Logging creates dated tables based on the log entries' timestamps, + e.g. syslog_20170523. With partitioned tables the date suffix + is no longer present and special query syntax has to be used + instead. In both cases, tables are sharded based on UTC timezone. + type: boolean + required: + - usePartitionedTables + type: object + description: + description: A description of this sink. The maximum length of the + description is 8000 characters. + type: string + destination: + oneOf: + - required: + - bigQueryDatasetRef + - required: + - loggingLogBucketRef + - required: + - pubSubTopicRef + - required: + - storageBucketRef + properties: + bigQueryDatasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `bigquery.googleapis.com/projects/{{project}}/datasets/{{value}}`, + where {{value}} is the `name` field of a `BigQueryDataset` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + loggingLogBucketRef: + description: Only `external` field is supported to configure the + reference. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `logging.googleapis.com/projects/{{project}}/locations/{{location}}/buckets/{{value}}`, + where {{value}} is the `name` field of a `LoggingLogBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + pubSubTopicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `pubsub.googleapis.com/projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + storageBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `storage.googleapis.com/{{value}}`, + where {{value}} is the `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + disabled: + description: If set to True, then this sink is disabled and it does + not export any log entries. + type: boolean + exclusions: + description: Log entries that match any of the exclusion filters will + not be exported. If a log entry is matched by both filter and one + of exclusion's filters, it will not be exported. + items: + properties: + description: + description: A description of this exclusion. + type: string + disabled: + description: If set to True, then this exclusion is disabled + and it does not exclude any log entries. + type: boolean + filter: + description: An advanced logs filter that matches the log entries + to be excluded. By using the sample function, you can exclude + less than 100% of the matching log entries. + type: string + name: + description: A client-assigned identifier, such as "load-balancer-exclusion". + Identifiers are limited to 100 characters and can include + only letters, digits, underscores, hyphens, and periods. First + character has to be alphanumeric. + type: string + required: + - filter + - name + type: object + type: array + filter: + description: The filter to apply when exporting logs. Only log entries + that match the filter are exported. + type: string + folderRef: + description: |- + The folder in which to create the sink. Only one of projectRef, + folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `folderId` field of a `Folder` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + includeChildren: + description: Immutable. Whether or not to include children organizations + in the sink export. If true, logs associated with child projects + are also exported; otherwise only logs relating to the provided + organization are included. + type: boolean + organizationRef: + description: |- + The organization in which to create the sink. Only one of projectRef, + folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: |- + The project in which to create the sink. Only one of projectRef, + folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + uniqueWriterIdentity: + description: Whether or not to create a unique identity associated + with this sink. If false (the default), then the writer_identity + used is serviceAccount:cloud-logs@system.gserviceaccount.com. If + true, then a unique service account is created and used for this + sink. If you wish to publish logs across projects, you must set + unique_writer_identity to true. + type: boolean + required: + - destination + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + writerIdentity: + description: The identity associated with this sink. This identity + must be granted write access to the configured destination. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: logginglogviews.logging.cnrm.cloud.google.com +spec: + group: logging.cnrm.cloud.google.com + names: + categories: + - gcp + kind: LoggingLogView + plural: logginglogviews + shortNames: + - gcplogginglogview + - gcplogginglogviews + singular: logginglogview + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - billingAccountRef + - required: + - folderRef + - required: + - organizationRef + - required: + - projectRef + properties: + billingAccountRef: + description: Immutable. The BillingAccount that this resource belongs + to. Only one of [billingAccountRef, folderRef, organizationRef, + projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Billing Account (format: `billingAccounts/{{name}}`).' + type: string + name: + description: |- + [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + bucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The bucket of the resource + + Allowed value: The Google Cloud resource name of a `LoggingLogBucket` resource (format: `{{parent}}/locations/{{location}}/buckets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Describes this view. + type: string + filter: + description: 'Filter that restricts which log entries in a bucket + are visible in this view. Filters are restricted to be a logical + AND of ==/!= of any of the following: - originating project/folder/organization/billing + account. - resource type - log id For example: SOURCE("projects/myproject") + AND resource.type = "gce_instance" AND LOG_ID("stdout")' + type: string + folderRef: + description: Immutable. The Folder that this resource belongs to. + Only one of [billingAccountRef, folderRef, organizationRef, projectRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Folder` resource (format: `folders/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: 'Immutable. The location of the resource. The supported + locations are: global, us-central1, us-east1, us-west1, asia-east1, + europe-west1.' + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [billingAccountRef, folderRef, organizationRef, + projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [billingAccountRef, folderRef, organizationRef, projectRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - bucketRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of the view. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of the view. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: memcacheinstances.memcache.cnrm.cloud.google.com +spec: + group: memcache.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MemcacheInstance + plural: memcacheinstances + shortNames: + - gcpmemcacheinstance + - gcpmemcacheinstances + singular: memcacheinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: A user-visible name for the instance. + type: string + maintenancePolicy: + description: Maintenance policy for an instance. + properties: + createTime: + description: |- + Output only. The time when the policy was created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + description: + description: |- + Optional. Description of what this policy is for. + Create/Update methods return INVALID_ARGUMENT if the + length is greater than 512. + type: string + updateTime: + description: |- + Output only. The time when the policy was updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + weeklyMaintenanceWindow: + description: |- + Required. Maintenance window that is applied to resources covered by this policy. + Minimum 1. For the current version, the maximum number of weekly_maintenance_windows + is expected to be one. + items: + properties: + day: + description: |- + Required. The day of week that maintenance updates occur. + - DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified. + - MONDAY: Monday + - TUESDAY: Tuesday + - WEDNESDAY: Wednesday + - THURSDAY: Thursday + - FRIDAY: Friday + - SATURDAY: Saturday + - SUNDAY: Sunday Possible values: ["DAY_OF_WEEK_UNSPECIFIED", "MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"]. + type: string + duration: + description: |- + Required. The length of the maintenance window, ranging from 3 hours to 8 hours. + A duration in seconds with up to nine fractional digits, + terminated by 's'. Example: "3.5s". + type: string + startTime: + description: Required. Start time of the window in UTC time. + properties: + hours: + description: |- + Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 + to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must + be from 0 to 999,999,999. + type: integer + seconds: + description: |- + Seconds of minutes of the time. Must normally be from 0 to 59. + An API may allow the value 60 if it allows leap-seconds. + type: integer + type: object + required: + - day + - duration + - startTime + type: object + type: array + required: + - weeklyMaintenanceWindow + type: object + memcacheParameters: + description: Immutable. User-specified parameters for this memcache + instance. + properties: + id: + description: This is a unique ID associated with this set of parameters. + type: string + params: + additionalProperties: + type: string + description: User-defined set of parameters to use in the memcache + process. + type: object + type: object + memcacheVersion: + description: |- + The major version of Memcached software. If not provided, latest supported version will be used. + Currently the latest supported major version is MEMCACHE_1_5. The minor version will be automatically + determined by our system based on the latest supported minor version. Default value: "MEMCACHE_1_5" Possible values: ["MEMCACHE_1_5"]. + type: string + networkRef: + description: The full name of the network to connect the instance + to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/global/networks/{{value}}`, + where {{value}} is the `name` field of a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodeConfig: + description: Immutable. Configuration for memcache nodes. + properties: + cpuCount: + description: Number of CPUs per node. + type: integer + memorySizeMb: + description: Memory size in Mebibytes for each memcache node. + type: integer + required: + - cpuCount + - memorySizeMb + type: object + nodeCount: + description: Number of nodes in the memcache instance. + type: integer + region: + description: Immutable. The region of the Memcache instance. If it + is not provided, the provider region is used. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zones: + description: |- + Immutable. Zones where memcache nodes should be provisioned. If not + provided, all zones will be used. + items: + type: string + type: array + required: + - nodeConfig + - nodeCount + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Creation timestamp in RFC3339 text format. + type: string + discoveryEndpoint: + description: Endpoint for Discovery API. + type: string + maintenanceSchedule: + description: Output only. Published maintenance schedule. + items: + properties: + endTime: + description: |- + Output only. The end time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + scheduleDeadlineTime: + description: |- + Output only. The deadline that the maintenance schedule start time + can not go beyond, including reschedule. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + startTime: + description: |- + Output only. The start time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + type: object + type: array + memcacheFullVersion: + description: The full version of memcached server running on this + instance. + type: string + memcacheNodes: + description: Additional information about the instance state, if available. + items: + properties: + host: + description: Hostname or IP address of the Memcached node used + by the clients to connect to the Memcached server on this + node. + type: string + nodeId: + description: Identifier of the Memcached node. The node id does + not include project or location like the Memcached instance + name. + type: string + port: + description: The port number of the Memcached server on this + node. + type: integer + state: + description: Current state of the Memcached node. + type: string + zone: + description: Location (GCP Zone) for the Memcached node. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: memorystoreinstances.memorystore.cnrm.cloud.google.com +spec: + group: memorystore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MemorystoreInstance + listKind: MemorystoreInstanceList + plural: memorystoreinstances + shortNames: + - gcpmemorystoreinstance + - gcpmemorystoreinstances + singular: memorystoreinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: MemorystoreInstance is the Schema for the MemorystoreInstance + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MemorystoreInstanceSpec defines the desired state of MemorystoreInstance + properties: + authorizationMode: + description: Optional. Immutable. Authorization mode of the instance. + type: string + deletionProtectionEnabled: + description: Optional. If set to true deletion of the instance will + fail. + type: boolean + engineConfigs: + additionalProperties: + type: string + description: Optional. User-provided engine configurations for the + instance. + type: object + engineVersion: + description: Optional. Immutable. Engine version of the instance. + type: string + location: + description: Immutable. + type: string + x-kubernetes-validations: + - message: Location field is immutable + rule: self == oldSelf + nodeType: + description: Optional. Immutable. Machine type for individual nodes + of the instance. + type: string + persistenceConfig: + description: Optional. Persistence configuration of the instance. + properties: + aofConfig: + description: Optional. AOF configuration. This field will be ignored + if mode is not AOF. + properties: + appendFsync: + description: Optional. The fsync mode. + type: string + type: object + mode: + description: Optional. Current persistence mode. + type: string + rdbConfig: + description: Optional. RDB configuration. This field will be ignored + if mode is not RDB. + properties: + rdbSnapshotPeriod: + description: Optional. Period between RDB snapshots. + type: string + rdbSnapshotStartTime: + description: Optional. Time that the first snapshot was/will + be attempted, and to which future snapshots will be aligned. + If not provided, the current time will be used. + type: string + type: object + type: object + projectRef: + description: The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + pscAutoConnections: + description: Required. Immutable. User inputs for the auto-created + PSC connections. + items: + description: kcc specific struct to separate input and output fields + in google.cloud.memorystore.v1beta.PscAutoConnection + properties: + networkRef: + description: Required. The network where the PSC endpoints are + created, in the form of projects/{project_id}/global/networks/{network_id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed Compute + Network resource. Should be in the format `projects//global/networks/`. + type: string + name: + description: The `name` field of a `ComputeNetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeNetwork` + resource. + type: string + type: object + projectRef: + description: Required. The consumer project_id where PSC connections + are established. This should be the same project_id that the + cluster is being created in. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: The `projectID` field of a project, when not + managed by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional + but must be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + required: + - networkRef + - projectRef + type: object + type: array + replicaCount: + description: Optional. Number of replica nodes per shard. If omitted + the default is 0 replicas. + format: int32 + type: integer + resourceID: + description: Optional. Immutable. The MemorystoreInstance name. If + not given, the metadata.name will be used. + type: string + shardCount: + description: Optional. Number of shards for the instance. + format: int32 + type: integer + transitEncryptionMode: + description: Optional. Immutable. In-transit encryption mode of the + instance. + type: string + zoneDistributionConfig: + description: Optional. Immutable. Zone distribution configuration + of the instance for node allocatiteon. + properties: + mode: + description: Optional. Current zone distribution mode. Defaults + to MULTI_ZONE. + type: string + zone: + description: Optional. Defines zone where all resources will be + allocated with SINGLE_ZONE mode. Ignored for MULTI_ZONE mode. + type: string + type: object + required: + - location + - projectRef + type: object + status: + description: MemorystoreInstanceStatus defines the config connector machine + state of MemorystoreInstance + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the MemorystoreInstance resource + in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + authorizationMode: + description: Optional. Immutable. Authorization mode of the instance. + type: string + createTime: + description: Output only. Creation timestamp of the instance. + type: string + discoveryEndpoints: + description: Output only. Endpoints clients can connect to the + instance through. Currently only one discovery endpoint is supported. + items: + properties: + address: + description: Output only. IP address of the exposed endpoint + clients connect to. + type: string + network: + description: Output only. The network where the IP address + of the discovery endpoint will be reserved, in the form + of projects/{network_project}/global/networks/{network_id}. + type: string + port: + description: Output only. The port number of the exposed + endpoint. + format: int32 + type: integer + type: object + type: array + engineVersion: + description: Optional. Immutable. Engine version of the instance. + https://cloud.google.com/memorystore/docs/valkey/supported-versions + type: string + name: + description: 'Identifier. Unique name of the instance. Format: + projects/{project}/locations/{location}/instances/{instance}' + type: string + nodeConfig: + description: Output only. Configuration of individual nodes of + the instance. + properties: + sizeGb: + description: Output only. Memory size in GB of the node. + type: number + type: object + nodeType: + description: Optional. Immutable. Machine type for individual + nodes of the instance. + type: string + pscAutoConnections: + description: Output only. Resource details of the auto-created + PSC connections. + items: + properties: + connectionType: + description: Output only. Type of the PSC connection. + type: string + forwardingRule: + description: 'Output only. The URI of the consumer side + forwarding rule. Format: projects/{project}/regions/{region}/forwardingRules/{forwarding_rule}' + type: string + ipAddress: + description: Output only. The IP allocated on the consumer + network for the PSC forwarding rule. + type: string + network: + description: Required. The network where the PSC endpoints + are created, in the form of projects/{project_id}/global/networks/{network_id}. + type: string + port: + description: Optional. Output only. port will only be set + for Primary/Reader or Discovery endpoint. + format: int32 + type: integer + projectID: + description: Required. The consumer project_id where PSC + connections are established. This should be the same project_id + that the cluster is being created in. + type: string + pscConnectionID: + description: Output only. The PSC connection id of the forwarding + rule connected to the service attachment. + type: string + pscConnectionStatus: + description: 'Output only. The status of the PSC connection: + whether a connection exists and ACTIVE or it no longer + exists. Please note that this value is updated periodically. + Please use Private Service Connect APIs for the latest + status.' + type: string + serviceAttachment: + description: Output only. The service attachment which is + the target of the PSC connection, in the form of projects/{project-id}/regions/{region}/serviceAttachments/{service-attachment-id}. + type: string + type: object + type: array + state: + description: Output only. Current state of the instance. + type: string + stateInfo: + description: Output only. Additional information about the state + of the instance. + properties: + updateInfo: + description: Output only. Describes ongoing update when instance + state is UPDATING. + properties: + targetReplicaCount: + description: Output only. Target number of replica nodes + per shard for the instance. + format: int32 + type: integer + targetShardCount: + description: Output only. Target number of shards for + the instance. + format: int32 + type: integer + type: object + type: object + transitEncryptionMode: + description: Optional. Immutable. In-transit encryption mode of + the instance. + type: string + uid: + description: Output only. System assigned, unique identifier for + the instance. + type: string + updateTime: + description: Output only. Latest update timestamp of the instance. + type: string + zoneDistributionConfig: + description: Optional. Immutable. Zone distribution configuration + of the instance for node allocation. + properties: + mode: + description: Optional. Current zone distribution mode. Defaults + to MULTI_ZONE. + type: string + zone: + description: Optional. Defines zone where all resources will + be allocated with SINGLE_ZONE mode. Ignored for MULTI_ZONE + mode. + type: string + type: object + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: mlenginemodels.mlengine.cnrm.cloud.google.com +spec: + group: mlengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MLEngineModel + plural: mlenginemodels + shortNames: + - gcpmlenginemodel + - gcpmlenginemodels + singular: mlenginemodel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultVersion: + description: |- + Immutable. The default version of the model. This version will be used to handle + prediction requests that do not specify a version. + properties: + name: + description: Immutable. The name specified for the version when + it was created. + type: string + required: + - name + type: object + description: + description: Immutable. The description specified for the model when + it was created. + type: string + onlinePredictionConsoleLogging: + description: Immutable. If true, online prediction nodes send stderr + and stdout streams to Stackdriver Logging. + type: boolean + onlinePredictionLogging: + description: Immutable. If true, online prediction access logs are + sent to StackDriver Logging. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + regions: + description: |- + Immutable. The list of regions where the model is going to be deployed. + Currently only one region per model is supported. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: monitoringalertpolicies.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringAlertPolicy + plural: monitoringalertpolicies + shortNames: + - gcpmonitoringalertpolicy + - gcpmonitoringalertpolicies + singular: monitoringalertpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + alertStrategy: + description: Control over how this alert policy's notification channels + are notified. + properties: + autoClose: + description: If an alert policy that was active has no data for + this long, any open incidents will close. + type: string + notificationChannelStrategy: + description: |- + Control over how the notification channels in 'notification_channels' + are notified when this alert fires, on a per-channel basis. + items: + properties: + notificationChannelNames: + description: |- + The notification channels that these settings apply to. Each of these + correspond to the name field in one of the NotificationChannel objects + referenced in the notification_channels field of this AlertPolicy. The format is + 'projects/[PROJECT_ID_OR_NUMBER]/notificationChannels/[CHANNEL_ID]'. + items: + type: string + type: array + renotifyInterval: + description: The frequency at which to send reminder notifications + for open incidents. + type: string + type: object + type: array + notificationRateLimit: + description: |- + Required for alert policies with a LogMatch condition. + This limit is not implemented for alert policies that are not log-based. + properties: + period: + description: Not more than one notification per period. + type: string + type: object + type: object + combiner: + description: |- + How to combine the results of multiple conditions to + determine if an incident should be opened. Possible values: ["AND", "OR", "AND_WITH_MATCHING_RESOURCE"]. + type: string + conditions: + description: |- + A list of conditions for the policy. The conditions are combined by + AND or OR according to the combiner field. If the combined conditions + evaluate to true, then an incident is created. A policy can have from + one to six conditions. + items: + properties: + conditionAbsent: + description: |- + A condition that checks that a time series + continues to receive new data points. + properties: + aggregations: + description: |- + Specifies the alignment of data points in + individual time series as well as how to + combine the retrieved time series together + (such as when aggregating multiple streams + on each resource to a single stream for each + resource or when aggregating streams across + all members of a group of resources). + Multiple aggregations are applied in the + order specified. + items: + properties: + alignmentPeriod: + description: |- + The alignment period for per-time + series alignment. If present, + alignmentPeriod must be at least + 60 seconds. After per-time series + alignment, each time series will + contain data points only on the + period boundaries. If + perSeriesAligner is not specified + or equals ALIGN_NONE, then this + field is ignored. If + perSeriesAligner is specified and + does not equal ALIGN_NONE, then + this field must be defined; + otherwise an error is returned. + type: string + crossSeriesReducer: + description: |- + The approach to be used to combine + time series. Not all reducer + functions may be applied to all + time series, depending on the + metric type and the value type of + the original time series. + Reduction may change the metric + type of value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. Possible values: ["REDUCE_NONE", "REDUCE_MEAN", "REDUCE_MIN", "REDUCE_MAX", "REDUCE_SUM", "REDUCE_STDDEV", "REDUCE_COUNT", "REDUCE_COUNT_TRUE", "REDUCE_COUNT_FALSE", "REDUCE_FRACTION_TRUE", "REDUCE_PERCENTILE_99", "REDUCE_PERCENTILE_95", "REDUCE_PERCENTILE_50", "REDUCE_PERCENTILE_05"]. + type: string + groupByFields: + description: |- + The set of fields to preserve when + crossSeriesReducer is specified. + The groupByFields determine how + the time series are partitioned + into subsets prior to applying the + aggregation function. Each subset + contains time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of exactly + one subset. The crossSeriesReducer + is applied to each subset of time + series. It is not possible to + reduce across different resource + types, so this field implicitly + contains resource.type. Fields not + specified in groupByFields are + aggregated away. If groupByFields + is not specified and all the time + series have the same resource + type, then the time series are + aggregated into a single output + time series. If crossSeriesReducer + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: |- + The approach to be used to align + individual time series. Not all + alignment functions may be applied + to all time series, depending on + the metric type and value type of + the original time series. + Alignment may change the metric + type or the value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. Possible values: ["ALIGN_NONE", "ALIGN_DELTA", "ALIGN_RATE", "ALIGN_INTERPOLATE", "ALIGN_NEXT_OLDER", "ALIGN_MIN", "ALIGN_MAX", "ALIGN_MEAN", "ALIGN_COUNT", "ALIGN_SUM", "ALIGN_STDDEV", "ALIGN_COUNT_TRUE", "ALIGN_COUNT_FALSE", "ALIGN_FRACTION_TRUE", "ALIGN_PERCENTILE_99", "ALIGN_PERCENTILE_95", "ALIGN_PERCENTILE_50", "ALIGN_PERCENTILE_05", "ALIGN_PERCENT_CHANGE"]. + type: string + type: object + type: array + duration: + description: |- + The amount of time that a time series must + fail to report new data to be considered + failing. Currently, only values that are a + multiple of a minute--e.g. 60s, 120s, or 300s + --are supported. + type: string + filter: + description: |- + A filter that identifies which time series + should be compared with the threshold.The + filter is similar to the one that is + specified in the + MetricService.ListTimeSeries request (that + call is useful to verify the time series + that will be retrieved / processed) and must + specify the metric type and optionally may + contain restrictions on resource type, + resource labels, and metric labels. This + field may not exceed 2048 Unicode characters + in length. + type: string + trigger: + description: |- + The number/percent of time series for which + the comparison must hold in order for the + condition to trigger. If unspecified, then + the condition will trigger if the comparison + is true for any of the time series that have + been identified by filter and aggregations. + properties: + count: + description: |- + The absolute number of time series + that must fail the predicate for the + condition to be triggered. + type: integer + percent: + description: |- + The percentage of time series that + must fail the predicate for the + condition to be triggered. + type: number + type: object + required: + - duration + type: object + conditionMatchedLog: + description: |- + A condition that checks for log messages matching given constraints. + If set, no other conditions can be present. + properties: + filter: + description: A logs-based filter. + type: string + labelExtractors: + additionalProperties: + type: string + description: |- + A map from a label key to an extractor expression, which is used to + extract the value for this label key. Each entry in this map is + a specification for how data should be extracted from log entries that + match filter. Each combination of extracted values is treated as + a separate rule for the purposes of triggering notifications. + Label keys and corresponding values can be used in notifications + generated by this condition. + type: object + required: + - filter + type: object + conditionMonitoringQueryLanguage: + description: A Monitoring Query Language query that outputs + a boolean stream. + properties: + duration: + description: |- + The amount of time that a time series must + violate the threshold to be considered + failing. Currently, only values that are a + multiple of a minute--e.g., 0, 60, 120, or + 300 seconds--are supported. If an invalid + value is given, an error will be returned. + When choosing a duration, it is useful to + keep in mind the frequency of the underlying + time series data (which may also be affected + by any alignments specified in the + aggregations field); a good duration is long + enough so that a single outlier does not + generate spurious alerts, but short enough + that unhealthy states are detected and + alerted on quickly. + type: string + evaluationMissingData: + description: |- + A condition control that determines how + metric-threshold conditions are evaluated when + data stops arriving. Possible values: ["EVALUATION_MISSING_DATA_INACTIVE", "EVALUATION_MISSING_DATA_ACTIVE", "EVALUATION_MISSING_DATA_NO_OP"]. + type: string + query: + description: Monitoring Query Language query that outputs + a boolean stream. + type: string + trigger: + description: |- + The number/percent of time series for which + the comparison must hold in order for the + condition to trigger. If unspecified, then + the condition will trigger if the comparison + is true for any of the time series that have + been identified by filter and aggregations, + or by the ratio, if denominator_filter and + denominator_aggregations are specified. + properties: + count: + description: |- + The absolute number of time series + that must fail the predicate for the + condition to be triggered. + type: integer + percent: + description: |- + The percentage of time series that + must fail the predicate for the + condition to be triggered. + type: number + type: object + required: + - duration + - query + type: object + conditionPrometheusQueryLanguage: + description: |- + A Monitoring Query Language query that outputs a boolean stream + + A condition type that allows alert policies to be defined using + Prometheus Query Language (PromQL). + + The PrometheusQueryLanguageCondition message contains information + from a Prometheus alerting rule and its associated rule group. + properties: + alertRule: + description: |- + The alerting rule name of this alert in the corresponding Prometheus + configuration file. + + Some external tools may require this field to be populated correctly + in order to refer to the original Prometheus configuration file. + The rule group name and the alert name are necessary to update the + relevant AlertPolicies in case the definition of the rule group changes + in the future. + + This field is optional. If this field is not empty, then it must be a + valid Prometheus label name. + type: string + duration: + description: |- + Alerts are considered firing once their PromQL expression evaluated + to be "true" for this long. Alerts whose PromQL expression was not + evaluated to be "true" for long enough are considered pending. The + default value is zero. Must be zero or positive. + type: string + evaluationInterval: + description: |- + How often this rule should be evaluated. Must be a positive multiple + of 30 seconds or missing. The default value is 30 seconds. If this + PrometheusQueryLanguageCondition was generated from a Prometheus + alerting rule, then this value should be taken from the enclosing + rule group. + type: string + labels: + additionalProperties: + type: string + description: |- + Labels to add to or overwrite in the PromQL query result. Label names + must be valid. + + Label values can be templatized by using variables. The only available + variable names are the names of the labels in the PromQL result, including + "__name__" and "value". "labels" may be empty. This field is intended to be + used for organizing and identifying the AlertPolicy. + type: object + query: + description: |- + The PromQL expression to evaluate. Every evaluation cycle this + expression is evaluated at the current time, and all resultant time + series become pending/firing alerts. This field must not be empty. + type: string + ruleGroup: + description: |- + The rule group name of this alert in the corresponding Prometheus + configuration file. + + Some external tools may require this field to be populated correctly + in order to refer to the original Prometheus configuration file. + The rule group name and the alert name are necessary to update the + relevant AlertPolicies in case the definition of the rule group changes + in the future. + + This field is optional. If this field is not empty, then it must be a + valid Prometheus label name. + type: string + required: + - query + type: object + conditionThreshold: + description: |- + A condition that compares a time series against a + threshold. + properties: + aggregations: + description: |- + Specifies the alignment of data points in + individual time series as well as how to + combine the retrieved time series together + (such as when aggregating multiple streams + on each resource to a single stream for each + resource or when aggregating streams across + all members of a group of resources). + Multiple aggregations are applied in the + order specified.This field is similar to the + one in the MetricService.ListTimeSeries + request. It is advisable to use the + ListTimeSeries method when debugging this + field. + items: + properties: + alignmentPeriod: + description: |- + The alignment period for per-time + series alignment. If present, + alignmentPeriod must be at least + 60 seconds. After per-time series + alignment, each time series will + contain data points only on the + period boundaries. If + perSeriesAligner is not specified + or equals ALIGN_NONE, then this + field is ignored. If + perSeriesAligner is specified and + does not equal ALIGN_NONE, then + this field must be defined; + otherwise an error is returned. + type: string + crossSeriesReducer: + description: |- + The approach to be used to combine + time series. Not all reducer + functions may be applied to all + time series, depending on the + metric type and the value type of + the original time series. + Reduction may change the metric + type of value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. Possible values: ["REDUCE_NONE", "REDUCE_MEAN", "REDUCE_MIN", "REDUCE_MAX", "REDUCE_SUM", "REDUCE_STDDEV", "REDUCE_COUNT", "REDUCE_COUNT_TRUE", "REDUCE_COUNT_FALSE", "REDUCE_FRACTION_TRUE", "REDUCE_PERCENTILE_99", "REDUCE_PERCENTILE_95", "REDUCE_PERCENTILE_50", "REDUCE_PERCENTILE_05"]. + type: string + groupByFields: + description: |- + The set of fields to preserve when + crossSeriesReducer is specified. + The groupByFields determine how + the time series are partitioned + into subsets prior to applying the + aggregation function. Each subset + contains time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of exactly + one subset. The crossSeriesReducer + is applied to each subset of time + series. It is not possible to + reduce across different resource + types, so this field implicitly + contains resource.type. Fields not + specified in groupByFields are + aggregated away. If groupByFields + is not specified and all the time + series have the same resource + type, then the time series are + aggregated into a single output + time series. If crossSeriesReducer + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: |- + The approach to be used to align + individual time series. Not all + alignment functions may be applied + to all time series, depending on + the metric type and value type of + the original time series. + Alignment may change the metric + type or the value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. Possible values: ["ALIGN_NONE", "ALIGN_DELTA", "ALIGN_RATE", "ALIGN_INTERPOLATE", "ALIGN_NEXT_OLDER", "ALIGN_MIN", "ALIGN_MAX", "ALIGN_MEAN", "ALIGN_COUNT", "ALIGN_SUM", "ALIGN_STDDEV", "ALIGN_COUNT_TRUE", "ALIGN_COUNT_FALSE", "ALIGN_FRACTION_TRUE", "ALIGN_PERCENTILE_99", "ALIGN_PERCENTILE_95", "ALIGN_PERCENTILE_50", "ALIGN_PERCENTILE_05", "ALIGN_PERCENT_CHANGE"]. + type: string + type: object + type: array + comparison: + description: |- + The comparison to apply between the time + series (indicated by filter and aggregation) + and the threshold (indicated by + threshold_value). The comparison is applied + on each time series, with the time series on + the left-hand side and the threshold on the + right-hand side. Only COMPARISON_LT and + COMPARISON_GT are supported currently. Possible values: ["COMPARISON_GT", "COMPARISON_GE", "COMPARISON_LT", "COMPARISON_LE", "COMPARISON_EQ", "COMPARISON_NE"]. + type: string + denominatorAggregations: + description: |- + Specifies the alignment of data points in + individual time series selected by + denominatorFilter as well as how to combine + the retrieved time series together (such as + when aggregating multiple streams on each + resource to a single stream for each + resource or when aggregating streams across + all members of a group of resources).When + computing ratios, the aggregations and + denominator_aggregations fields must use the + same alignment period and produce time + series that have the same periodicity and + labels.This field is similar to the one in + the MetricService.ListTimeSeries request. It + is advisable to use the ListTimeSeries + method when debugging this field. + items: + properties: + alignmentPeriod: + description: |- + The alignment period for per-time + series alignment. If present, + alignmentPeriod must be at least + 60 seconds. After per-time series + alignment, each time series will + contain data points only on the + period boundaries. If + perSeriesAligner is not specified + or equals ALIGN_NONE, then this + field is ignored. If + perSeriesAligner is specified and + does not equal ALIGN_NONE, then + this field must be defined; + otherwise an error is returned. + type: string + crossSeriesReducer: + description: |- + The approach to be used to combine + time series. Not all reducer + functions may be applied to all + time series, depending on the + metric type and the value type of + the original time series. + Reduction may change the metric + type of value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. Possible values: ["REDUCE_NONE", "REDUCE_MEAN", "REDUCE_MIN", "REDUCE_MAX", "REDUCE_SUM", "REDUCE_STDDEV", "REDUCE_COUNT", "REDUCE_COUNT_TRUE", "REDUCE_COUNT_FALSE", "REDUCE_FRACTION_TRUE", "REDUCE_PERCENTILE_99", "REDUCE_PERCENTILE_95", "REDUCE_PERCENTILE_50", "REDUCE_PERCENTILE_05"]. + type: string + groupByFields: + description: |- + The set of fields to preserve when + crossSeriesReducer is specified. + The groupByFields determine how + the time series are partitioned + into subsets prior to applying the + aggregation function. Each subset + contains time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of exactly + one subset. The crossSeriesReducer + is applied to each subset of time + series. It is not possible to + reduce across different resource + types, so this field implicitly + contains resource.type. Fields not + specified in groupByFields are + aggregated away. If groupByFields + is not specified and all the time + series have the same resource + type, then the time series are + aggregated into a single output + time series. If crossSeriesReducer + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: |- + The approach to be used to align + individual time series. Not all + alignment functions may be applied + to all time series, depending on + the metric type and value type of + the original time series. + Alignment may change the metric + type or the value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. Possible values: ["ALIGN_NONE", "ALIGN_DELTA", "ALIGN_RATE", "ALIGN_INTERPOLATE", "ALIGN_NEXT_OLDER", "ALIGN_MIN", "ALIGN_MAX", "ALIGN_MEAN", "ALIGN_COUNT", "ALIGN_SUM", "ALIGN_STDDEV", "ALIGN_COUNT_TRUE", "ALIGN_COUNT_FALSE", "ALIGN_FRACTION_TRUE", "ALIGN_PERCENTILE_99", "ALIGN_PERCENTILE_95", "ALIGN_PERCENTILE_50", "ALIGN_PERCENTILE_05", "ALIGN_PERCENT_CHANGE"]. + type: string + type: object + type: array + denominatorFilter: + description: |- + A filter that identifies a time series that + should be used as the denominator of a ratio + that will be compared with the threshold. If + a denominator_filter is specified, the time + series specified by the filter field will be + used as the numerator.The filter is similar + to the one that is specified in the + MetricService.ListTimeSeries request (that + call is useful to verify the time series + that will be retrieved / processed) and must + specify the metric type and optionally may + contain restrictions on resource type, + resource labels, and metric labels. This + field may not exceed 2048 Unicode characters + in length. + type: string + duration: + description: |- + The amount of time that a time series must + violate the threshold to be considered + failing. Currently, only values that are a + multiple of a minute--e.g., 0, 60, 120, or + 300 seconds--are supported. If an invalid + value is given, an error will be returned. + When choosing a duration, it is useful to + keep in mind the frequency of the underlying + time series data (which may also be affected + by any alignments specified in the + aggregations field); a good duration is long + enough so that a single outlier does not + generate spurious alerts, but short enough + that unhealthy states are detected and + alerted on quickly. + type: string + evaluationMissingData: + description: |- + A condition control that determines how + metric-threshold conditions are evaluated when + data stops arriving. Possible values: ["EVALUATION_MISSING_DATA_INACTIVE", "EVALUATION_MISSING_DATA_ACTIVE", "EVALUATION_MISSING_DATA_NO_OP"]. + type: string + filter: + description: |- + A filter that identifies which time series + should be compared with the threshold.The + filter is similar to the one that is + specified in the + MetricService.ListTimeSeries request (that + call is useful to verify the time series + that will be retrieved / processed) and must + specify the metric type and optionally may + contain restrictions on resource type, + resource labels, and metric labels. This + field may not exceed 2048 Unicode characters + in length. + type: string + forecastOptions: + description: |- + When this field is present, the 'MetricThreshold' + condition forecasts whether the time series is + predicted to violate the threshold within the + 'forecastHorizon'. When this field is not set, the + 'MetricThreshold' tests the current value of the + timeseries against the threshold. + properties: + forecastHorizon: + description: |- + The length of time into the future to forecast + whether a timeseries will violate the threshold. + If the predicted value is found to violate the + threshold, and the violation is observed in all + forecasts made for the Configured 'duration', + then the timeseries is considered to be failing. + type: string + required: + - forecastHorizon + type: object + thresholdValue: + description: |- + A value against which to compare the time + series. + type: number + trigger: + description: |- + The number/percent of time series for which + the comparison must hold in order for the + condition to trigger. If unspecified, then + the condition will trigger if the comparison + is true for any of the time series that have + been identified by filter and aggregations, + or by the ratio, if denominator_filter and + denominator_aggregations are specified. + properties: + count: + description: |- + The absolute number of time series + that must fail the predicate for the + condition to be triggered. + type: integer + percent: + description: |- + The percentage of time series that + must fail the predicate for the + condition to be triggered. + type: number + type: object + required: + - comparison + - duration + type: object + displayName: + description: |- + A short name or phrase used to identify the + condition in dashboards, notifications, and + incidents. To avoid confusion, don't use the same + display name for multiple conditions in the same + policy. + type: string + name: + description: |- + The unique resource name for this condition. + Its syntax is: + projects/[PROJECT_ID]/alertPolicies/[POLICY_ID]/conditions/[CONDITION_ID] + [CONDITION_ID] is assigned by Stackdriver Monitoring when + the condition is created as part of a new or updated alerting + policy. + type: string + required: + - displayName + type: object + type: array + displayName: + description: |- + A short name or phrase used to identify the policy in + dashboards, notifications, and incidents. To avoid confusion, don't use + the same display name for multiple policies in the same project. The + name is limited to 512 Unicode characters. + type: string + documentation: + description: |- + Documentation that is included with notifications and incidents related + to this policy. Best practice is for the documentation to include information + to help responders understand, mitigate, escalate, and correct the underlying + problems detected by the alerting policy. Notification channels that have + limited capacity might not show this documentation. + properties: + content: + description: |- + The text of the documentation, interpreted according to mimeType. + The content may not exceed 8,192 Unicode characters and may not + exceed more than 10,240 bytes when encoded in UTF-8 format, + whichever is smaller. + type: string + mimeType: + description: |- + The format of the content field. Presently, only the value + "text/markdown" is supported. + type: string + type: object + enabled: + description: Whether or not the policy is enabled. The default is + true. + type: boolean + notificationChannels: + items: + description: Identifies the notification channels to which notifications + should be sent when incidents are opened or closed or when new + violations occur on an already opened incident. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `MonitoringNotificationChannel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + severity: + description: |- + The severity of an alert policy indicates how important + incidents generated by that policy are. The severity level will be displayed on + the Incident detail page and in notifications. Possible values: ["CRITICAL", "ERROR", "WARNING"]. + type: string + required: + - combiner + - conditions + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationRecord: + description: |- + A read-only record of the creation of the alerting policy. + If provided in a call to create or update, this field will + be ignored. + items: + properties: + mutateTime: + description: When the change occurred. + type: string + mutatedBy: + description: The email address of the user making the change. + type: string + type: object + type: array + name: + description: |- + The unique resource name for this policy. + Its syntax is: projects/[PROJECT_ID]/alertPolicies/[ALERT_POLICY_ID]. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringdashboards.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringDashboard + listKind: MonitoringDashboardList + plural: monitoringdashboards + shortNames: + - gcpmonitoringdashboard + - gcpmonitoringdashboards + singular: monitoringdashboard + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: MonitoringDashboard is the Schema for the monitoring API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + columnLayout: + description: The content is divided into equally spaced columns and + the widgets are arranged vertically. + properties: + columns: + description: The columns of content to display. + items: + properties: + weight: + description: The relative weight of this column. The column + weight is used to adjust the width of columns on the screen + (relative to peers). + format: int64 + type: integer + widgets: + description: The display widgets arranged vertically in + this column. + items: + properties: + alertChart: + description: A chart of alert policy data. + properties: + alertPolicyRef: + description: Required. A reference to the MonitoringAlertPolicy. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The MonitoringAlertPolicy link + in the form "projects/[PROJECT_ID_OR_NUMBER]/alertPolicies/[ALERT_POLICY_ID]", + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `MonitoringAlertPolicy` + resource. + type: string + namespace: + description: The `namespace` field of a `MonitoringAlertPolicy` + resource. + type: string + type: object + required: + - alertPolicyRef + type: object + blank: + description: A blank space. + type: object + collapsibleGroup: + description: A widget that groups the other widgets. + All widgets that are within the area spanned by + the grouping widget are considered member widgets. + properties: + collapsed: + description: The collapsed state of the widget + on first page load. + type: boolean + type: object + errorReportingPanel: + description: A widget that displays a list of error + groups. + properties: + projectRefs: + description: The projects from which to gather + errors. + items: + description: The Project that this resource + belongs to. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: The `projectID` field of a + project, when not managed by Config Connector. + type: string + kind: + description: The kind of the Project resource; + optional but must be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` + resource. + type: string + namespace: + description: The `namespace` field of a + `Project` resource. + type: string + type: object + type: array + services: + description: An identifier of the service, such + as the name of the executable, job, or Google + App Engine service name. This field is expected + to have a low number of values that are relatively + stable over time, as opposed to `version`, which + can be changed whenever new code is deployed. + items: + type: string + type: array + versions: + description: Represents the source code version + that the developer provided, which could represent + a version label or a Git SHA-1 hash, for example. + For App Engine standard environment, the version + is set to the version of the app. + items: + type: string + type: array + type: object + id: + description: Optional. The widget id. Ids may be made + up of alphanumerics, dashes and underscores. Widget + ids are optional. + type: string + incidentList: + description: A widget that shows list of incidents. + properties: + monitoredResources: + description: Optional. The monitored resource + for which incidents are listed. + items: + properties: + labels: + additionalProperties: + type: string + description: Required. Values for all of + the labels listed in the associated monitored + resource descriptor. + type: object + type: + description: Required. The monitored resource + type. This field must match the `type` + field of a [MonitoredResourceDescriptor][google.api.MonitoredResourceDescriptor] + object. + type: string + type: object + type: array + policyRefs: + description: Optional. A list of alert policies + to filter the incident list by. + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The MonitoringAlertPolicy link + in the form "projects/[PROJECT_ID_OR_NUMBER]/alertPolicies/[ALERT_POLICY_ID]", + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `MonitoringAlertPolicy` + resource. + type: string + namespace: + description: The `namespace` field of a + `MonitoringAlertPolicy` resource. + type: string + type: object + type: array + type: object + logsPanel: + description: A widget that shows a stream of logs. + properties: + filter: + description: A filter that chooses which log entries + to return. See [Advanced Logs Queries](https://cloud.google.com/logging/docs/view/advanced-queries). + type: string + resourceNames: + description: The names of logging resources to + collect logs for. + items: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: The external name of the referenced + resource + type: string + kind: + description: Kind of the referent. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + pieChart: + description: A widget that displays timeseries data + as a pie chart. + properties: + chartType: + description: Required. Indicates the visualization + type for the PieChart. + type: string + dataSets: + description: Required. The queries for the chart's + data. + items: + properties: + minAlignmentPeriod: + description: Optional. The lower bound on + data point frequency for this data set. + type: string + sliceNameTemplate: + description: Optional. A template for the + name of the slice. + type: string + timeSeriesQuery: + description: Required. The query for the + PieChart. See, `google.monitoring.dashboard.v1.TimeSeriesQuery`. + properties: + outputFullDuration: + description: Optional. If set, Cloud + Monitoring will treat the full query + duration as the alignment period so + that there will be only 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time + series with PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch + time series. + properties: + aggregation: + description: By default, the raw + time series data is returned. + Use this field to combine multiple + time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: How to use the + ranking to select time series + that pass through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio + between two time series filters. + properties: + denominator: + description: The denominator of + the ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. + type: string + type: object + filter: + description: The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the + ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. + type: string + type: object + filter: + description: The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: How to use the + ranking to select time series + that pass through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time + series with MQL. + type: string + unitOverride: + description: The unit of data contained + in fetched time series. If non-empty, + this unit will override any unit that + accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + type: array + showLabels: + description: Optional. Indicates whether or not + the pie chart should show slices' labels + type: boolean + required: + - chartType + - dataSets + type: object + scorecard: + description: A scorecard summarizing time series data. + properties: + blankView: + description: Will cause the `Scorecard` to show + only the value, with no indicator to its value + relative to its thresholds. + type: object + gaugeView: + description: Will cause the scorecard to show + a gauge chart. + properties: + lowerBound: + description: The lower bound for this gauge + chart. The value of the chart should always + be greater than or equal to this. + format: double + type: number + upperBound: + description: The upper bound for this gauge + chart. The value of the chart should always + be less than or equal to this. + format: double + type: number + type: object + sparkChartView: + description: Will cause the scorecard to show + a spark chart. + properties: + minAlignmentPeriod: + description: The lower bound on data point + frequency in the chart implemented by specifying + the minimum alignment period to use in a + time series query. + type: string + sparkChartType: + description: Required. The type of sparkchart + to show in this chartView. + type: string + required: + - sparkChartType + type: object + thresholds: + description: The thresholds used to determine + the state of the scorecard given the time series' + current value. + items: + properties: + color: + description: The state color for this threshold. + Color is not allowed in a XyChart. + type: string + direction: + description: The direction for the current + threshold. Direction is not allowed in + a XyChart. + type: string + label: + description: A label for the threshold. + type: string + targetAxis: + description: The target axis to use for + plotting the threshold. Target axis is + not allowed in a Scorecard. + type: string + value: + description: The value of the threshold. + The value should be defined in the native + scale of the metric. + format: double + type: number + type: object + type: array + timeSeriesQuery: + description: Required. Fields for querying time + series data from the Stackdriver metrics API. + properties: + outputFullDuration: + description: Optional. If set, Cloud Monitoring + will treat the full query duration as the + alignment period so that there will be only + 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time series + with PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch time + series. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this field + to combine multiple time series for + different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio between + two time series filters. + properties: + denominator: + description: The denominator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time series + with MQL. + type: string + unitOverride: + description: The unit of data contained in + fetched time series. If non-empty, this + unit will override any unit that accompanies + fetched data. The format is the same as + the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + sectionHeader: + description: A widget that defines a section header + for easier navigation of the dashboard. + properties: + dividerBelow: + description: Whether to insert a divider below + the section in the table of contents + type: boolean + subtitle: + description: The subtitle of the section + type: string + type: object + singleViewGroup: + description: A widget that groups the other widgets + by using a dropdown menu. + type: object + text: + description: A raw string or markdown displaying textual + content. + properties: + content: + description: The text content to be displayed. + type: string + format: + description: How the text content is formatted. + type: string + style: + description: How the text is styled + properties: + backgroundColor: + description: The background color as a hex + string. "#RRGGBB" or "#RGB" + type: string + fontSize: + description: Font sizes for both the title + and content. The title will still be larger + relative to the content. + type: string + horizontalAlignment: + description: The horizontal alignment of both + the title and content + type: string + padding: + description: The amount of padding around + the widget + type: string + pointerLocation: + description: The pointer location for this + widget (also sometimes called a "tail") + type: string + textColor: + description: The text color as a hex string. + "#RRGGBB" or "#RGB" + type: string + verticalAlignment: + description: The vertical alignment of both + the title and content + type: string + type: object + type: object + timeSeriesTable: + description: A widget that displays time series data + in a tabular format. + properties: + columnSettings: + description: Optional. The list of the persistent + column settings for the table. + items: + properties: + column: + description: Required. The id of the column. + type: string + visible: + description: Required. Whether the column + should be visible on page load. + type: boolean + required: + - column + - visible + type: object + type: array + dataSets: + description: Required. The data displayed in this + table. + items: + properties: + minAlignmentPeriod: + description: Optional. The lower bound on + data point frequency for this data set. + type: string + tableDisplayOptions: + description: Optional. Table display options + for configuring how the table is rendered. + properties: + shownColumns: + description: Optional. This field is + unused and has been replaced by TimeSeriesTable.column_settings + items: + type: string + type: array + type: object + tableTemplate: + description: Optional. A template string + for naming `TimeSeries` in the resulting + data set. + type: string + timeSeriesQuery: + description: Required. Fields for querying + time series data from the Stackdriver + metrics API. + properties: + outputFullDuration: + description: Optional. If set, Cloud + Monitoring will treat the full query + duration as the alignment period so + that there will be only 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time + series with PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch + time series. + properties: + aggregation: + description: By default, the raw + time series data is returned. + Use this field to combine multiple + time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: How to use the + ranking to select time series + that pass through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio + between two time series filters. + properties: + denominator: + description: The denominator of + the ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. + type: string + type: object + filter: + description: The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the + ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. + type: string + type: object + filter: + description: The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: How to use the + ranking to select time series + that pass through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time + series with MQL. + type: string + unitOverride: + description: The unit of data contained + in fetched time series. If non-empty, + this unit will override any unit that + accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + type: object + type: array + metricVisualization: + description: Optional. Store rendering strategy + type: string + required: + - dataSets + type: object + title: + description: Optional. The title of the widget. + type: string + xyChart: + description: A chart of time series data. + properties: + chartOptions: + description: Display options for the chart. + properties: + mode: + description: The chart mode. + type: string + type: object + dataSets: + description: Required. The data displayed in this + chart. + items: + properties: + legendTemplate: + description: A template string for naming + `TimeSeries` in the resulting data set. + type: string + minAlignmentPeriod: + description: Optional. The lower bound on + data point frequency for this data set. + type: string + plotType: + description: How this data should be plotted + on the chart. + type: string + targetAxis: + description: Optional. The target axis to + use for plotting the metric. + type: string + timeSeriesQuery: + description: Fields for querying time series + data from the Stackdriver metrics API. + properties: + outputFullDuration: + description: Optional. If set, Cloud + Monitoring will treat the full query + duration as the alignment period so + that there will be only 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time + series with PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch + time series. + properties: + aggregation: + description: By default, the raw + time series data is returned. + Use this field to combine multiple + time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: How to use the + ranking to select time series + that pass through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio + between two time series filters. + properties: + denominator: + description: The denominator of + the ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. + type: string + type: object + filter: + description: The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the + ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. + type: string + type: object + filter: + description: The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: How to use the + ranking to select time series + that pass through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time + series with MQL. + type: string + unitOverride: + description: The unit of data contained + in fetched time series. If non-empty, + this unit will override any unit that + accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + type: array + thresholds: + description: Threshold lines drawn horizontally + across the chart. + items: + properties: + color: + description: The state color for this threshold. + Color is not allowed in a XyChart. + type: string + direction: + description: The direction for the current + threshold. Direction is not allowed in + a XyChart. + type: string + label: + description: A label for the threshold. + type: string + targetAxis: + description: The target axis to use for + plotting the threshold. Target axis is + not allowed in a Scorecard. + type: string + value: + description: The value of the threshold. + The value should be defined in the native + scale of the metric. + format: double + type: number + type: object + type: array + timeshiftDuration: + description: The duration used to display a comparison + chart. + type: string + xAxis: + description: The properties applied to the x-axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: The axis scale. By default, a + linear scale is used. + type: string + type: object + y2Axis: + description: The properties applied to the y2-axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: The axis scale. By default, a + linear scale is used. + type: string + type: object + yAxis: + description: The properties applied to the y-axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: The axis scale. By default, a + linear scale is used. + type: string + type: object + required: + - dataSets + type: object + type: object + type: array + type: object + type: array + type: object + dashboardFilters: + description: Filters to reduce the amount of data charted based on + the filter criteria. + items: + properties: + filterType: + description: The specified filter type + type: string + labelKey: + description: Required. The key for the label + type: string + stringValue: + description: A variable-length string value. + type: string + templateVariable: + description: The placeholder text that can be referenced in + a filter string or MQL query. If omitted, the dashboard filter + will be applied to all relevant widgets in the dashboard. + type: string + required: + - labelKey + type: object + type: array + displayName: + description: Required. The mutable, human-readable name. + type: string + gridLayout: + description: Content is arranged with a basic layout that re-flows + a simple list of informational elements like widgets or tiles. + properties: + columns: + description: The number of columns into which the view's width + is divided. If omitted or set to zero, a system default will + be used while rendering. + format: int64 + type: integer + widgets: + description: The informational elements that are arranged into + the columns row-first. + items: + properties: + alertChart: + description: A chart of alert policy data. + properties: + alertPolicyRef: + description: Required. A reference to the MonitoringAlertPolicy. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The MonitoringAlertPolicy link in the + form "projects/[PROJECT_ID_OR_NUMBER]/alertPolicies/[ALERT_POLICY_ID]", + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `MonitoringAlertPolicy` + resource. + type: string + namespace: + description: The `namespace` field of a `MonitoringAlertPolicy` + resource. + type: string + type: object + required: + - alertPolicyRef + type: object + blank: + description: A blank space. + type: object + collapsibleGroup: + description: A widget that groups the other widgets. All + widgets that are within the area spanned by the grouping + widget are considered member widgets. + properties: + collapsed: + description: The collapsed state of the widget on first + page load. + type: boolean + type: object + errorReportingPanel: + description: A widget that displays a list of error groups. + properties: + projectRefs: + description: The projects from which to gather errors. + items: + description: The Project that this resource belongs + to. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: The `projectID` field of a project, + when not managed by Config Connector. + type: string + kind: + description: The kind of the Project resource; + optional but must be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` + resource. + type: string + type: object + type: array + services: + description: An identifier of the service, such as the + name of the executable, job, or Google App Engine + service name. This field is expected to have a low + number of values that are relatively stable over time, + as opposed to `version`, which can be changed whenever + new code is deployed. + items: + type: string + type: array + versions: + description: Represents the source code version that + the developer provided, which could represent a version + label or a Git SHA-1 hash, for example. For App Engine + standard environment, the version is set to the version + of the app. + items: + type: string + type: array + type: object + id: + description: Optional. The widget id. Ids may be made up + of alphanumerics, dashes and underscores. Widget ids are + optional. + type: string + incidentList: + description: A widget that shows list of incidents. + properties: + monitoredResources: + description: Optional. The monitored resource for which + incidents are listed. + items: + properties: + labels: + additionalProperties: + type: string + description: Required. Values for all of the labels + listed in the associated monitored resource + descriptor. + type: object + type: + description: Required. The monitored resource + type. This field must match the `type` field + of a [MonitoredResourceDescriptor][google.api.MonitoredResourceDescriptor] + object. + type: string + type: object + type: array + policyRefs: + description: Optional. A list of alert policies to filter + the incident list by. + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The MonitoringAlertPolicy link in + the form "projects/[PROJECT_ID_OR_NUMBER]/alertPolicies/[ALERT_POLICY_ID]", + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `MonitoringAlertPolicy` + resource. + type: string + namespace: + description: The `namespace` field of a `MonitoringAlertPolicy` + resource. + type: string + type: object + type: array + type: object + logsPanel: + description: A widget that shows a stream of logs. + properties: + filter: + description: A filter that chooses which log entries + to return. See [Advanced Logs Queries](https://cloud.google.com/logging/docs/view/advanced-queries). + type: string + resourceNames: + description: The names of logging resources to collect + logs for. + items: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: The external name of the referenced + resource + type: string + kind: + description: Kind of the referent. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + pieChart: + description: A widget that displays timeseries data as a + pie chart. + properties: + chartType: + description: Required. Indicates the visualization type + for the PieChart. + type: string + dataSets: + description: Required. The queries for the chart's data. + items: + properties: + minAlignmentPeriod: + description: Optional. The lower bound on data + point frequency for this data set. + type: string + sliceNameTemplate: + description: Optional. A template for the name + of the slice. + type: string + timeSeriesQuery: + description: Required. The query for the PieChart. + See, `google.monitoring.dashboard.v1.TimeSeriesQuery`. + properties: + outputFullDuration: + description: Optional. If set, Cloud Monitoring + will treat the full query duration as the + alignment period so that there will be only + 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time series + with PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch time + series. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this field + to combine multiple time series for + different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio between + two time series filters. + properties: + denominator: + description: The denominator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time series + with MQL. + type: string + unitOverride: + description: The unit of data contained in + fetched time series. If non-empty, this + unit will override any unit that accompanies + fetched data. The format is the same as + the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + type: array + showLabels: + description: Optional. Indicates whether or not the + pie chart should show slices' labels + type: boolean + required: + - chartType + - dataSets + type: object + scorecard: + description: A scorecard summarizing time series data. + properties: + blankView: + description: Will cause the `Scorecard` to show only + the value, with no indicator to its value relative + to its thresholds. + type: object + gaugeView: + description: Will cause the scorecard to show a gauge + chart. + properties: + lowerBound: + description: The lower bound for this gauge chart. + The value of the chart should always be greater + than or equal to this. + format: double + type: number + upperBound: + description: The upper bound for this gauge chart. + The value of the chart should always be less than + or equal to this. + format: double + type: number + type: object + sparkChartView: + description: Will cause the scorecard to show a spark + chart. + properties: + minAlignmentPeriod: + description: The lower bound on data point frequency + in the chart implemented by specifying the minimum + alignment period to use in a time series query. + type: string + sparkChartType: + description: Required. The type of sparkchart to + show in this chartView. + type: string + required: + - sparkChartType + type: object + thresholds: + description: The thresholds used to determine the state + of the scorecard given the time series' current value. + items: + properties: + color: + description: The state color for this threshold. + Color is not allowed in a XyChart. + type: string + direction: + description: The direction for the current threshold. + Direction is not allowed in a XyChart. + type: string + label: + description: A label for the threshold. + type: string + targetAxis: + description: The target axis to use for plotting + the threshold. Target axis is not allowed in + a Scorecard. + type: string + value: + description: The value of the threshold. The value + should be defined in the native scale of the + metric. + format: double + type: number + type: object + type: array + timeSeriesQuery: + description: Required. Fields for querying time series + data from the Stackdriver metrics API. + properties: + outputFullDuration: + description: Optional. If set, Cloud Monitoring + will treat the full query duration as the alignment + period so that there will be only 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time series with + PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch time series. + properties: + aggregation: + description: By default, the raw time series + data is returned. Use this field to combine + multiple time series for different views of + the data. + properties: + alignmentPeriod: + description: The `alignment_period` specifies + a time interval, in seconds, that is used + to divide the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This will + be done before the per-series aligner + can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation to + be used to combine time series into a + single time series, where the value of + each data point in the resulting series + is a function of all the already aligned + values in the input time series. + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes how + to bring the data points in a single time + series into temporal alignment. Except + for `ALIGN_NONE`, all alignments cause + all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for each + `alignment_period` with end timestamp + at the end of the period. + type: string + type: object + filter: + description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series filter. + properties: + direction: + description: How to use the ranking to select + time series that pass through the filter. + type: string + numTimeSeries: + description: How many time series to allow + to pass through the filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` is applied + to each time series independently to produce + the value which will be used to compare + the time series to other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation after + `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` specifies + a time interval, in seconds, that is used + to divide the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This will + be done before the per-series aligner + can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation to + be used to combine time series into a + single time series, where the value of + each data point in the resulting series + is a function of all the already aligned + values in the input time series. + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes how + to bring the data points in a single time + series into temporal alignment. Except + for `ALIGN_NONE`, all alignments cause + all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for each + `alignment_period` with end timestamp + at the end of the period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio between + two time series filters. + properties: + denominator: + description: The denominator of the ratio. + properties: + aggregation: + description: By default, the raw time series + data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This + will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where the + value of each data point in the resulting + series is a function of all the already + aligned values in the input time series. + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in a + single time series into temporal alignment. + Except for `ALIGN_NONE`, all alignments + cause all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for + each `alignment_period` with end timestamp + at the end of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the ratio. + properties: + aggregation: + description: By default, the raw time series + data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This + will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where the + value of each data point in the resulting + series is a function of all the already + aligned values in the input time series. + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in a + single time series into temporal alignment. + Except for `ALIGN_NONE`, all alignments + cause all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for + each `alignment_period` with end timestamp + at the end of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series filter. + properties: + direction: + description: How to use the ranking to select + time series that pass through the filter. + type: string + numTimeSeries: + description: How many time series to allow + to pass through the filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` is applied + to each time series independently to produce + the value which will be used to compare + the time series to other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation after + the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` specifies + a time interval, in seconds, that is used + to divide the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This will + be done before the per-series aligner + can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation to + be used to combine time series into a + single time series, where the value of + each data point in the resulting series + is a function of all the already aligned + values in the input time series. + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes how + to bring the data points in a single time + series into temporal alignment. Except + for `ALIGN_NONE`, all alignments cause + all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for each + `alignment_period` with end timestamp + at the end of the period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time series with + MQL. + type: string + unitOverride: + description: The unit of data contained in fetched + time series. If non-empty, this unit will override + any unit that accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + sectionHeader: + description: A widget that defines a section header for + easier navigation of the dashboard. + properties: + dividerBelow: + description: Whether to insert a divider below the section + in the table of contents + type: boolean + subtitle: + description: The subtitle of the section + type: string + type: object + singleViewGroup: + description: A widget that groups the other widgets by using + a dropdown menu. + type: object + text: + description: A raw string or markdown displaying textual + content. + properties: + content: + description: The text content to be displayed. + type: string + format: + description: How the text content is formatted. + type: string + style: + description: How the text is styled + properties: + backgroundColor: + description: The background color as a hex string. + "#RRGGBB" or "#RGB" + type: string + fontSize: + description: Font sizes for both the title and content. + The title will still be larger relative to the + content. + type: string + horizontalAlignment: + description: The horizontal alignment of both the + title and content + type: string + padding: + description: The amount of padding around the widget + type: string + pointerLocation: + description: The pointer location for this widget + (also sometimes called a "tail") + type: string + textColor: + description: The text color as a hex string. "#RRGGBB" + or "#RGB" + type: string + verticalAlignment: + description: The vertical alignment of both the + title and content + type: string + type: object + type: object + timeSeriesTable: + description: A widget that displays time series data in + a tabular format. + properties: + columnSettings: + description: Optional. The list of the persistent column + settings for the table. + items: + properties: + column: + description: Required. The id of the column. + type: string + visible: + description: Required. Whether the column should + be visible on page load. + type: boolean + required: + - column + - visible + type: object + type: array + dataSets: + description: Required. The data displayed in this table. + items: + properties: + minAlignmentPeriod: + description: Optional. The lower bound on data + point frequency for this data set. + type: string + tableDisplayOptions: + description: Optional. Table display options for + configuring how the table is rendered. + properties: + shownColumns: + description: Optional. This field is unused + and has been replaced by TimeSeriesTable.column_settings + items: + type: string + type: array + type: object + tableTemplate: + description: Optional. A template string for naming + `TimeSeries` in the resulting data set. + type: string + timeSeriesQuery: + description: Required. Fields for querying time + series data from the Stackdriver metrics API. + properties: + outputFullDuration: + description: Optional. If set, Cloud Monitoring + will treat the full query duration as the + alignment period so that there will be only + 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time series + with PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch time + series. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this field + to combine multiple time series for + different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio between + two time series filters. + properties: + denominator: + description: The denominator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time series + with MQL. + type: string + unitOverride: + description: The unit of data contained in + fetched time series. If non-empty, this + unit will override any unit that accompanies + fetched data. The format is the same as + the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + type: object + type: array + metricVisualization: + description: Optional. Store rendering strategy + type: string + required: + - dataSets + type: object + title: + description: Optional. The title of the widget. + type: string + xyChart: + description: A chart of time series data. + properties: + chartOptions: + description: Display options for the chart. + properties: + mode: + description: The chart mode. + type: string + type: object + dataSets: + description: Required. The data displayed in this chart. + items: + properties: + legendTemplate: + description: A template string for naming `TimeSeries` + in the resulting data set. + type: string + minAlignmentPeriod: + description: Optional. The lower bound on data + point frequency for this data set. + type: string + plotType: + description: How this data should be plotted on + the chart. + type: string + targetAxis: + description: Optional. The target axis to use + for plotting the metric. + type: string + timeSeriesQuery: + description: Fields for querying time series data + from the Stackdriver metrics API. + properties: + outputFullDuration: + description: Optional. If set, Cloud Monitoring + will treat the full query duration as the + alignment period so that there will be only + 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time series + with PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch time + series. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this field + to combine multiple time series for + different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio between + two time series filters. + properties: + denominator: + description: The denominator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time series + with MQL. + type: string + unitOverride: + description: The unit of data contained in + fetched time series. If non-empty, this + unit will override any unit that accompanies + fetched data. The format is the same as + the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + type: array + thresholds: + description: Threshold lines drawn horizontally across + the chart. + items: + properties: + color: + description: The state color for this threshold. + Color is not allowed in a XyChart. + type: string + direction: + description: The direction for the current threshold. + Direction is not allowed in a XyChart. + type: string + label: + description: A label for the threshold. + type: string + targetAxis: + description: The target axis to use for plotting + the threshold. Target axis is not allowed in + a Scorecard. + type: string + value: + description: The value of the threshold. The value + should be defined in the native scale of the + metric. + format: double + type: number + type: object + type: array + timeshiftDuration: + description: The duration used to display a comparison + chart. + type: string + xAxis: + description: The properties applied to the x-axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: The axis scale. By default, a linear + scale is used. + type: string + type: object + y2Axis: + description: The properties applied to the y2-axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: The axis scale. By default, a linear + scale is used. + type: string + type: object + yAxis: + description: The properties applied to the y-axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: The axis scale. By default, a linear + scale is used. + type: string + type: object + required: + - dataSets + type: object + type: object + type: array + type: object + mosaicLayout: + description: The content is arranged as a grid of tiles, with each + content widget occupying one or more grid blocks. + properties: + columns: + description: The number of columns in the mosaic grid. The number + of columns must be between 1 and 12, inclusive. + format: int32 + type: integer + tiles: + description: The tiles to display. + items: + properties: + height: + description: The height of the tile, measured in grid blocks. + Tiles must have a minimum height of 1. + format: int32 + type: integer + widget: + description: The informational widget contained in the tile. + For example an `XyChart`. + properties: + alertChart: + description: A chart of alert policy data. + properties: + alertPolicyRef: + description: Required. A reference to the MonitoringAlertPolicy. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The MonitoringAlertPolicy link + in the form "projects/[PROJECT_ID_OR_NUMBER]/alertPolicies/[ALERT_POLICY_ID]", + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `MonitoringAlertPolicy` + resource. + type: string + namespace: + description: The `namespace` field of a `MonitoringAlertPolicy` + resource. + type: string + type: object + required: + - alertPolicyRef + type: object + blank: + description: A blank space. + type: object + collapsibleGroup: + description: A widget that groups the other widgets. + All widgets that are within the area spanned by the + grouping widget are considered member widgets. + properties: + collapsed: + description: The collapsed state of the widget on + first page load. + type: boolean + type: object + errorReportingPanel: + description: A widget that displays a list of error + groups. + properties: + projectRefs: + description: The projects from which to gather errors. + items: + description: The Project that this resource belongs + to. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: The `projectID` field of a project, + when not managed by Config Connector. + type: string + kind: + description: The kind of the Project resource; + optional but must be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` + resource. + type: string + namespace: + description: The `namespace` field of a `Project` + resource. + type: string + type: object + type: array + services: + description: An identifier of the service, such + as the name of the executable, job, or Google + App Engine service name. This field is expected + to have a low number of values that are relatively + stable over time, as opposed to `version`, which + can be changed whenever new code is deployed. + items: + type: string + type: array + versions: + description: Represents the source code version + that the developer provided, which could represent + a version label or a Git SHA-1 hash, for example. + For App Engine standard environment, the version + is set to the version of the app. + items: + type: string + type: array + type: object + id: + description: Optional. The widget id. Ids may be made + up of alphanumerics, dashes and underscores. Widget + ids are optional. + type: string + incidentList: + description: A widget that shows list of incidents. + properties: + monitoredResources: + description: Optional. The monitored resource for + which incidents are listed. + items: + properties: + labels: + additionalProperties: + type: string + description: Required. Values for all of the + labels listed in the associated monitored + resource descriptor. + type: object + type: + description: Required. The monitored resource + type. This field must match the `type` field + of a [MonitoredResourceDescriptor][google.api.MonitoredResourceDescriptor] + object. + type: string + type: object + type: array + policyRefs: + description: Optional. A list of alert policies + to filter the incident list by. + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The MonitoringAlertPolicy link + in the form "projects/[PROJECT_ID_OR_NUMBER]/alertPolicies/[ALERT_POLICY_ID]", + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `MonitoringAlertPolicy` + resource. + type: string + namespace: + description: The `namespace` field of a `MonitoringAlertPolicy` + resource. + type: string + type: object + type: array + type: object + logsPanel: + description: A widget that shows a stream of logs. + properties: + filter: + description: A filter that chooses which log entries + to return. See [Advanced Logs Queries](https://cloud.google.com/logging/docs/view/advanced-queries). + type: string + resourceNames: + description: The names of logging resources to collect + logs for. + items: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: The external name of the referenced + resource + type: string + kind: + description: Kind of the referent. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + pieChart: + description: A widget that displays timeseries data + as a pie chart. + properties: + chartType: + description: Required. Indicates the visualization + type for the PieChart. + type: string + dataSets: + description: Required. The queries for the chart's + data. + items: + properties: + minAlignmentPeriod: + description: Optional. The lower bound on + data point frequency for this data set. + type: string + sliceNameTemplate: + description: Optional. A template for the + name of the slice. + type: string + timeSeriesQuery: + description: Required. The query for the PieChart. + See, `google.monitoring.dashboard.v1.TimeSeriesQuery`. + properties: + outputFullDuration: + description: Optional. If set, Cloud Monitoring + will treat the full query duration as + the alignment period so that there will + be only 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time + series with PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch + time series. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to other + time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio + between two time series filters. + properties: + denominator: + description: The denominator of the + ratio. + properties: + aggregation: + description: By default, the raw + time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in all + the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done + before the per-series aligner + can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, where + the value of each data point + in the resulting series + is a function of all the + already aligned values in + the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring the + data points in a single + time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all + the data points in an `alignment_period` + to be mathematically grouped + together, resulting in a + single data point for each + `alignment_period` with + end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the + ratio. + properties: + aggregation: + description: By default, the raw + time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in all + the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done + before the per-series aligner + can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, where + the value of each data point + in the resulting series + is a function of all the + already aligned values in + the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring the + data points in a single + time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all + the data points in an `alignment_period` + to be mathematically grouped + together, resulting in a + single data point for each + `alignment_period` with + end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to other + time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time + series with MQL. + type: string + unitOverride: + description: The unit of data contained + in fetched time series. If non-empty, + this unit will override any unit that + accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + type: array + showLabels: + description: Optional. Indicates whether or not + the pie chart should show slices' labels + type: boolean + required: + - chartType + - dataSets + type: object + scorecard: + description: A scorecard summarizing time series data. + properties: + blankView: + description: Will cause the `Scorecard` to show + only the value, with no indicator to its value + relative to its thresholds. + type: object + gaugeView: + description: Will cause the scorecard to show a + gauge chart. + properties: + lowerBound: + description: The lower bound for this gauge + chart. The value of the chart should always + be greater than or equal to this. + format: double + type: number + upperBound: + description: The upper bound for this gauge + chart. The value of the chart should always + be less than or equal to this. + format: double + type: number + type: object + sparkChartView: + description: Will cause the scorecard to show a + spark chart. + properties: + minAlignmentPeriod: + description: The lower bound on data point frequency + in the chart implemented by specifying the + minimum alignment period to use in a time + series query. + type: string + sparkChartType: + description: Required. The type of sparkchart + to show in this chartView. + type: string + required: + - sparkChartType + type: object + thresholds: + description: The thresholds used to determine the + state of the scorecard given the time series' + current value. + items: + properties: + color: + description: The state color for this threshold. + Color is not allowed in a XyChart. + type: string + direction: + description: The direction for the current + threshold. Direction is not allowed in a + XyChart. + type: string + label: + description: A label for the threshold. + type: string + targetAxis: + description: The target axis to use for plotting + the threshold. Target axis is not allowed + in a Scorecard. + type: string + value: + description: The value of the threshold. The + value should be defined in the native scale + of the metric. + format: double + type: number + type: object + type: array + timeSeriesQuery: + description: Required. Fields for querying time + series data from the Stackdriver metrics API. + properties: + outputFullDuration: + description: Optional. If set, Cloud Monitoring + will treat the full query duration as the + alignment period so that there will be only + 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time series + with PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch time + series. + properties: + aggregation: + description: By default, the raw time series + data is returned. Use this field to combine + multiple time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This + will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where the + value of each data point in the resulting + series is a function of all the already + aligned values in the input time series. + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in a + single time series into temporal alignment. + Except for `ALIGN_NONE`, all alignments + cause all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for + each `alignment_period` with end timestamp + at the end of the period. + type: string + type: object + filter: + description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series filter. + properties: + direction: + description: How to use the ranking + to select time series that pass through + the filter. + type: string + numTimeSeries: + description: How many time series to + allow to pass through the filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` is applied + to each time series independently + to produce the value which will be + used to compare the time series to + other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This + will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where the + value of each data point in the resulting + series is a function of all the already + aligned values in the input time series. + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in a + single time series into temporal alignment. + Except for `ALIGN_NONE`, all alignments + cause all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for + each `alignment_period` with end timestamp + at the end of the period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio between + two time series filters. + properties: + denominator: + description: The denominator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the + data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the + data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series filter. + properties: + direction: + description: How to use the ranking + to select time series that pass through + the filter. + type: string + numTimeSeries: + description: How many time series to + allow to pass through the filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` is applied + to each time series independently + to produce the value which will be + used to compare the time series to + other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This + will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where the + value of each data point in the resulting + series is a function of all the already + aligned values in the input time series. + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in a + single time series into temporal alignment. + Except for `ALIGN_NONE`, all alignments + cause all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for + each `alignment_period` with end timestamp + at the end of the period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time series + with MQL. + type: string + unitOverride: + description: The unit of data contained in fetched + time series. If non-empty, this unit will + override any unit that accompanies fetched + data. The format is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + sectionHeader: + description: A widget that defines a section header + for easier navigation of the dashboard. + properties: + dividerBelow: + description: Whether to insert a divider below the + section in the table of contents + type: boolean + subtitle: + description: The subtitle of the section + type: string + type: object + singleViewGroup: + description: A widget that groups the other widgets + by using a dropdown menu. + type: object + text: + description: A raw string or markdown displaying textual + content. + properties: + content: + description: The text content to be displayed. + type: string + format: + description: How the text content is formatted. + type: string + style: + description: How the text is styled + properties: + backgroundColor: + description: The background color as a hex string. + "#RRGGBB" or "#RGB" + type: string + fontSize: + description: Font sizes for both the title and + content. The title will still be larger relative + to the content. + type: string + horizontalAlignment: + description: The horizontal alignment of both + the title and content + type: string + padding: + description: The amount of padding around the + widget + type: string + pointerLocation: + description: The pointer location for this widget + (also sometimes called a "tail") + type: string + textColor: + description: The text color as a hex string. + "#RRGGBB" or "#RGB" + type: string + verticalAlignment: + description: The vertical alignment of both + the title and content + type: string + type: object + type: object + timeSeriesTable: + description: A widget that displays time series data + in a tabular format. + properties: + columnSettings: + description: Optional. The list of the persistent + column settings for the table. + items: + properties: + column: + description: Required. The id of the column. + type: string + visible: + description: Required. Whether the column + should be visible on page load. + type: boolean + required: + - column + - visible + type: object + type: array + dataSets: + description: Required. The data displayed in this + table. + items: + properties: + minAlignmentPeriod: + description: Optional. The lower bound on + data point frequency for this data set. + type: string + tableDisplayOptions: + description: Optional. Table display options + for configuring how the table is rendered. + properties: + shownColumns: + description: Optional. This field is unused + and has been replaced by TimeSeriesTable.column_settings + items: + type: string + type: array + type: object + tableTemplate: + description: Optional. A template string for + naming `TimeSeries` in the resulting data + set. + type: string + timeSeriesQuery: + description: Required. Fields for querying + time series data from the Stackdriver metrics + API. + properties: + outputFullDuration: + description: Optional. If set, Cloud Monitoring + will treat the full query duration as + the alignment period so that there will + be only 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time + series with PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch + time series. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to other + time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio + between two time series filters. + properties: + denominator: + description: The denominator of the + ratio. + properties: + aggregation: + description: By default, the raw + time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in all + the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done + before the per-series aligner + can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, where + the value of each data point + in the resulting series + is a function of all the + already aligned values in + the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring the + data points in a single + time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all + the data points in an `alignment_period` + to be mathematically grouped + together, resulting in a + single data point for each + `alignment_period` with + end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the + ratio. + properties: + aggregation: + description: By default, the raw + time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in all + the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done + before the per-series aligner + can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, where + the value of each data point + in the resulting series + is a function of all the + already aligned values in + the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring the + data points in a single + time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all + the data points in an `alignment_period` + to be mathematically grouped + together, resulting in a + single data point for each + `alignment_period` with + end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to other + time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time + series with MQL. + type: string + unitOverride: + description: The unit of data contained + in fetched time series. If non-empty, + this unit will override any unit that + accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + type: object + type: array + metricVisualization: + description: Optional. Store rendering strategy + type: string + required: + - dataSets + type: object + title: + description: Optional. The title of the widget. + type: string + xyChart: + description: A chart of time series data. + properties: + chartOptions: + description: Display options for the chart. + properties: + mode: + description: The chart mode. + type: string + type: object + dataSets: + description: Required. The data displayed in this + chart. + items: + properties: + legendTemplate: + description: A template string for naming + `TimeSeries` in the resulting data set. + type: string + minAlignmentPeriod: + description: Optional. The lower bound on + data point frequency for this data set. + type: string + plotType: + description: How this data should be plotted + on the chart. + type: string + targetAxis: + description: Optional. The target axis to + use for plotting the metric. + type: string + timeSeriesQuery: + description: Fields for querying time series + data from the Stackdriver metrics API. + properties: + outputFullDuration: + description: Optional. If set, Cloud Monitoring + will treat the full query duration as + the alignment period so that there will + be only 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time + series with PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch + time series. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to other + time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio + between two time series filters. + properties: + denominator: + description: The denominator of the + ratio. + properties: + aggregation: + description: By default, the raw + time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in all + the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done + before the per-series aligner + can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, where + the value of each data point + in the resulting series + is a function of all the + already aligned values in + the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring the + data points in a single + time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all + the data points in an `alignment_period` + to be mathematically grouped + together, resulting in a + single data point for each + `alignment_period` with + end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the + ratio. + properties: + aggregation: + description: By default, the raw + time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in all + the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done + before the per-series aligner + can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, where + the value of each data point + in the resulting series + is a function of all the + already aligned values in + the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring the + data points in a single + time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all + the data points in an `alignment_period` + to be mathematically grouped + together, resulting in a + single data point for each + `alignment_period` with + end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to other + time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time + series with MQL. + type: string + unitOverride: + description: The unit of data contained + in fetched time series. If non-empty, + this unit will override any unit that + accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + type: array + thresholds: + description: Threshold lines drawn horizontally + across the chart. + items: + properties: + color: + description: The state color for this threshold. + Color is not allowed in a XyChart. + type: string + direction: + description: The direction for the current + threshold. Direction is not allowed in a + XyChart. + type: string + label: + description: A label for the threshold. + type: string + targetAxis: + description: The target axis to use for plotting + the threshold. Target axis is not allowed + in a Scorecard. + type: string + value: + description: The value of the threshold. The + value should be defined in the native scale + of the metric. + format: double + type: number + type: object + type: array + timeshiftDuration: + description: The duration used to display a comparison + chart. + type: string + xAxis: + description: The properties applied to the x-axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: The axis scale. By default, a linear + scale is used. + type: string + type: object + y2Axis: + description: The properties applied to the y2-axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: The axis scale. By default, a linear + scale is used. + type: string + type: object + yAxis: + description: The properties applied to the y-axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: The axis scale. By default, a linear + scale is used. + type: string + type: object + required: + - dataSets + type: object + type: object + width: + description: The width of the tile, measured in grid blocks. + Tiles must have a minimum width of 1. + format: int32 + type: integer + xPos: + description: The zero-indexed position of the tile in grid + blocks relative to the left edge of the grid. Tiles must + be contained within the specified number of columns. `x_pos` + cannot be negative. + format: int32 + type: integer + yPos: + description: The zero-indexed position of the tile in grid + blocks relative to the top edge of the grid. `y_pos` cannot + be negative. + format: int32 + type: integer + type: object + type: array + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. + type: string + rowLayout: + description: The content is divided into equally spaced rows and the + widgets are arranged horizontally. + properties: + rows: + description: The rows of content to display. + items: + properties: + weight: + description: The relative weight of this row. The row weight + is used to adjust the height of rows on the screen (relative + to peers). + format: int64 + type: integer + widgets: + description: The display widgets arranged horizontally in + this row. + items: + properties: + alertChart: + description: A chart of alert policy data. + properties: + alertPolicyRef: + description: Required. A reference to the MonitoringAlertPolicy. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The MonitoringAlertPolicy link + in the form "projects/[PROJECT_ID_OR_NUMBER]/alertPolicies/[ALERT_POLICY_ID]", + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `MonitoringAlertPolicy` + resource. + type: string + namespace: + description: The `namespace` field of a `MonitoringAlertPolicy` + resource. + type: string + type: object + required: + - alertPolicyRef + type: object + blank: + description: A blank space. + type: object + collapsibleGroup: + description: A widget that groups the other widgets. + All widgets that are within the area spanned by + the grouping widget are considered member widgets. + properties: + collapsed: + description: The collapsed state of the widget + on first page load. + type: boolean + type: object + errorReportingPanel: + description: A widget that displays a list of error + groups. + properties: + projectRefs: + description: The projects from which to gather + errors. + items: + description: The Project that this resource + belongs to. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: The `projectID` field of a + project, when not managed by Config Connector. + type: string + kind: + description: The kind of the Project resource; + optional but must be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` + resource. + type: string + namespace: + description: The `namespace` field of a + `Project` resource. + type: string + type: object + type: array + services: + description: An identifier of the service, such + as the name of the executable, job, or Google + App Engine service name. This field is expected + to have a low number of values that are relatively + stable over time, as opposed to `version`, which + can be changed whenever new code is deployed. + items: + type: string + type: array + versions: + description: Represents the source code version + that the developer provided, which could represent + a version label or a Git SHA-1 hash, for example. + For App Engine standard environment, the version + is set to the version of the app. + items: + type: string + type: array + type: object + id: + description: Optional. The widget id. Ids may be made + up of alphanumerics, dashes and underscores. Widget + ids are optional. + type: string + incidentList: + description: A widget that shows list of incidents. + properties: + monitoredResources: + description: Optional. The monitored resource + for which incidents are listed. + items: + properties: + labels: + additionalProperties: + type: string + description: Required. Values for all of + the labels listed in the associated monitored + resource descriptor. + type: object + type: + description: Required. The monitored resource + type. This field must match the `type` + field of a [MonitoredResourceDescriptor][google.api.MonitoredResourceDescriptor] + object. + type: string + type: object + type: array + policyRefs: + description: Optional. A list of alert policies + to filter the incident list by. + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The MonitoringAlertPolicy link + in the form "projects/[PROJECT_ID_OR_NUMBER]/alertPolicies/[ALERT_POLICY_ID]", + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `MonitoringAlertPolicy` + resource. + type: string + namespace: + description: The `namespace` field of a + `MonitoringAlertPolicy` resource. + type: string + type: object + type: array + type: object + logsPanel: + description: A widget that shows a stream of logs. + properties: + filter: + description: A filter that chooses which log entries + to return. See [Advanced Logs Queries](https://cloud.google.com/logging/docs/view/advanced-queries). + type: string + resourceNames: + description: The names of logging resources to + collect logs for. + items: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: The external name of the referenced + resource + type: string + kind: + description: Kind of the referent. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + pieChart: + description: A widget that displays timeseries data + as a pie chart. + properties: + chartType: + description: Required. Indicates the visualization + type for the PieChart. + type: string + dataSets: + description: Required. The queries for the chart's + data. + items: + properties: + minAlignmentPeriod: + description: Optional. The lower bound on + data point frequency for this data set. + type: string + sliceNameTemplate: + description: Optional. A template for the + name of the slice. + type: string + timeSeriesQuery: + description: Required. The query for the + PieChart. See, `google.monitoring.dashboard.v1.TimeSeriesQuery`. + properties: + outputFullDuration: + description: Optional. If set, Cloud + Monitoring will treat the full query + duration as the alignment period so + that there will be only 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time + series with PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch + time series. + properties: + aggregation: + description: By default, the raw + time series data is returned. + Use this field to combine multiple + time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: How to use the + ranking to select time series + that pass through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio + between two time series filters. + properties: + denominator: + description: The denominator of + the ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. + type: string + type: object + filter: + description: The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the + ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. + type: string + type: object + filter: + description: The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: How to use the + ranking to select time series + that pass through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time + series with MQL. + type: string + unitOverride: + description: The unit of data contained + in fetched time series. If non-empty, + this unit will override any unit that + accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + type: array + showLabels: + description: Optional. Indicates whether or not + the pie chart should show slices' labels + type: boolean + required: + - chartType + - dataSets + type: object + scorecard: + description: A scorecard summarizing time series data. + properties: + blankView: + description: Will cause the `Scorecard` to show + only the value, with no indicator to its value + relative to its thresholds. + type: object + gaugeView: + description: Will cause the scorecard to show + a gauge chart. + properties: + lowerBound: + description: The lower bound for this gauge + chart. The value of the chart should always + be greater than or equal to this. + format: double + type: number + upperBound: + description: The upper bound for this gauge + chart. The value of the chart should always + be less than or equal to this. + format: double + type: number + type: object + sparkChartView: + description: Will cause the scorecard to show + a spark chart. + properties: + minAlignmentPeriod: + description: The lower bound on data point + frequency in the chart implemented by specifying + the minimum alignment period to use in a + time series query. + type: string + sparkChartType: + description: Required. The type of sparkchart + to show in this chartView. + type: string + required: + - sparkChartType + type: object + thresholds: + description: The thresholds used to determine + the state of the scorecard given the time series' + current value. + items: + properties: + color: + description: The state color for this threshold. + Color is not allowed in a XyChart. + type: string + direction: + description: The direction for the current + threshold. Direction is not allowed in + a XyChart. + type: string + label: + description: A label for the threshold. + type: string + targetAxis: + description: The target axis to use for + plotting the threshold. Target axis is + not allowed in a Scorecard. + type: string + value: + description: The value of the threshold. + The value should be defined in the native + scale of the metric. + format: double + type: number + type: object + type: array + timeSeriesQuery: + description: Required. Fields for querying time + series data from the Stackdriver metrics API. + properties: + outputFullDuration: + description: Optional. If set, Cloud Monitoring + will treat the full query duration as the + alignment period so that there will be only + 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time series + with PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch time + series. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this field + to combine multiple time series for + different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio between + two time series filters. + properties: + denominator: + description: The denominator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time series + with MQL. + type: string + unitOverride: + description: The unit of data contained in + fetched time series. If non-empty, this + unit will override any unit that accompanies + fetched data. The format is the same as + the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + sectionHeader: + description: A widget that defines a section header + for easier navigation of the dashboard. + properties: + dividerBelow: + description: Whether to insert a divider below + the section in the table of contents + type: boolean + subtitle: + description: The subtitle of the section + type: string + type: object + singleViewGroup: + description: A widget that groups the other widgets + by using a dropdown menu. + type: object + text: + description: A raw string or markdown displaying textual + content. + properties: + content: + description: The text content to be displayed. + type: string + format: + description: How the text content is formatted. + type: string + style: + description: How the text is styled + properties: + backgroundColor: + description: The background color as a hex + string. "#RRGGBB" or "#RGB" + type: string + fontSize: + description: Font sizes for both the title + and content. The title will still be larger + relative to the content. + type: string + horizontalAlignment: + description: The horizontal alignment of both + the title and content + type: string + padding: + description: The amount of padding around + the widget + type: string + pointerLocation: + description: The pointer location for this + widget (also sometimes called a "tail") + type: string + textColor: + description: The text color as a hex string. + "#RRGGBB" or "#RGB" + type: string + verticalAlignment: + description: The vertical alignment of both + the title and content + type: string + type: object + type: object + timeSeriesTable: + description: A widget that displays time series data + in a tabular format. + properties: + columnSettings: + description: Optional. The list of the persistent + column settings for the table. + items: + properties: + column: + description: Required. The id of the column. + type: string + visible: + description: Required. Whether the column + should be visible on page load. + type: boolean + required: + - column + - visible + type: object + type: array + dataSets: + description: Required. The data displayed in this + table. + items: + properties: + minAlignmentPeriod: + description: Optional. The lower bound on + data point frequency for this data set. + type: string + tableDisplayOptions: + description: Optional. Table display options + for configuring how the table is rendered. + properties: + shownColumns: + description: Optional. This field is + unused and has been replaced by TimeSeriesTable.column_settings + items: + type: string + type: array + type: object + tableTemplate: + description: Optional. A template string + for naming `TimeSeries` in the resulting + data set. + type: string + timeSeriesQuery: + description: Required. Fields for querying + time series data from the Stackdriver + metrics API. + properties: + outputFullDuration: + description: Optional. If set, Cloud + Monitoring will treat the full query + duration as the alignment period so + that there will be only 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time + series with PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch + time series. + properties: + aggregation: + description: By default, the raw + time series data is returned. + Use this field to combine multiple + time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: How to use the + ranking to select time series + that pass through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio + between two time series filters. + properties: + denominator: + description: The denominator of + the ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. + type: string + type: object + filter: + description: The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the + ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. + type: string + type: object + filter: + description: The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: How to use the + ranking to select time series + that pass through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time + series with MQL. + type: string + unitOverride: + description: The unit of data contained + in fetched time series. If non-empty, + this unit will override any unit that + accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + type: object + type: array + metricVisualization: + description: Optional. Store rendering strategy + type: string + required: + - dataSets + type: object + title: + description: Optional. The title of the widget. + type: string + xyChart: + description: A chart of time series data. + properties: + chartOptions: + description: Display options for the chart. + properties: + mode: + description: The chart mode. + type: string + type: object + dataSets: + description: Required. The data displayed in this + chart. + items: + properties: + legendTemplate: + description: A template string for naming + `TimeSeries` in the resulting data set. + type: string + minAlignmentPeriod: + description: Optional. The lower bound on + data point frequency for this data set. + type: string + plotType: + description: How this data should be plotted + on the chart. + type: string + targetAxis: + description: Optional. The target axis to + use for plotting the metric. + type: string + timeSeriesQuery: + description: Fields for querying time series + data from the Stackdriver metrics API. + properties: + outputFullDuration: + description: Optional. If set, Cloud + Monitoring will treat the full query + duration as the alignment period so + that there will be only 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time + series with PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch + time series. + properties: + aggregation: + description: By default, the raw + time series data is returned. + Use this field to combine multiple + time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: How to use the + ranking to select time series + that pass through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio + between two time series filters. + properties: + denominator: + description: The denominator of + the ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. + type: string + type: object + filter: + description: The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the + ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. + type: string + type: object + filter: + description: The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: How to use the + ranking to select time series + that pass through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time + series with MQL. + type: string + unitOverride: + description: The unit of data contained + in fetched time series. If non-empty, + this unit will override any unit that + accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + type: array + thresholds: + description: Threshold lines drawn horizontally + across the chart. + items: + properties: + color: + description: The state color for this threshold. + Color is not allowed in a XyChart. + type: string + direction: + description: The direction for the current + threshold. Direction is not allowed in + a XyChart. + type: string + label: + description: A label for the threshold. + type: string + targetAxis: + description: The target axis to use for + plotting the threshold. Target axis is + not allowed in a Scorecard. + type: string + value: + description: The value of the threshold. + The value should be defined in the native + scale of the metric. + format: double + type: number + type: object + type: array + timeshiftDuration: + description: The duration used to display a comparison + chart. + type: string + xAxis: + description: The properties applied to the x-axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: The axis scale. By default, a + linear scale is used. + type: string + type: object + y2Axis: + description: The properties applied to the y2-axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: The axis scale. By default, a + linear scale is used. + type: string + type: object + yAxis: + description: The properties applied to the y-axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: The axis scale. By default, a + linear scale is used. + type: string + type: object + required: + - dataSets + type: object + type: object + type: array + type: object + type: array + type: object + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observations + of the MonitoringDashboard's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: \`etag\` is used for optimistic concurrency control as + a way to help prevent simultaneous updates of a policy from overwriting + each other. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringgroups.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringGroup + plural: monitoringgroups + shortNames: + - gcpmonitoringgroup + - gcpmonitoringgroups + singular: monitoringgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: A user-assigned name for this group, used only for display + purposes. + type: string + filter: + description: The filter used to determine which monitored resources + belong to this group. + type: string + isCluster: + description: If true, the members of this group are considered to + be a cluster. The system can perform additional analysis on groups + that are clusters. + type: boolean + parentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of the group's parent, if it has one. The format is: projects/ For groups with no parent, `parent_name` is the empty string, ``. + + Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project of the group + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - filter + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringmetricdescriptors.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringMetricDescriptor + plural: monitoringmetricdescriptors + shortNames: + - gcpmonitoringmetricdescriptor + - gcpmonitoringmetricdescriptors + singular: monitoringmetricdescriptor + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. A detailed description of the metric, which + can be used in documentation. + type: string + displayName: + description: Immutable. A concise name for the metric, which can be + displayed in user interfaces. Use sentence case without an ending + period, for example "Request count". This field is optional but + it is recommended to be set for any metrics associated with user-visible + concepts, such as Quota. + type: string + labels: + description: Immutable. The set of labels that can be used to describe + a specific instance of this metric type. For example, the `appengine.googleapis.com/http/server/response_latencies` + metric type has a label for the HTTP response code, `response_code`, + so you can look at latencies for successful responses or just for + responses that failed. + items: + properties: + description: + description: Immutable. A human-readable description for the + label. + type: string + key: + description: 'Immutable. The key for this label. The key must + meet the following criteria: * Does not exceed 100 characters. + * Matches the following regular expression: `a-zA-Z*` * The + first character must be an upper- or lower-case letter. * + The remaining characters must be letters, digits, or underscores.' + type: string + valueType: + description: 'Immutable. The type of data that can be assigned + to the label. Possible values: STRING, BOOL, INT64' + type: string + type: object + type: array + launchStage: + description: 'Immutable. Optional. The launch stage of the metric + definition. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, + PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + type: string + metadata: + description: Immutable. Optional. Metadata which can be used to guide + usage of the metric. + properties: + ingestDelay: + description: Immutable. The delay of data points caused by ingestion. + Data points older than this age are guaranteed to be ingested + and available to be read, excluding data loss due to errors. + type: string + launchStage: + description: 'Immutable. Deprecated. Must use the MetricDescriptor.launch_stage + instead. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, + PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + type: string + samplePeriod: + description: Immutable. The sampling period of metric data points. + For metrics which are written periodically, consecutive data + points are stored at this time interval, excluding data loss + due to errors. Metrics with a higher granularity have a smaller + sampling period. + type: string + type: object + metricKind: + description: 'Immutable. Whether the metric records instantaneous + values, changes to a value, etc. Some combinations of `metric_kind` + and `value_type` might not be supported. Possible values: METRIC_KIND_UNSPECIFIED, + GAUGE, DELTA, CUMULATIVE' + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: 'Immutable. The metric type, including its DNS name prefix. + The type is not URL-encoded. All user-defined metric types have + the DNS name `custom.googleapis.com` or `external.googleapis.com`. + Metric types should use a natural hierarchical grouping. For example: + "custom.googleapis.com/invoice/paid/amount" "external.googleapis.com/prometheus/up" + "appengine.googleapis.com/http/server/response_latencies"' + type: string + unit: + description: 'Immutable. The units in which the metric value is reported. + It is only applicable if the `value_type` is `INT64`, `DOUBLE`, + or `DISTRIBUTION`. The `unit` defines the representation of the + stored metric values. Different systems might scale the values to + be more easily displayed (so a value of `0.02kBy` _might_ be displayed + as `20By`, and a value of `3523kBy` _might_ be displayed as `3.5MBy`). + However, if the `unit` is `kBy`, then the value of the metric is + always in thousands of bytes, no matter how it might be displayed. + If you want a custom metric to record the exact number of CPU-seconds + used by a job, you can create an `INT64 CUMULATIVE` metric whose + `unit` is `s{CPU}` (or equivalently `1s{CPU}` or just `s`). If the + job uses 12,005 CPU-seconds, then the value is written as `12005`. + Alternatively, if you want a custom metric to record data in a more + granular way, you can create a `DOUBLE CUMULATIVE` metric whose + `unit` is `ks{CPU}`, and then write the value `12.005` (which is + `12005/1000`), or use `Kis{CPU}` and write `11.723` (which is `12005/1024`). + The supported units are a subset of [The Unified Code for Units + of Measure](https://unitsofmeasure.org/ucum.html) standard: **Basic + units (UNIT)** * `bit` bit * `By` byte * `s` second * `min` minute + * `h` hour * `d` day * `1` dimensionless **Prefixes (PREFIX)** * + `k` kilo (10^3) * `M` mega (10^6) * `G` giga (10^9) * `T` tera (10^12) + * `P` peta (10^15) * `E` exa (10^18) * `Z` zetta (10^21) * `Y` yotta + (10^24) * `m` milli (10^-3) * `u` micro (10^-6) * `n` nano (10^-9) + * `p` pico (10^-12) * `f` femto (10^-15) * `a` atto (10^-18) * `z` + zepto (10^-21) * `y` yocto (10^-24) * `Ki` kibi (2^10) * `Mi` mebi + (2^20) * `Gi` gibi (2^30) * `Ti` tebi (2^40) * `Pi` pebi (2^50) + **Grammar** The grammar also includes these connectors: * `/` division + or ratio (as an infix operator). For examples, `kBy/{email}` or + `MiBy/10ms` (although you should almost never have `/s` in a metric + `unit`; rates should always be computed at query time from the underlying + cumulative or delta value). * `.` multiplication or composition + (as an infix operator). For examples, `GBy.d` or `k{watt}.h`. The + grammar for a unit is as follows: Expression = Component: { "." + Component } { "/" Component } ; Component = ( [ PREFIX ] UNIT | + "%" ) [ Annotation ] | Annotation | "1" ; Annotation = "{" NAME + "}" ; Notes: * `Annotation` is just a comment if it follows a `UNIT`. + If the annotation is used alone, then the unit is equivalent to + `1`. For examples, `{request}/s == 1/s`, `By{transmitted}/s == By/s`. + * `NAME` is a sequence of non-blank printable ASCII characters not + containing `{` or `}`. * `1` represents a unitary [dimensionless + unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) of 1, + such as in `1/s`. It is typically used when none of the basic units + are appropriate. For example, "new users per day" can be represented + as `1/d` or `{new-users}/d` (and a metric value `5` would mean "5 + new users). Alternatively, "thousands of page views per day" would + be represented as `1000/d` or `k1/d` or `k{page_views}/d` (and a + metric value of `5.3` would mean "5300 page views per day"). * `%` + represents dimensionless value of 1/100, and annotates values giving + a percentage (so the metric values are typically in the range of + 0..100, and a metric value `3` means "3 percent"). * `10^2.%` indicates + a metric contains a ratio, typically in the range 0..1, that will + be multiplied by 100 and displayed as a percentage (so a metric + value `0.03` means "3 percent").' + type: string + valueType: + description: 'Immutable. Whether the measurement is an integer, a + floating-point number, etc. Some combinations of `metric_kind` and + `value_type` might not be supported. Possible values: STRING, BOOL, + INT64' + type: string + required: + - metricKind + - projectRef + - type + - valueType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + monitoredResourceTypes: + description: Read-only. If present, then a time series, which is identified + partially by a metric type and a MonitoredResourceDescriptor, that + is associated with this metric type can only be associated with + one of the monitored resource types listed here. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The resource name of the metric descriptor. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringmonitoredprojects.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringMonitoredProject + plural: monitoringmonitoredprojects + shortNames: + - gcpmonitoringmonitoredproject + - gcpmonitoringmonitoredprojects + singular: monitoringmonitoredproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + metricsScope: + description: 'Immutable. Required. The resource name of the existing + Metrics Scope that will monitor this project. Example: locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}' + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - metricsScope + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when this `MonitoredProject` was + created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: monitoringnotificationchannels.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringNotificationChannel + plural: monitoringnotificationchannels + shortNames: + - gcpmonitoringnotificationchannel + - gcpmonitoringnotificationchannels + singular: monitoringnotificationchannel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional human-readable description of this notification + channel. This description may provide additional details, beyond + the display name, for the channel. This may not exceed 1024 Unicode + characters. + type: string + enabled: + description: Whether notifications are forwarded to the described + channel. This makes it possible to disable delivery of notifications + to a particular channel without removing the channel from all alerting + policies that reference the channel. This is a more convenient approach + when the change is temporary and you want to receive notifications + from the same set of alerting policies on the channel at some point + in the future. + type: boolean + forceDelete: + description: |- + If true, the notification channel will be deleted regardless + of its use in alert policies (the policies will be updated + to remove the channel). If false, channels that are still + referenced by an existing alerting policy will fail to be + deleted in a delete operation. + type: boolean + labels: + additionalProperties: + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + sensitiveLabels: + description: |- + Different notification type behaviors are configured primarily using the the 'labels' field on this + resource. This block contains the labels which contain secrets or passwords so that they can be marked + sensitive and hidden from plan output. The name of the field, eg: password, will be the key + in the 'labels' map in the api request. + + Credentials may not be specified in both locations and will cause an error. Changing from one location + to a different credential configuration in the config will require an apply to update state. + properties: + authToken: + description: 'An authorization token for a notification channel. + Channel types that support this field include: slack.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + password: + description: 'An password for a notification channel. Channel + types that support this field include: webhook_basicauth.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + serviceKey: + description: 'An servicekey token for a notification channel. + Channel types that support this field include: pagerduty.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + type: object + type: + description: The type of the notification channel. This field matches + the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list + to get the list of valid values such as "email", "slack", etc... + type: string + required: + - type + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The full REST resource name for this channel. The syntax is: + projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID] + The [CHANNEL_ID] is automatically assigned by the server on creation. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + verificationStatus: + description: Indicates whether this channel has been verified or not. + On a ListNotificationChannels or GetNotificationChannel operation, + this field is expected to be populated.If the value is UNVERIFIED, + then it indicates that the channel is non-functioning (it both requires + verification and lacks verification); otherwise, it is assumed that + the channel works.If the channel is neither VERIFIED nor UNVERIFIED, + it implies that the channel is of a type that does not require verification + or that this specific channel has been exempted from verification + because it was created prior to verification being required for + channels of this type.This field cannot be modified using a standard + UpdateNotificationChannel operation. To change the value of this + field, you must call VerifyNotificationChannel. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringservicelevelobjectives.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringServiceLevelObjective + plural: monitoringservicelevelobjectives + shortNames: + - gcpmonitoringservicelevelobjective + - gcpmonitoringservicelevelobjectives + singular: monitoringservicelevelobjective + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + calendarPeriod: + description: 'A calendar period, semantically "since the start of + the current ``". At this time, only `DAY`, `WEEK`, `FORTNIGHT`, + and `MONTH` are supported. Possible values: CALENDAR_PERIOD_UNSPECIFIED, + DAY, WEEK, FORTNIGHT, MONTH, QUARTER, HALF, YEAR' + type: string + displayName: + description: Name used for UI elements listing this SLO. + type: string + goal: + description: The fraction of service that must be good in order for + this objective to be met. `0 < goal <= 0.999`. + format: double + type: number + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rollingPeriod: + description: A rolling time period, semantically "in the past ``". + Must be an integer multiple of 1 day no larger than 30 days. + type: string + serviceLevelIndicator: + description: The definition of good service, used to measure and calculate + the quality of the `Service`'s performance with respect to a single + aspect of service quality. + properties: + basicSli: + description: Basic SLI on a well-known service type. + properties: + availability: + description: Good service is defined to be the count of requests + made to this service that return successfully. + type: object + x-kubernetes-preserve-unknown-fields: true + latency: + description: Good service is defined to be the count of requests + made to this service that are fast enough with respect to + `latency.threshold`. + properties: + experience: + description: 'A description of the experience associated + with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, + DELIGHTING, SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the count of + requests made to this service that return in no more + than `threshold`. + type: string + type: object + location: + description: 'OPTIONAL: The set of locations to which this + SLI is relevant. Telemetry from other locations will not + be used to calculate performance for this SLI. If omitted, + this SLI applies to all locations in which the Service has + activity. For service types that don''t support breaking + down by location, setting this field will result in an error.' + items: + type: string + type: array + method: + description: 'OPTIONAL: The set of RPCs to which this SLI + is relevant. Telemetry from other methods will not be used + to calculate performance for this SLI. If omitted, this + SLI applies to all the Service''s methods. For service types + that don''t support breaking down by method, setting this + field will result in an error.' + items: + type: string + type: array + operationAvailability: + description: Good service is defined to be the count of operations + performed by this service that return successfully + type: object + x-kubernetes-preserve-unknown-fields: true + operationLatency: + description: Good service is defined to be the count of operations + performed by this service that are fast enough with respect + to `operation_latency.threshold`. + properties: + experience: + description: 'A description of the experience associated + with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, + DELIGHTING, SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the count of + operations that are completed in no more than `threshold`. + type: string + type: object + version: + description: 'OPTIONAL: The set of API versions to which this + SLI is relevant. Telemetry from other API versions will + not be used to calculate performance for this SLI. If omitted, + this SLI applies to all API versions. For service types + that don''t support breaking down by version, setting this + field will result in an error.' + items: + type: string + type: array + type: object + requestBased: + description: Request-based SLIs + properties: + distributionCut: + description: '`distribution_cut` is used when `good_service` + is a count of values aggregated in a `Distribution` that + fall into a good range. The `total_service` is the total + count of all values aggregated in the `Distribution`.' + properties: + distributionFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` aggregating values. Must have + `ValueType = DISTRIBUTION` and `MetricKind = DELTA` + or `MetricKind = CUMULATIVE`. + type: string + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + type: object + goodTotalRatio: + description: '`good_total_ratio` is used when the ratio of + `good_service` to `total_service` is computed from two `TimeSeries`.' + properties: + badServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying bad service, either + demanded service that was not provided or demanded service + that was of inadequate quality. Must have `ValueType + = DOUBLE` or `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + goodServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying good service provided. + Must have `ValueType = DOUBLE` or `ValueType = INT64` + and must have `MetricKind = DELTA` or `MetricKind = + CUMULATIVE`. + type: string + totalServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying total demanded + service. Must have `ValueType = DOUBLE` or `ValueType + = INT64` and must have `MetricKind = DELTA` or `MetricKind + = CUMULATIVE`. + type: string + type: object + type: object + windowsBased: + description: Windows-based SLIs + properties: + goodBadMetricFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` with `ValueType = BOOL`. The window + is good if any `true` values appear in the window. + type: string + goodTotalRatioThreshold: + description: A window is good if its `performance` is high + enough. + properties: + basicSliPerformance: + description: '`BasicSli` to evaluate to judge window quality.' + properties: + availability: + description: Good service is defined to be the count + of requests made to this service that return successfully. + type: object + x-kubernetes-preserve-unknown-fields: true + latency: + description: Good service is defined to be the count + of requests made to this service that are fast enough + with respect to `latency.threshold`. + properties: + experience: + description: 'A description of the experience + associated with failing requests. Possible values: + LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, + SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the + count of requests made to this service that + return in no more than `threshold`. + type: string + type: object + location: + description: 'OPTIONAL: The set of locations to which + this SLI is relevant. Telemetry from other locations + will not be used to calculate performance for this + SLI. If omitted, this SLI applies to all locations + in which the Service has activity. For service types + that don''t support breaking down by location, setting + this field will result in an error.' + items: + type: string + type: array + method: + description: 'OPTIONAL: The set of RPCs to which this + SLI is relevant. Telemetry from other methods will + not be used to calculate performance for this SLI. + If omitted, this SLI applies to all the Service''s + methods. For service types that don''t support breaking + down by method, setting this field will result in + an error.' + items: + type: string + type: array + operationAvailability: + description: Good service is defined to be the count + of operations performed by this service that return + successfully + type: object + x-kubernetes-preserve-unknown-fields: true + operationLatency: + description: Good service is defined to be the count + of operations performed by this service that are + fast enough with respect to `operation_latency.threshold`. + properties: + experience: + description: 'A description of the experience + associated with failing requests. Possible values: + LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, + SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the + count of operations that are completed in no + more than `threshold`. + type: string + type: object + version: + description: 'OPTIONAL: The set of API versions to + which this SLI is relevant. Telemetry from other + API versions will not be used to calculate performance + for this SLI. If omitted, this SLI applies to all + API versions. For service types that don''t support + breaking down by version, setting this field will + result in an error.' + items: + type: string + type: array + type: object + performance: + description: '`RequestBasedSli` to evaluate to judge window + quality.' + properties: + distributionCut: + description: '`distribution_cut` is used when `good_service` + is a count of values aggregated in a `Distribution` + that fall into a good range. The `total_service` + is the total count of all values aggregated in the + `Distribution`.' + properties: + distributionFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` aggregating values. + Must have `ValueType = DISTRIBUTION` and `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + range: + description: Range of values considered "good." + For a one-sided range, set one bound to an infinite + value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + type: object + goodTotalRatio: + description: '`good_total_ratio` is used when the + ratio of `good_service` to `total_service` is computed + from two `TimeSeries`.' + properties: + badServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying bad service, + either demanded service that was not provided + or demanded service that was of inadequate quality. + Must have `ValueType = DOUBLE` or `ValueType + = INT64` and must have `MetricKind = DELTA` + or `MetricKind = CUMULATIVE`. + type: string + goodServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying good service + provided. Must have `ValueType = DOUBLE` or + `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + totalServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying total + demanded service. Must have `ValueType = DOUBLE` + or `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + type: object + type: object + threshold: + description: If window `performance >= threshold`, the + window is counted as good. + format: double + type: number + type: object + metricMeanInRange: + description: A window is good if the metric's value is in + a good range, averaged across returned streams. + properties: + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + timeSeries: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying the `TimeSeries` to use for evaluating window + quality. + type: string + type: object + metricSumInRange: + description: A window is good if the metric's value is in + a good range, summed across returned streams. + properties: + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + timeSeries: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying the `TimeSeries` to use for evaluating window + quality. + type: string + type: object + windowPeriod: + description: Duration over which window quality is evaluated. + Must be an integer fraction of a day and at least `60s`. + type: string + type: object + type: object + serviceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The service for the resource + + Allowed value: The Google Cloud resource name of a `MonitoringService` resource (format: `projects/{{project}}/services/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - goal + - projectRef + - serviceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time stamp of the `Create` or most recent `Update` command + on this `Slo`. + format: date-time + type: string + deleteTime: + description: Time stamp of the `Update` or `Delete` command that made + this no longer a current `Slo`. This field is not populated in `ServiceLevelObjective`s + returned from calls to `GetServiceLevelObjective` and `ListServiceLevelObjectives`, + because it is always empty in the current version. It is populated + in `ServiceLevelObjective`s representing previous versions in the + output of `ListServiceLevelObjectiveVersions`. Because all old configuration + versions are stored, `Update` operations mark the obsoleted version + as deleted. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + serviceManagementOwned: + description: Output only. If set, this SLO is managed at the [Service + Management](https://cloud.google.com/service-management/overview) + level. Therefore the service yaml file is the source of truth for + this SLO, and API `Update` and `Delete` operations are forbidden. + type: boolean + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringservices.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringService + plural: monitoringservices + shortNames: + - gcpmonitoringservice + - gcpmonitoringservices + singular: monitoringservice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Name used for UI elements listing this Service. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + telemetry: + description: Configuration for how to query telemetry on a Service. + properties: + resourceName: + description: The full name of the resource that defines this service. + Formatted as described in https://cloud.google.com/apis/design/resource_names. + type: string + type: object + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringuptimecheckconfigs.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringUptimeCheckConfig + plural: monitoringuptimecheckconfigs + shortNames: + - gcpmonitoringuptimecheckconfig + - gcpmonitoringuptimecheckconfigs + singular: monitoringuptimecheckconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + contentMatchers: + description: The content that is expected to appear in the data returned + by the target server against which the check is run. Currently, + only the first entry in the `content_matchers` list is supported, + and additional entries will be ignored. This field is optional and + should only be specified if a content match is required as part + of the/ Uptime check. + items: + properties: + content: + type: string + matcher: + description: ' Possible values: CONTENT_MATCHER_OPTION_UNSPECIFIED, + CONTAINS_STRING, NOT_CONTAINS_STRING, MATCHES_REGEX, NOT_MATCHES_REGEX' + type: string + required: + - content + type: object + type: array + displayName: + description: A human-friendly name for the Uptime check configuration. + The display name should be unique within a Stackdriver Workspace + in order to make it easier to identify; however, uniqueness is not + enforced. Required. + type: string + httpCheck: + description: Contains information needed to make an HTTP or HTTPS + check. + properties: + authInfo: + description: The authentication information. Optional when creating + an HTTP check; defaults to empty. + properties: + password: + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + type: string + required: + - password + - username + type: object + body: + description: 'The request body associated with the HTTP POST request. + If `content_type` is `URL_ENCODED`, the body passed in must + be URL-encoded. Users can provide a `Content-Length` header + via the `headers` field or the API will do so. If the `request_method` + is `GET` and `body` is not empty, the API will return an error. + The maximum byte size is 1 megabyte. Note: As with all `bytes` + fields JSON representations are base64 encoded. e.g.: "foo=bar" + in URL-encoded form is "foo%3Dbar" and in base64 encoding is + "Zm9vJTI1M0RiYXI=".' + type: string + contentType: + description: 'Immutable. The content type to use for the check. Possible + values: TYPE_UNSPECIFIED, URL_ENCODED' + type: string + headers: + additionalProperties: + type: string + description: The list of headers to send as part of the Uptime + check request. If two headers have the same key and different + values, they should be entered as a single header, with the + value being a comma-separated list of all the desired values + as described at https://www.w3.org/Protocols/rfc2616/rfc2616.txt + (page 31). Entering two separate headers with the same key in + a Create call will cause the first to be overwritten by the + second. The maximum number of headers allowed is 100. + type: object + maskHeaders: + description: Immutable. Boolean specifying whether to encrypt + the header information. Encryption should be specified for any + headers related to authentication that you do not wish to be + seen when retrieving the configuration. The server will be responsible + for encrypting the headers. On Get/List calls, if `mask_headers` + is set to `true` then the headers will be obscured with `******.` + type: boolean + path: + description: Optional (defaults to "/"). The path to the page + against which to run the check. Will be combined with the `host` + (specified within the `monitored_resource`) and `port` to construct + the full URL. If the provided path does not begin with "/", + a "/" will be prepended automatically. + type: string + port: + description: Optional (defaults to 80 when `use_ssl` is `false`, + and 443 when `use_ssl` is `true`). The TCP port on the HTTP + server against which to run the check. Will be combined with + host (specified within the `monitored_resource`) and `path` + to construct the full URL. + format: int64 + type: integer + requestMethod: + description: Immutable. The HTTP request method to use for the + check. If set to `METHOD_UNSPECIFIED` then `request_method` + defaults to `GET`. + type: string + useSsl: + description: If `true`, use HTTPS instead of HTTP to run the check. + type: boolean + validateSsl: + description: Boolean specifying whether to include SSL certificate + validation as a part of the Uptime check. Only applies to checks + where `monitored_resource` is set to `uptime_url`. If `use_ssl` + is `false`, setting `validate_ssl` to `true` has no effect. + type: boolean + type: object + monitoredResource: + description: 'Immutable. The [monitored resource](https://cloud.google.com/monitoring/api/resources) + associated with the configuration. The following monitored resource + types are supported for Uptime checks: `uptime_url`, `gce_instance`, `gae_app`, `aws_ec2_instance`, `aws_elb_load_balancer`' + properties: + filterLabels: + additionalProperties: + type: string + description: Immutable. + type: object + type: + description: Immutable. + type: string + required: + - filterLabels + - type + type: object + period: + description: How often, in seconds, the Uptime check is performed. + Currently, the only supported values are `60s` (1 minute), `300s` + (5 minutes), `600s` (10 minutes), and `900s` (15 minutes). Optional, + defaults to `60s`. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for this uptime check config. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceGroup: + description: Immutable. The group resource associated with the configuration. + properties: + groupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The group of resources being monitored. Should be only the `[GROUP_ID]`, and not the full-path `projects/[PROJECT_ID_OR_NUMBER]/groups/[GROUP_ID]`. + + Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceType: + description: 'Immutable. The resource type of the group members. + Possible values: RESOURCE_TYPE_UNSPECIFIED, INSTANCE, AWS_ELB_LOAD_BALANCER' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + selectedRegions: + description: The list of regions from which the check will be run. + Some regions contain one location, and others contain more than + one. If this field is specified, enough regions must be provided + to include a minimum of 3 locations. Not specifying this field + will result in Uptime checks running from all available regions. + items: + type: string + type: array + tcpCheck: + description: Contains information needed to make a TCP check. + properties: + port: + description: The TCP port on the server against which to run the + check. Will be combined with host (specified within the `monitored_resource`) + to construct the full URL. Required. + format: int64 + type: integer + required: + - port + type: object + timeout: + description: The maximum amount of time to wait for the request to + complete (must be between 1 and 60 seconds). Required. + type: string + required: + - displayName + - projectRef + - timeout + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkconnectivityhubs.networkconnectivity.cnrm.cloud.google.com +spec: + group: networkconnectivity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkConnectivityHub + plural: networkconnectivityhubs + shortNames: + - gcpnetworkconnectivityhub + - gcpnetworkconnectivityhubs + singular: networkconnectivityhub + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional description of the hub. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time the hub was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + routingVpcs: + description: The VPC network associated with this hub's spokes. All + of the VPN tunnels, VLAN attachments, and router appliance instances + referenced by this hub's spokes must belong to this VPC network. + This field is read-only. Network Connectivity Center automatically + populates it based on the set of spokes attached to the hub. + items: + properties: + uri: + description: The URI of the VPC network. + type: string + type: object + type: array + state: + description: 'Output only. The current lifecycle state of this hub. + Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string + uniqueId: + description: Output only. The Google-generated UUID for the hub. This + value is unique across all hub resources. If a hub is deleted and + another with the same name is created, the new hub is assigned a + different unique_id. + type: string + updateTime: + description: Output only. The time the hub was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: networkconnectivityserviceconnectionpolicies.networkconnectivity.cnrm.cloud.google.com +spec: + group: networkconnectivity.cnrm.cloud.google.com + names: + kind: NetworkConnectivityServiceConnectionPolicy + listKind: NetworkConnectivityServiceConnectionPolicyList + plural: networkconnectivityserviceconnectionpolicies + singular: networkconnectivityserviceconnectionpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: NetworkConnectivityServiceConnectionPolicy is the Schema for + the NetworkConnectivityServiceConnectionPolicy API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: NetworkConnectivityServiceConnectionPolicySpec defines the + desired state of NetworkConnectivityServiceConnectionPolicy + properties: + description: + description: A description of this resource. + type: string + location: + description: Immutable. Location of the resource. + type: string + networkRef: + description: 'The resource path of the consumer network. Example: + - projects/{projectNumOrId}/global/networks/{resourceId}.' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed Compute Network + resource. Should be in the format `projects//global/networks/`. + type: string + name: + description: The `name` field of a `ComputeNetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeNetwork` resource. + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + pscConfig: + description: Configuration used for Private Service Connect connections. + Used when Infrastructure is PSC. + properties: + limit: + description: Optional. Max number of PSC connections for this + policy. + format: int64 + type: integer + producerInstanceLocation: + description: Required. ProducerInstanceLocation is used to specify + which authorization mechanism to use to determine which projects + the Producer instance can be within. + type: string + subnetworkRefs: + description: 'The resource paths of subnetworks to use for IP + address management. Example: projects/{projectNumOrId}/regions/{region}/subnetworks/{resourceId}.' + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The ComputeSubnetwork selflink of form "projects/{{project}}/regions/{{region}}/subnetworks/{{name}}", + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `ComputeSubnetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeSubnetwork` + resource. + type: string + type: object + type: array + type: object + resourceID: + description: The NetworkConnectivityServiceConnectionPolicy name. + If not given, the metadata.name will be used. + type: string + serviceClass: + description: The service class identifier for which this ServiceConnectionPolicy + is for. The service class identifier is a unique, symbolic representation + of a ServiceClass. It is provided by the Service Producer. Google + services have a prefix of gcp. For example, gcp-cloud-sql. 3rd party + services do not. For example, test-service-a3dfcx. + type: string + required: + - location + - projectRef + type: object + status: + description: NetworkConnectivityServiceConnectionPolicyStatus defines + the config connector machine state of NetworkConnectivityServiceConnectionPolicy + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the NetworkConnectivityServiceConnectionPolicy + resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + createTime: + description: Output only. Time when the ServiceConnectionMap was + created. + type: string + etag: + description: Optional. The etag is computed by the server, and + may be sent on update and delete requests to ensure the client + has an up-to-date value before proceeding. + type: string + infrastructure: + description: Output only. The type of underlying resources used + to create the connection. + type: string + pscConnections: + description: Output only. [Output only] Information about each + Private Service Connect connection. + items: + properties: + consumerAddress: + description: The resource reference of the consumer address. + type: string + consumerForwardingRule: + description: The resource reference of the PSC Forwarding + Rule within the consumer VPC. + type: string + consumerTargetProject: + description: The project where the PSC connection is created. + type: string + error: + description: The most recent error during operating this + connection. + properties: + code: + description: The status code, which should be an enum + value of google.rpc.Code. + format: int32 + type: integer + message: + description: A developer-facing error message, which + should be in English. Any user-facing error message + should be localized and sent in the google.rpc.Status.details + field, or localized by the client. + type: string + type: object + errorInfo: + description: Output only. The error info for the latest + error during operating this connection. + properties: + domain: + description: 'The logical grouping to which the "reason" + belongs. The error domain is typically the registered + service name of the tool or product that generates + the error. Example: "pubsub.googleapis.com". If the + error is generated by some common infrastructure, + the error domain must be a globally unique value that + identifies the infrastructure. For Google API infrastructure, + the error domain is "googleapis.com".' + type: string + metadata: + additionalProperties: + type: string + description: 'Additional structured details about this + error. Keys must match /a-z+/ but should ideally be + lowerCamelCase. Also they must be limited to 64 characters + in length. When identifying the current value of an + exceeded limit, the units should be contained in the + key, not the value. For example, rather than {"instanceLimit": + "100/request"}, should be returned as, {"instanceLimitPerRequest": + "100"}, if the client exceeds the number of instances + that can be created in a single (batch) request.' + type: object + reason: + description: The reason of the error. This is a constant + value that identifies the proximate cause of the error. + Error reasons are unique within a particular domain + of errors. This should be at most 63 characters and + match a regular expression of `A-Z+[A-Z0-9]`, which + represents UPPER_SNAKE_CASE. + type: string + type: object + errorType: + description: The error type indicates whether the error + is consumer facing, producer facing or system internal. + type: string + gceOperation: + description: The last Compute Engine operation to setup + PSC connection. + type: string + producerInstanceID: + description: Immutable. An immutable identifier for the + producer instance. + type: string + pscConnectionID: + description: The PSC connection id of the PSC forwarding + rule. + type: string + selectedSubnetwork: + description: Output only. The URI of the subnetwork selected + to allocate IP address for this connection. + type: string + state: + description: State of the PSC Connection + type: string + type: object + type: array + updateTime: + description: Output only. Time when the ServiceConnectionMap was + updated. + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkconnectivityspokes.networkconnectivity.cnrm.cloud.google.com +spec: + group: networkconnectivity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkConnectivitySpoke + plural: networkconnectivityspokes + shortNames: + - gcpnetworkconnectivityspoke + - gcpnetworkconnectivityspokes + singular: networkconnectivityspoke + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional description of the spoke. + type: string + hubRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The URI of the hub that this spoke is attached to. + + Allowed value: The Google Cloud resource name of a `NetworkConnectivityHub` resource (format: `projects/{{project}}/locations/global/hubs/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + linkedInterconnectAttachments: + description: Immutable. A collection of VLAN attachment resources. + These resources should be redundant attachments that all advertise + the same prefixes to Google Cloud. Alternatively, in active/passive + configurations, all attachments should be capable of advertising + the same prefixes. + properties: + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + uris: + description: Immutable. + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInterconnectAttachment` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - siteToSiteDataTransfer + - uris + type: object + linkedRouterApplianceInstances: + description: Immutable. The URIs of linked Router appliance resources + properties: + instances: + description: Immutable. The list of router appliance instances + items: + properties: + ipAddress: + description: Immutable. The IP address on the VM to use + for peering. + type: string + virtualMachineRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URI of the virtual machine resource + + Allowed value: The `selfLink` field of a `ComputeInstance` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + required: + - instances + - siteToSiteDataTransfer + type: object + linkedVPCNetwork: + description: Immutable. VPC network that is associated with the spoke. + properties: + excludeExportRanges: + description: Immutable. IP ranges encompassing the subnets to + be excluded from peering. + items: + type: string + type: array + uriRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URI of the VPC network resource. + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - uriRef + type: object + linkedVpnTunnels: + description: Immutable. The URIs of linked VPN tunnel resources + properties: + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + uris: + description: Immutable. + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - siteToSiteDataTransfer + - uris + type: object + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - hubRef + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time the spoke was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The current lifecycle state of this spoke. + Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string + uniqueId: + description: Output only. The Google-generated UUID for the spoke. + This value is unique across all spoke resources. If a spoke is deleted + and another with the same name is created, the new spoke is assigned + a different unique_id. + type: string + updateTime: + description: Output only. The time the spoke was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: networkmanagementconnectivitytests.networkmanagement.cnrm.cloud.google.com +spec: + group: networkmanagement.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkManagementConnectivityTest + plural: networkmanagementconnectivitytests + shortNames: + - gcpnetworkmanagementconnectivitytest + - gcpnetworkmanagementconnectivitytests + singular: networkmanagementconnectivitytest + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + The user-supplied description of the Connectivity Test. + Maximum of 512 characters. + type: string + destination: + description: |- + Required. Destination specification of the Connectivity Test. + + You can use a combination of destination IP address, Compute + Engine VM instance, or VPC network to uniquely identify the + destination location. + + Even if the destination IP address is not unique, the source IP + location is unique. Usually, the analysis can infer the destination + endpoint from route information. + + If the destination you specify is a VM instance and the instance has + multiple network interfaces, then you must also specify either a + destination IP address or VPC network to identify the destination + interface. + + A reachability analysis proceeds even if the destination location + is ambiguous. However, the result can include endpoints that you + don't intend to test. + properties: + instance: + description: A Compute Engine instance URI. + type: string + ipAddress: + description: |- + The IP address of the endpoint, which can be an external or + internal IP. An IPv6 address is only allowed when the test's + destination is a global load balancer VIP. + type: string + network: + description: A Compute Engine network URI. + type: string + port: + description: |- + The IP protocol port of the endpoint. Only applicable when + protocol is TCP or UDP. + type: integer + projectId: + description: |- + Project ID where the endpoint is located. The Project ID can be + derived from the URI if you provide a VM instance or network URI. + The following are two cases where you must provide the project ID: + 1. Only the IP address is specified, and the IP address is within + a GCP project. 2. When you are using Shared VPC and the IP address + that you provide is from the service project. In this case, the + network that the IP address resides in is defined in the host + project. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + protocol: + description: IP Protocol of the test. When not provided, "TCP" is + assumed. + type: string + relatedProjects: + description: |- + Other projects that may be relevant for reachability analysis. + This is applicable to scenarios where a test can cross project + boundaries. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + source: + description: |- + Required. Source specification of the Connectivity Test. + + You can use a combination of source IP address, virtual machine + (VM) instance, or Compute Engine network to uniquely identify the + source location. + + Examples: If the source IP address is an internal IP address within + a Google Cloud Virtual Private Cloud (VPC) network, then you must + also specify the VPC network. Otherwise, specify the VM instance, + which already contains its internal IP address and VPC network + information. + + If the source of the test is within an on-premises network, then + you must provide the destination VPC network. + + If the source endpoint is a Compute Engine VM instance with multiple + network interfaces, the instance itself is not sufficient to + identify the endpoint. So, you must also specify the source IP + address or VPC network. + + A reachability analysis proceeds even if the source location is + ambiguous. However, the test result may include endpoints that + you don't intend to test. + properties: + instance: + description: A Compute Engine instance URI. + type: string + ipAddress: + description: |- + The IP address of the endpoint, which can be an external or + internal IP. An IPv6 address is only allowed when the test's + destination is a global load balancer VIP. + type: string + network: + description: A Compute Engine network URI. + type: string + networkType: + description: 'Type of the network where the endpoint is located. + Possible values: ["GCP_NETWORK", "NON_GCP_NETWORK"].' + type: string + port: + description: |- + The IP protocol port of the endpoint. Only applicable when + protocol is TCP or UDP. + type: integer + projectId: + description: |- + Project ID where the endpoint is located. The Project ID can be + derived from the URI if you provide a VM instance or network URI. + The following are two cases where you must provide the project ID: + + 1. Only the IP address is specified, and the IP address is + within a GCP project. + 2. When you are using Shared VPC and the IP address + that you provide is from the service project. In this case, + the network that the IP address resides in is defined in the + host project. + type: string + type: object + required: + - destination + - projectRef + - source + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networksecurityauthorizationpolicies.networksecurity.cnrm.cloud.google.com +spec: + group: networksecurity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkSecurityAuthorizationPolicy + plural: networksecurityauthorizationpolicies + shortNames: + - gcpnetworksecurityauthorizationpolicy + - gcpnetworksecurityauthorizationpolicies + singular: networksecurityauthorizationpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: 'Required. The action to take when a rule match is found. + Possible values are "ALLOW" or "DENY". Possible values: ACTION_UNSPECIFIED, + ALLOW, DENY' + type: string + description: + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Optional. List of rules to match. If not set, the action + specified in the ‘action’ field will be applied without any additional + rule checks. + items: + properties: + destinations: + description: Optional. List of attributes for the traffic destination. + If not set, the action specified in the ‘action’ field will + be applied without any rule checks for the destination. + items: + properties: + hosts: + description: Required. List of host names to match. Matched + against HOST header in http requests. Each host can + be an exact match, or a prefix match (example, “mydomain.*”) + or a suffix match (example, *.myorg.com”) or a presence(any) + match “*”. + items: + type: string + type: array + httpHeaderMatch: + description: Optional. Match against key:value pair in + http header. Provides a flexible match based on HTTP + headers, for potentially advanced use cases. + properties: + headerName: + description: Required. The name of the HTTP header + to match. For matching against the HTTP request's + authority, use a headerMatch with the header name + ":authority". For matching a request's method, use + the headerName ":method". + type: string + regexMatch: + description: 'Required. The value of the header must + match the regular expression specified in regexMatch. + For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript + For matching against a port specified in the HTTP + request, use a headerMatch with headerName set to + Host and a regular expression that satisfies the + RFC2616 Host header''s port specifier.' + type: string + required: + - headerName + - regexMatch + type: object + methods: + description: Optional. A list of HTTP methods to match. + Should not be set for gRPC services. + items: + type: string + type: array + ports: + description: Required. List of destination ports to match. + items: + format: int64 + type: integer + type: array + required: + - hosts + - ports + type: object + type: array + sources: + description: Optional. List of attributes for the traffic source. + If not set, the action specified in the ‘action’ field will + be applied without any rule checks for the source. + items: + properties: + ipBlocks: + description: Optional. List of CIDR ranges to match based + on source IP address. Single IP (e.g., "1.2.3.4") and + CIDR (e.g., "1.2.3.0/24") are supported. + items: + type: string + type: array + principals: + description: Optional. List of peer identities to match + for authorization. Each peer can be an exact match, + or a prefix match (example, “namespace/*”) or a suffix + match (example, */service-account”) or a presence match + “*”. + items: + type: string + type: array + type: object + type: array + type: object + type: array + required: + - action + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networksecurityclienttlspolicies.networksecurity.cnrm.cloud.google.com +spec: + group: networksecurity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkSecurityClientTLSPolicy + plural: networksecurityclienttlspolicies + shortNames: + - gcpnetworksecurityclienttlspolicy + - gcpnetworksecurityclienttlspolicies + singular: networksecurityclienttlspolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clientCertificate: + description: Optional. Defines a mechanism to provision client identity + (public and private keys) for peer to peer authentication. The presence + of this dictates mTLS. + properties: + certificateProviderInstance: + description: The certificate provider instance specification that + will be passed to the data plane, which will be used to load + necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC server + to obtain the cert and private key. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri + type: object + type: object + description: + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serverValidationCa: + description: Required. Defines the mechanism to obtain the Certificate + Authority certificate to validate the server certificate. + items: + properties: + certificateProviderInstance: + description: The certificate provider instance specification + that will be passed to the data plane, which will be used + to load necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC + server to obtain the CA certificate. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri + type: object + type: object + type: array + sni: + description: 'Optional. Server Name Indication string to present to + the server during TLS handshake. E.g: "secure.example.com".' + type: string + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networksecurityservertlspolicies.networksecurity.cnrm.cloud.google.com +spec: + group: networksecurity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkSecurityServerTLSPolicy + plural: networksecurityservertlspolicies + shortNames: + - gcpnetworksecurityservertlspolicy + - gcpnetworksecurityservertlspolicies + singular: networksecurityservertlspolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + allowOpen: + description: Optional. Determines if server allows plaintext connections. + If set to true, server allows plain text connections. By default, + it is set to false. This setting is not exclusive of other encryption + modes. For example, if allow_open and mtls_policy are set, server + allows both plain text and mTLS connections. See documentation of + other encryption modes to confirm compatibility. + type: boolean + description: + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource + type: string + mtlsPolicy: + description: Optional. Defines a mechanism to provision peer validation + certificates for peer to peer authentication (Mutual TLS - mTLS). + If not specified, client certificate will not be requested. The + connection is treated as TLS and not mTLS. If allow_open and mtls_policy + are set, server allows both plain text and mTLS connections. + properties: + clientValidationCa: + description: Required. Defines the mechanism to obtain the Certificate + Authority certificate to validate the client certificate. + items: + properties: + certificateProviderInstance: + description: The certificate provider instance specification + that will be passed to the data plane, which will be used + to load necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to + locate and load CertificateProvider instance configuration. + Set to "google_cloud_private_spiffe" to use Certificate + Authority Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC + server to obtain the CA certificate. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with + “unix:”. + type: string + required: + - targetUri + type: object + type: object + type: array + required: + - clientValidationCa + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serverCertificate: + description: Optional. Defines a mechanism to provision server identity + (public and private keys). Cannot be combined with allow_open as + a permissive mode that allows both plain text and TLS is not supported. + properties: + certificateProviderInstance: + description: The certificate provider instance specification that + will be passed to the data plane, which will be used to load + necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC server + to obtain the cert and private key. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri + type: object + type: object + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: networkservicesedgecachekeysets.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesEdgeCacheKeyset + plural: networkservicesedgecachekeysets + shortNames: + - gcpnetworkservicesedgecachekeyset + - gcpnetworkservicesedgecachekeysets + singular: networkservicesedgecachekeyset + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + publicKey: + description: |- + An ordered list of Ed25519 public keys to use for validating signed requests. + You must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first. + You may specify no more than one Google-managed public key. + If you specify 'public_keys', you must specify at least one (1) key and may specify up to three (3) keys. + + Ed25519 public keys are not secret, and only allow Google to validate a request was signed by your corresponding private key. + Ensure that the private key is kept secret, and that only authorized users can add public keys to a keyset. + items: + properties: + id: + description: |- + The ID of the public key. The ID must be 1-63 characters long, and comply with RFC1035. + The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* + which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. + type: string + managed: + description: Set to true to have the CDN automatically manage + this public key value. + type: boolean + value: + description: |- + The base64-encoded value of the Ed25519 public key. The base64 encoding can be padded (44 bytes) or unpadded (43 bytes). + Representations or encodings of the public key other than this will be rejected with an error. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be + extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - id + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + validationSharedKeys: + description: |- + An ordered list of shared keys to use for validating signed requests. + Shared keys are secret. Ensure that only authorized users can add 'validation_shared_keys' to a keyset. + You can rotate keys by appending (pushing) a new key to the list of 'validation_shared_keys' and removing any superseded keys. + You must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first. + items: + properties: + secretVersion: + description: |- + The name of the secret version in Secret Manager. + + The resource name of the secret version must be in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the secrets themselves. + The secrets must be at least 16 bytes large. The recommended secret size depends on the signature algorithm you are using. + * If you are using HMAC-SHA1, we suggest 20-byte secrets. + * If you are using HMAC-SHA256, we suggest 32-byte secrets. + See RFC 2104, Section 3 for more details on these recommendations. + type: string + required: + - secretVersion + type: object + type: array + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: networkservicesedgecacheorigins.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesEdgeCacheOrigin + plural: networkservicesedgecacheorigins + shortNames: + - gcpnetworkservicesedgecacheorigin + - gcpnetworkservicesedgecacheorigins + singular: networkservicesedgecacheorigin + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + awsV4Authentication: + description: Enable AWS Signature Version 4 origin authentication. + properties: + accessKeyId: + description: The access key ID your origin uses to identify the + key. + type: string + originRegion: + description: The name of the AWS region that your origin is in. + type: string + secretAccessKeyVersion: + description: |- + The Secret Manager secret version of the secret access key used by your origin. + + This is the resource name of the secret version in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the project, secret, and version you require. + type: string + required: + - accessKeyId + - originRegion + - secretAccessKeyVersion + type: object + description: + description: A human-readable description of the resource. + type: string + failoverOrigin: + description: |- + The Origin resource to try when the current origin cannot be reached. + After maxAttempts is reached, the configured failoverOrigin will be used to fulfil the request. + + The value of timeout.maxAttemptsTimeout dictates the timeout across all origins. + A reference to a Topic resource. + type: string + maxAttempts: + description: |- + The maximum number of attempts to cache fill from this origin. Another attempt is made when a cache fill fails with one of the retryConditions. + + Once maxAttempts to this origin have failed the failoverOrigin will be used, if one is specified. That failoverOrigin may specify its own maxAttempts, + retryConditions and failoverOrigin to control its own cache fill failures. + + The total number of allowed attempts to cache fill across this and failover origins is limited to four. + The total time allowed for cache fill attempts across this and failover origins can be controlled with maxAttemptsTimeout. + + The last valid, non-retried response from all origins will be returned to the client. + If no origin returns a valid response, an HTTP 502 will be returned to the client. + + Defaults to 1. Must be a value greater than 0 and less than 4. + type: integer + originAddress: + description: |- + A fully qualified domain name (FQDN) or IP address reachable over the public Internet, or the address of a Google Cloud Storage bucket. + + This address will be used as the origin for cache requests - e.g. FQDN: media-backend.example.com, IPv4: 35.218.1.1, IPv6: 2607:f8b0:4012:809::200e, Cloud Storage: gs://bucketname + + When providing an FQDN (hostname), it must be publicly resolvable (e.g. via Google public DNS) and IP addresses must be publicly routable. It must not contain a protocol (e.g., https://) and it must not contain any slashes. + If a Cloud Storage bucket is provided, it must be in the canonical "gs://bucketname" format. Other forms, such as "storage.googleapis.com", will be rejected. + type: string + originOverrideAction: + description: |- + The override actions, including url rewrites and header + additions, for requests that use this origin. + properties: + headerAction: + description: |- + The header actions, including adding and removing + headers, for request handled by this origin. + properties: + requestHeadersToAdd: + description: |- + Describes a header to add. + + You may add a maximum of 25 request headers. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + Whether to replace all existing headers with the same name. + + By default, added header values are appended + to the response or request headers with the + same field names. The added values are + separated by commas. + + To overwrite existing values, set 'replace' to 'true'. + type: boolean + required: + - headerName + - headerValue + type: object + type: array + type: object + urlRewrite: + description: |- + The URL rewrite configuration for request that are + handled by this origin. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected + origin, the request's host header is replaced with + contents of the hostRewrite. + + This value must be between 1 and 255 characters. + type: string + type: object + type: object + originRedirect: + description: Follow redirects from this origin. + properties: + redirectConditions: + description: |- + The set of redirect response codes that the CDN + follows. Values of + [RedirectConditions](https://cloud.google.com/media-cdn/docs/reference/rest/v1/projects.locations.edgeCacheOrigins#redirectconditions) + are accepted. + items: + type: string + type: array + type: object + port: + description: |- + The port to connect to the origin on. + Defaults to port 443 for HTTP2 and HTTPS protocols, and port 80 for HTTP. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + protocol: + description: |- + The protocol to use to connect to the configured origin. Defaults to HTTP2, and it is strongly recommended that users use HTTP2 for both security & performance. + + When using HTTP2 or HTTPS as the protocol, a valid, publicly-signed, unexpired TLS (SSL) certificate must be presented by the origin server. Possible values: ["HTTP2", "HTTPS", "HTTP"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retryConditions: + description: |- + Specifies one or more retry conditions for the configured origin. + + If the failure mode during a connection attempt to the origin matches the configured retryCondition(s), + the origin request will be retried up to maxAttempts times. The failoverOrigin, if configured, will then be used to satisfy the request. + + The default retryCondition is "CONNECT_FAILURE". + + retryConditions apply to this origin, and not subsequent failoverOrigin(s), + which may specify their own retryConditions and maxAttempts. + + Valid values are: + + - CONNECT_FAILURE: Retry on failures connecting to origins, for example due to connection timeouts. + - HTTP_5XX: Retry if the origin responds with any 5xx response code, or if the origin does not respond at all, example: disconnects, reset, read timeout, connection failure, and refused streams. + - GATEWAY_ERROR: Similar to 5xx, but only applies to response codes 502, 503 or 504. + - RETRIABLE_4XX: Retry for retriable 4xx response codes, which include HTTP 409 (Conflict) and HTTP 429 (Too Many Requests) + - NOT_FOUND: Retry if the origin returns a HTTP 404 (Not Found). This can be useful when generating video content, and the segment is not available yet. + - FORBIDDEN: Retry if the origin returns a HTTP 403 (Forbidden). Possible values: ["CONNECT_FAILURE", "HTTP_5XX", "GATEWAY_ERROR", "RETRIABLE_4XX", "NOT_FOUND", "FORBIDDEN"]. + items: + type: string + type: array + timeout: + description: The connection and HTTP timeout configuration for this + origin. + properties: + connectTimeout: + description: |- + The maximum duration to wait for a single origin connection to be established, including DNS lookup, TLS handshake and TCP/QUIC connection establishment. + + Defaults to 5 seconds. The timeout must be a value between 1s and 15s. + + The connectTimeout capped by the deadline set by the request's maxAttemptsTimeout. The last connection attempt may have a smaller connectTimeout in order to adhere to the overall maxAttemptsTimeout. + type: string + maxAttemptsTimeout: + description: |- + The maximum time across all connection attempts to the origin, including failover origins, before returning an error to the client. A HTTP 504 will be returned if the timeout is reached before a response is returned. + + Defaults to 15 seconds. The timeout must be a value between 1s and 30s. + + If a failoverOrigin is specified, the maxAttemptsTimeout of the first configured origin sets the deadline for all connection attempts across all failoverOrigins. + type: string + readTimeout: + description: |- + The maximum duration to wait between reads of a single HTTP connection/stream. + + Defaults to 15 seconds. The timeout must be a value between 1s and 30s. + + The readTimeout is capped by the responseTimeout. All reads of the HTTP connection/stream must be completed by the deadline set by the responseTimeout. + + If the response headers have already been written to the connection, the response will be truncated and logged. + type: string + responseTimeout: + description: |- + The maximum duration to wait for the last byte of a response to arrive when reading from the HTTP connection/stream. + + Defaults to 30 seconds. The timeout must be a value between 1s and 120s. + + The responseTimeout starts after the connection has been established. + + This also applies to HTTP Chunked Transfer Encoding responses, and/or when an open-ended Range request is made to the origin. Origins that take longer to write additional bytes to the response than the configured responseTimeout will result in an error being returned to the client. + + If the response headers have already been written to the connection, the response will be truncated and logged. + type: string + type: object + required: + - originAddress + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: networkservicesedgecacheservices.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesEdgeCacheService + plural: networkservicesedgecacheservices + shortNames: + - gcpnetworkservicesedgecacheservice + - gcpnetworkservicesedgecacheservices + singular: networkservicesedgecacheservice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. + type: string + disableHttp2: + description: |- + Disables HTTP/2. + + HTTP/2 (h2) is enabled by default and recommended for performance. HTTP/2 improves connection re-use and reduces connection setup overhead by sending multiple streams over the same connection. + + Some legacy HTTP clients may have issues with HTTP/2 connections due to broken HTTP/2 implementations. Setting this to true will prevent HTTP/2 from being advertised and negotiated. + type: boolean + disableQuic: + description: HTTP/3 (IETF QUIC) and Google QUIC are enabled by default. + type: boolean + edgeSecurityPolicy: + description: Resource URL that points at the Cloud Armor edge security + policy that is applied on each request against the EdgeCacheService. + type: string + edgeSslCertificates: + description: |- + URLs to sslCertificate resources that are used to authenticate connections between users and the EdgeCacheService. + + Note that only "global" certificates with a "scope" of "EDGE_CACHE" can be attached to an EdgeCacheService. + items: + type: string + type: array + logConfig: + description: Specifies the logging options for the traffic served + by this service. If logging is enabled, logs will be exported to + Cloud Logging. + properties: + enable: + description: Specifies whether to enable logging for traffic served + by this service. + type: boolean + sampleRate: + description: |- + Configures the sampling rate of requests, where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0, and the value of the field must be in [0, 1]. + + This field can only be specified if logging is enabled for this service. + type: number + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + requireTls: + description: |- + Require TLS (HTTPS) for all clients connecting to this service. + + Clients who connect over HTTP (port 80) will receive a HTTP 301 to the same URL over HTTPS (port 443). + You must have at least one (1) edgeSslCertificate specified to enable this. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routing: + description: Defines how requests are routed, modified, cached and/or + which origin content is filled from. + properties: + hostRule: + description: The list of hostRules to match against. These rules + define which hostnames the EdgeCacheService will match against, + and which route configurations apply. + items: + properties: + description: + description: A human-readable description of the hostRule. + type: string + hosts: + description: |- + The list of host patterns to match. + + Host patterns must be valid hostnames. Ports are not allowed. Wildcard hosts are supported in the suffix or prefix form. * matches any string of ([a-z0-9-.]*). It does not match the empty string. + + When multiple hosts are specified, hosts are matched in the following priority: + + 1. Exact domain names: ''www.foo.com''. + 2. Suffix domain wildcards: ''*.foo.com'' or ''*-bar.foo.com''. + 3. Prefix domain wildcards: ''foo.*'' or ''foo-*''. + 4. Special wildcard ''*'' matching any domain. + + Notes: + + The wildcard will not match the empty string. e.g. ''*-bar.foo.com'' will match ''baz-bar.foo.com'' but not ''-bar.foo.com''. The longest wildcards match first. Only a single host in the entire service can match on ''*''. A domain must be unique across all configured hosts within a service. + + Hosts are matched against the HTTP Host header, or for HTTP/2 and HTTP/3, the ":authority" header, from the incoming request. + + You may specify up to 10 hosts. + items: + type: string + type: array + pathMatcher: + description: The name of the pathMatcher associated with + this hostRule. + type: string + required: + - hosts + - pathMatcher + type: object + type: array + pathMatcher: + description: The list of pathMatchers referenced via name by hostRules. + PathMatcher is used to match the path portion of the URL when + a HostRule matches the URL's host portion. + items: + properties: + description: + description: A human-readable description of the resource. + type: string + name: + description: The name to which this PathMatcher is referred + by the HostRule. + type: string + routeRule: + description: The routeRules to match against. routeRules + support advanced routing behaviour, and can match on paths, + headers and query parameters, as well as status codes + and HTTP methods. + items: + properties: + description: + description: A human-readable description of the routeRule. + type: string + headerAction: + description: The header actions, including adding + & removing headers, for requests that match this + route. + properties: + requestHeaderToAdd: + description: Describes a header to add. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: Whether to replace all existing + headers with the same name. + type: boolean + required: + - headerName + - headerValue + type: object + type: array + requestHeaderToRemove: + description: A list of header names for headers + that need to be removed from the request prior + to forwarding the request to the origin. + items: + properties: + headerName: + description: The name of the header to remove. + type: string + required: + - headerName + type: object + type: array + responseHeaderToAdd: + description: |- + Headers to add to the response prior to sending it back to the client. + + Response headers are only sent to the client, and do not have an effect on the cache serving the response. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: Whether to replace all existing + headers with the same name. + type: boolean + required: + - headerName + - headerValue + type: object + type: array + responseHeaderToRemove: + description: A list of header names for headers + that need to be removed from the request prior + to forwarding the request to the origin. + items: + properties: + headerName: + description: |- + Headers to remove from the response prior to sending it back to the client. + + Response headers are only sent to the client, and do not have an effect on the cache serving the response. + type: string + required: + - headerName + type: object + type: array + type: object + matchRule: + description: |- + The list of criteria for matching attributes of a request to this routeRule. This list has OR semantics: the request matches this routeRule when any of the matchRules are satisfied. However predicates + within a given matchRule have AND semantics. All predicates within a matchRule must match for the request to match the rule. + items: + properties: + fullPathMatch: + description: For satisfying the matchRule condition, + the path of the request must exactly match + the value specified in fullPathMatch after + removing any query parameters and anchor that + may be part of the original URL. + type: string + headerMatch: + description: Specifies a list of header match + criteria, all of which must match corresponding + headers in the request. + items: + properties: + exactMatch: + description: The value of the header should + exactly match contents of exactMatch. + type: string + headerName: + description: The header name to match + on. + type: string + invertMatch: + description: |- + If set to false (default), the headerMatch is considered a match if the match criteria above are met. + If set to true, the headerMatch is considered a match if the match criteria above are NOT met. + type: boolean + prefixMatch: + description: The value of the header must + start with the contents of prefixMatch. + type: string + presentMatch: + description: A header with the contents + of headerName must exist. The match + takes place whether or not the request's + header has a value. + type: boolean + suffixMatch: + description: The value of the header must + end with the contents of suffixMatch. + type: string + required: + - headerName + type: object + type: array + ignoreCase: + description: Specifies that prefixMatch and + fullPathMatch matches are case sensitive. + type: boolean + pathTemplateMatch: + description: |- + For satisfying the matchRule condition, the path of the request + must match the wildcard pattern specified in pathTemplateMatch + after removing any query parameters and anchor that may be part + of the original URL. + + pathTemplateMatch must be between 1 and 255 characters + (inclusive). The pattern specified by pathTemplateMatch may + have at most 5 wildcard operators and at most 5 variable + captures in total. + type: string + prefixMatch: + description: For satisfying the matchRule condition, + the request's path must begin with the specified + prefixMatch. prefixMatch must begin with a + /. + type: string + queryParameterMatch: + description: Specifies a list of query parameter + match criteria, all of which must match corresponding + query parameters in the request. + items: + properties: + exactMatch: + description: The queryParameterMatch matches + if the value of the parameter exactly + matches the contents of exactMatch. + type: string + name: + description: The name of the query parameter + to match. The query parameter must exist + in the request, in the absence of which + the request match fails. + type: string + presentMatch: + description: Specifies that the queryParameterMatch + matches if the request contains the + query parameter, irrespective of whether + the parameter has a value or not. + type: boolean + required: + - name + type: object + type: array + type: object + type: array + origin: + description: |- + The Origin resource that requests to this route should fetch from when a matching response is not in cache. Origins can be defined as short names ("my-origin") or fully-qualified resource URLs - e.g. "networkservices.googleapis.com/projects/my-project/global/edgecacheorigins/my-origin" + + Only one of origin or urlRedirect can be set. + type: string + priority: + description: |- + The priority of this route rule, where 1 is the highest priority. + + You cannot configure two or more routeRules with the same priority. Priority for each rule must be set to a number between 1 and 999 inclusive. + + Priority numbers can have gaps, which enable you to add or remove rules in the future without affecting the rest of the rules. For example, 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers + to which you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the future without any impact on existing rules. + type: string + routeAction: + description: In response to a matching path, the routeAction + performs advanced routing actions like URL rewrites, + header transformations, etc. prior to forwarding + the request to the selected origin. + properties: + cdnPolicy: + description: The policy to use for defining caching + and signed request behaviour for requests that + match this route. + properties: + addSignatures: + description: |- + Enable signature generation or propagation on this route. + + This field may only be specified when signedRequestMode is set to REQUIRE_TOKENS. + properties: + actions: + description: 'The actions to take to add + signatures to responses. Possible values: + ["GENERATE_COOKIE", "GENERATE_TOKEN_HLS_COOKIELESS", + "PROPAGATE_TOKEN_HLS_COOKIELESS"].' + items: + type: string + type: array + copiedParameters: + description: |- + The parameters to copy from the verified token to the generated token. + + Only the following parameters may be copied: + + * 'PathGlobs' + * 'paths' + * 'acl' + * 'URLPrefix' + * 'IPRanges' + * 'SessionID' + * 'id' + * 'Data' + * 'data' + * 'payload' + * 'Headers' + + You may specify up to 6 parameters to copy. A given parameter is be copied only if the parameter exists in the verified token. Parameter names are matched exactly as specified. The order of the parameters does not matter. Duplicates are not allowed. + + This field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. + items: + type: string + type: array + keyset: + description: |- + The keyset to use for signature generation. + + The following are both valid paths to an EdgeCacheKeyset resource: + + * 'projects/project/locations/global/edgeCacheKeysets/yourKeyset' + * 'yourKeyset' + + This must be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. This field may not be specified otherwise. + type: string + tokenQueryParameter: + description: |- + The query parameter in which to put the generated token. + + If not specified, defaults to 'edge-cache-token'. + + If specified, the name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. + + This field may only be set when the GENERATE_TOKEN_HLS_COOKIELESS or PROPAGATE_TOKEN_HLS_COOKIELESS actions are specified. + type: string + tokenTtl: + description: |- + The duration the token is valid starting from the moment the token is first generated. + + Defaults to '86400s' (1 day). + + The TTL must be >= 0 and <= 604,800 seconds (1 week). + + This field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + required: + - actions + type: object + cacheKeyPolicy: + description: Defines the request parameters + that contribute to the cache key. + properties: + excludeHost: + description: |- + If true, requests to different hosts will be cached separately. + + Note: this should only be enabled if hosts share the same origin and content. Removing the host from the cache key may inadvertently result in different objects being cached than intended, depending on which route the first user matched. + type: boolean + excludeQueryString: + description: |- + If true, exclude query string parameters from the cache key + + If false (the default), include the query string parameters in + the cache key according to includeQueryParameters and + excludeQueryParameters. If neither includeQueryParameters nor + excludeQueryParameters is set, the entire query string will be + included. + type: boolean + excludedQueryParameters: + description: |- + Names of query string parameters to exclude from cache keys. All other parameters will be included. + + Either specify includedQueryParameters or excludedQueryParameters, not both. '&' and '=' will be percent encoded and not treated as delimiters. + items: + type: string + type: array + includeProtocol: + description: If true, http and https requests + will be cached separately. + type: boolean + includedCookieNames: + description: |- + Names of Cookies to include in cache keys. The cookie name and cookie value of each cookie named will be used as part of the cache key. + + Cookie names: + - must be valid RFC 6265 "cookie-name" tokens + - are case sensitive + - cannot start with "Edge-Cache-" (case insensitive) + + Note that specifying several cookies, and/or cookies that have a large range of values (e.g., per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance. + + You may specify up to three cookie names. + items: + type: string + type: array + includedHeaderNames: + description: |- + Names of HTTP request headers to include in cache keys. The value of the header field will be used as part of the cache key. + + - Header names must be valid HTTP RFC 7230 header field values. + - Header field names are case insensitive + - To include the HTTP method, use ":method" + + Note that specifying several headers, and/or headers that have a large range of values (e.g. per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance. + items: + type: string + type: array + includedQueryParameters: + description: |- + Names of query string parameters to include in cache keys. All other parameters will be excluded. + + Either specify includedQueryParameters or excludedQueryParameters, not both. '&' and '=' will be percent encoded and not treated as delimiters. + items: + type: string + type: array + type: object + cacheMode: + description: |- + Cache modes allow users to control the behaviour of the cache, what content it should cache automatically, whether to respect origin headers, or whether to unconditionally cache all responses. + + For all cache modes, Cache-Control headers will be passed to the client. Use clientTtl to override what is sent to the client. Possible values: ["CACHE_ALL_STATIC", "USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "BYPASS_CACHE"]. + type: string + clientTtl: + description: |- + Specifies a separate client (e.g. browser client) TTL, separate from the TTL used by the edge caches. Leaving this empty will use the same cache TTL for both the CDN and the client-facing response. + + - The TTL must be > 0 and <= 86400s (1 day) + - The clientTtl cannot be larger than the defaultTtl (if set) + - Fractions of a second are not allowed. + + Omit this field to use the defaultTtl, or the max-age set by the origin, as the client-facing TTL. + + When the cache mode is set to "USE_ORIGIN_HEADERS" or "BYPASS_CACHE", you must omit this field. + A duration in seconds terminated by 's'. Example: "3s". + type: string + defaultTtl: + description: |- + Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). + + Defaults to 3600s (1 hour). + + - The TTL must be >= 0 and <= 31,536,000 seconds (1 year) + - Setting a TTL of "0" means "always revalidate" (equivalent to must-revalidate) + - The value of defaultTTL cannot be set to a value greater than that of maxTTL. + - Fractions of a second are not allowed. + - When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. + + Note that infrequently accessed objects may be evicted from the cache before the defined TTL. Objects that expire will be revalidated with the origin. + + When the cache mode is set to "USE_ORIGIN_HEADERS" or "BYPASS_CACHE", you must omit this field. + + A duration in seconds terminated by 's'. Example: "3s". + type: string + maxTtl: + description: |- + Specifies the maximum allowed TTL for cached content served by this origin. + + Defaults to 86400s (1 day). + + Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTtl seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. + + - The TTL must be >= 0 and <= 31,536,000 seconds (1 year) + - Setting a TTL of "0" means "always revalidate" + - The value of maxTtl must be equal to or greater than defaultTtl. + - Fractions of a second are not allowed. + + When the cache mode is set to "USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", or "BYPASS_CACHE", you must omit this field. + + A duration in seconds terminated by 's'. Example: "3s". + type: string + negativeCaching: + description: |- + Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. + + By default, the CDNPolicy will apply the following default TTLs to these status codes: + + - HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m + - HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s + - HTTP 405 (Method Not Found), 414 (URI Too Long), 501 (Not Implemented): 60s + + These defaults can be overridden in negativeCachingPolicy. + type: boolean + negativeCachingPolicy: + additionalProperties: + type: string + description: |- + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + + - Omitting the policy and leaving negativeCaching enabled will use the default TTLs for each status code, defined in negativeCaching. + - TTLs must be >= 0 (where 0 is "always revalidate") and <= 86400s (1 day) + + Note that when specifying an explicit negativeCachingPolicy, you should take care to specify a cache TTL for all response codes that you wish to cache. The CDNPolicy will not apply any default negative caching when a policy exists. + type: object + signedRequestKeyset: + description: The EdgeCacheKeyset containing + the set of public keys used to validate + signed requests at the edge. + type: string + signedRequestMaximumExpirationTtl: + description: |- + Limit how far into the future the expiration time of a signed request may be. + + When set, a signed request is rejected if its expiration time is later than now + signedRequestMaximumExpirationTtl, where now is the time at which the signed request is first handled by the CDN. + + - The TTL must be > 0. + - Fractions of a second are not allowed. + + By default, signedRequestMaximumExpirationTtl is not set and the expiration time of a signed request may be arbitrarily far into future. + type: string + signedRequestMode: + description: |- + Whether to enforce signed requests. The default value is DISABLED, which means all content is public, and does not authorize access. + + You must also set a signedRequestKeyset to enable signed requests. + + When set to REQUIRE_SIGNATURES, all matching requests will have their signature validated. Requests that were not signed with the corresponding private key, or that are otherwise invalid (expired, do not match the signature, IP address, or header) will be rejected with a HTTP 403 and (if enabled) logged. Possible values: ["DISABLED", "REQUIRE_SIGNATURES", "REQUIRE_TOKENS"]. + type: string + signedTokenOptions: + description: |- + Additional options for signed tokens. + + signedTokenOptions may only be specified when signedRequestMode is REQUIRE_TOKENS. + properties: + allowedSignatureAlgorithms: + description: |- + The allowed signature algorithms to use. + + Defaults to using only ED25519. + + You may specify up to 3 signature algorithms to use. Possible values: ["ED25519", "HMAC_SHA_256", "HMAC_SHA1"]. + items: + type: string + type: array + tokenQueryParameter: + description: |- + The query parameter in which to find the token. + + The name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. + + Defaults to 'edge-cache-token'. + type: string + type: object + type: object + corsPolicy: + description: CORSPolicy defines Cross-Origin-Resource-Sharing + configuration, including which CORS response + headers will be set. + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. + + This translates to the Access-Control-Allow-Credentials response header. + type: boolean + allowHeaders: + description: Specifies the content for the + Access-Control-Allow-Headers response header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the + Access-Control-Allow-Methods response header. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + + This translates to the Access-Control-Allow-Origin response header. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy + is disabled. The default value is false, + which indicates that the CORS policy is + in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the + Access-Control-Allow-Headers response header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached by a client in seconds. Note that many browser clients enforce a maximum TTL of 600s (10 minutes). + + - Setting the value to -1 forces a pre-flight check for all requests (not recommended) + - A maximum TTL of 86400s can be set, but note that (as above) some clients may force pre-flight checks at a more regular interval. + - This translates to the Access-Control-Max-Age header. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + required: + - maxAge + type: object + urlRewrite: + description: The URL rewrite configuration for + requests that match this route. + properties: + hostRewrite: + description: Prior to forwarding the request + to the selected origin, the request's host + header is replaced with contents of hostRewrite. + type: string + pathPrefixRewrite: + description: Prior to forwarding the request + to the selected origin, the matching portion + of the request's path is replaced by pathPrefixRewrite. + type: string + pathTemplateRewrite: + description: |- + Prior to forwarding the request to the selected origin, if the + request matched a pathTemplateMatch, the matching portion of the + request's path is replaced re-written using the pattern specified + by pathTemplateRewrite. + + pathTemplateRewrite must be between 1 and 255 characters + (inclusive), must start with a '/', and must only use variables + captured by the route's pathTemplate matchers. + + pathTemplateRewrite may only be used when all of a route's + MatchRules specify pathTemplate. + + Only one of pathPrefixRewrite and pathTemplateRewrite may be + specified. + type: string + type: object + type: object + urlRedirect: + description: The URL redirect configuration for requests + that match this route. + properties: + hostRedirect: + description: The host that will be used in the + redirect response instead of the one that was + supplied in the request. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request. + + This can only be set if there is at least one (1) edgeSslCertificate set on the service. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one that was supplied in the request. + + pathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. + + The path value must be between 1 and 1024 characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the routeRule, retaining the remaining portion of the URL before redirecting the request. + + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. + + The supported values are: + + - 'MOVED_PERMANENTLY_DEFAULT', which is the default value and corresponds to 301. + - 'FOUND', which corresponds to 302. + - 'SEE_OTHER' which corresponds to 303. + - 'TEMPORARY_REDIRECT', which corresponds to 307. in this case, the request method will be retained. + - 'PERMANENT_REDIRECT', which corresponds to 308. in this case, the request method will be retained. Possible values: ["MOVED_PERMANENTLY_DEFAULT", "FOUND", "SEE_OTHER", "TEMPORARY_REDIRECT", "PERMANENT_REDIRECT"]. + type: string + stripQuery: + description: If set to true, any accompanying + query portion of the original URL is removed + prior to redirecting the request. If set to + false, the query portion of the original URL + is retained. + type: boolean + type: object + required: + - matchRule + - priority + type: object + type: array + required: + - name + - routeRule + type: object + type: array + required: + - hostRule + - pathMatcher + type: object + sslPolicy: + description: |- + URL of the SslPolicy resource that will be associated with the EdgeCacheService. + + If not set, the EdgeCacheService has no SSL policy configured, and will default to the "COMPATIBLE" policy. + type: string + required: + - projectRef + - routing + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + ipv4Addresses: + description: The IPv4 addresses associated with this service. Addresses + are static for the lifetime of the service. + items: + type: string + type: array + ipv6Addresses: + description: The IPv6 addresses associated with this service. Addresses + are static for the lifetime of the service. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkservicesendpointpolicies.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesEndpointPolicy + plural: networkservicesendpointpolicies + shortNames: + - gcpnetworkservicesendpointpolicy + - gcpnetworkservicesendpointpolicies + singular: networkservicesendpointpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + authorizationPolicyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint. + + Allowed value: The Google Cloud resource name of a `NetworkSecurityAuthorizationPolicy` resource (format: `projects/{{project}}/locations/{{location}}/authorizationPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + clientTlsPolicyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints. More specifically, it is applied to the outgoing traffic from the proxy to the endpoint. This is typically used for sidecar model where the proxy identifies itself as endpoint to the control plane, with the connection between sidecar and endpoint requiring authentication. If this field is not set, authentication is disabled(open). Applicable only when EndpointPolicyType is SIDECAR_PROXY. + + Allowed value: The Google Cloud resource name of a `NetworkSecurityClientTLSPolicy` resource (format: `projects/{{project}}/locations/{{location}}/clientTlsPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + endpointMatcher: + description: Required. A matcher that selects endpoints to which the + policies should be applied. + properties: + metadataLabelMatcher: + description: The matcher is based on node metadata presented by + xDS clients. + properties: + metadataLabelMatchCriteria: + description: 'Specifies how matching should be done. Supported + values are: MATCH_ANY: At least one of the Labels specified + in the matcher should match the metadata presented by xDS + client. MATCH_ALL: The metadata presented by the xDS client + should contain all of the labels specified here. The selection + is determined based on the best match. For example, suppose + there are three EndpointPolicy resources P1, P2 and P3 and + if P1 has a the matcher as MATCH_ANY , P2 has MATCH_ALL + , and P3 has MATCH_ALL . If a client with label connects, + the config from P1 will be selected. If a client with label + connects, the config from P2 will be selected. If a client + with label connects, the config from P3 will be selected. + If there is more than one best match, (for example, if a + config P4 with selector exists and if a client with label + connects), an error will be thrown. Possible values: METADATA_LABEL_MATCH_CRITERIA_UNSPECIFIED, + MATCH_ANY, MATCH_ALL' + type: string + metadataLabels: + description: The list of label value pairs that must match + labels in the provided metadata based on filterMatchCriteria + This list can have at most 64 entries. The list can be empty + if the match criteria is MATCH_ANY, to specify a wildcard + match (i.e this matches any client). + items: + properties: + labelName: + description: Required. Label name presented as key in + xDS Node Metadata. + type: string + labelValue: + description: Required. Label value presented as value + corresponding to the above key, in xDS Node Metadata. + type: string + required: + - labelName + - labelValue + type: object + type: array + type: object + type: object + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serverTlsPolicyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to determine the authentication policy to be applied to terminate the inbound traffic at the identified backends. If this field is not set, authentication is disabled(open) for this endpoint. + + Allowed value: The Google Cloud resource name of a `NetworkSecurityServerTLSPolicy` resource (format: `projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + trafficPortSelector: + description: Optional. Port selector for the (matched) endpoints. + If no port selector is provided, the matched config is applied to + all ports. + properties: + ports: + description: Optional. A list of ports. Can be port numbers or + port range (example, specifies all ports from 80 to 90, including + 80 and 90) or named ports or * to specify all ports. If the + list is empty, all ports are selected. + items: + type: string + type: array + type: object + type: + description: 'Required. The type of endpoint config. This is primarily + used to validate the configuration. Possible values: ENDPOINT_CONFIG_SELECTOR_TYPE_UNSPECIFIED, + SIDECAR_PROXY, GRPC_SERVER' + type: string + required: + - endpointMatcher + - location + - projectRef + - type + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkservicesgateways.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesGateway + plural: networkservicesgateways + shortNames: + - gcpnetworkservicesgateway + - gcpnetworkservicesgateways + singular: networkservicesgateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addresses: + description: One or more addresses with ports in format of ":" that + the Gateway must receive traffic on. The proxy binds to the ports + specified. IP address can be anything that is allowed by the underlying + infrastructure (auto-allocation, static IP, BYOIP). + items: + type: string + type: array + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + location: + description: Immutable. The location for the resource + type: string + ports: + description: Required. One or more ports that the Gateway must receive + traffic on. The proxy binds to the ports specified. Gateway listen + on 0.0.0.0 on the ports specified below. + items: + format: int64 + type: integer + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + scope: + description: Immutable. Required. Immutable. Scope determines how + configuration across multiple Gateway instances are merged. The + configuration for multiple Gateway instances with the same scope + will be merged as presented as a single coniguration to the proxy/load + balancer. Max length 64 characters. Scope should start with a letter + and can only have letters, numbers, hyphens. + type: string + serverTlsPolicyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated. If empty, TLS termination is disabled. + + Allowed value: The Google Cloud resource name of a `NetworkSecurityServerTLSPolicy` resource (format: `projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: 'Immutable. Immutable. The type of the customer managed + gateway. Possible values: TYPE_UNSPECIFIED, OPEN_MESH, SECURE_WEB_GATEWAY' + type: string + required: + - location + - ports + - projectRef + - scope + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkservicesgrpcroutes.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesGRPCRoute + plural: networkservicesgrpcroutes + shortNames: + - gcpnetworkservicesgrpcroute + - gcpnetworkservicesgrpcroutes + singular: networkservicesgrpcroute + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + gateways: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + hostnames: + description: 'Required. Service hostnames with an optional port for + which this route describes traffic. Format: [:] Hostname is the + fully qualified domain name of a network host. This matches the + RFC 1123 definition of a hostname with 2 notable exceptions: - IPs + are not allowed. - A hostname may be prefixed with a wildcard label + (*.). The wildcard label must appear by itself as the first label. + Hostname can be “precise” which is a domain name without the terminating + dot of a network host (e.g. “foo.example.com”) or “wildcard”, which + is a domain name prefixed with a single wildcard label (e.g. *.example.com). + Note that as per RFC1035 and RFC1123, a label must consist of lower + case alphanumeric characters or ‘-’, and must start and end with + an alphanumeric character. No other punctuation is allowed. The + routes associated with a Router must have unique hostnames. If you + attempt to attach multiple routes with conflicting hostnames, the + configuration will be rejected. For example, while it is acceptable + for routes for the hostnames "*.foo.bar.com" and "*.bar.com" to + be associated with the same route, it is not possible to associate + two routes both with "*.bar.com" or both with "bar.com". In the + case that multiple routes match the hostname, the most specific + match will be selected. For example, "foo.bar.baz.com" will take + precedence over "*.bar.baz.com" and "*.bar.baz.com" will take precedence + over "*.baz.com". If a port is specified, then gRPC clients must + use the channel URI with the port to match this rule (i.e. "xds:///service:123"), + otherwise they must supply the URI without a port (i.e. "xds:///service").' + items: + type: string + type: array + location: + description: Immutable. The location for the resource + type: string + meshes: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesMesh` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Required. A list of detailed rules defining how to route + traffic. Within a single GrpcRoute, the GrpcRoute.RouteAction associated + with the first matching GrpcRoute.RouteRule will be executed. At + least one rule must be supplied. + items: + properties: + action: + description: Required. A detailed rule defining how to route + traffic. This field is required. + properties: + destinations: + description: Optional. The destination services to which + traffic should be forwarded. If multiple destinations + are specified, traffic will be split between Backend Service(s) + according to the weight field of these destinations. + items: + properties: + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URL of a destination service to which to route traffic. Must refer to either a BackendService or ServiceDirectoryService. + + Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + weight: + description: 'Optional. Specifies the proportion of + requests forwarded to the backend referenced by + the serviceName field. This is computed as: weight/Sum(weights + in this destination list). For non-zero values, + there may be some epsilon from the exact proportion + defined here depending on the precision an implementation + supports. If only one serviceName is specified and + it has a weight greater than 0, 100% of the traffic + is forwarded to that backend. If weights are specified + for any one service name, they need to be specified + for all of them. If weights are unspecified for + all services, then, traffic is distributed in equal + proportions to all of them.' + format: int64 + type: integer + required: + - serviceRef + type: object + type: array + faultInjectionPolicy: + description: Optional. The specification for fault injection + introduced into traffic to test the resiliency of clients + to destination service failure. As part of fault injection, + when clients send requests to a destination, delays can + be introduced on a percentage of requests before sending + those requests to the destination service. Similarly requests + from clients can be aborted by for a percentage of requests. + timeout and retry_policy will be ignored by clients that + are configured with a fault_injection_policy + properties: + abort: + description: The specification for aborting to client + requests. + properties: + httpStatus: + description: The HTTP status code used to abort + the request. The value must be between 200 and + 599 inclusive. + format: int64 + type: integer + percentage: + description: The percentage of traffic which will + be aborted. The value must be between [0, 100] + format: int64 + type: integer + type: object + delay: + description: The specification for injecting delay to + client requests. + properties: + fixedDelay: + description: Specify a fixed delay before forwarding + the request. + type: string + percentage: + description: The percentage of traffic on which + delay will be injected. The value must be between + [0, 100] + format: int64 + type: integer + type: object + type: object + retryPolicy: + description: Optional. Specifies the retry policy associated + with this route. + properties: + numRetries: + description: Specifies the allowed number of retries. + This number must be > 0. If not specpfied, default + to 1. + format: int64 + type: integer + retryConditions: + description: '- connect-failure: Router will retry on + failures connecting to Backend Services, for example + due to connection timeouts. - refused-stream: Router + will retry if the backend service resets the stream + with a REFUSED_STREAM error code. This reset type + indicates that it is safe to retry. - cancelled: Router + will retry if the gRPC status code in the response + header is set to cancelled - deadline-exceeded: Router + will retry if the gRPC status code in the response + header is set to deadline-exceeded - resource-exhausted: + Router will retry if the gRPC status code in the response + header is set to resource-exhausted - unavailable: + Router will retry if the gRPC status code in the response + header is set to unavailable' + items: + type: string + type: array + type: object + timeout: + description: Optional. Specifies the timeout for selected + route. Timeout is computed from the time the request has + been fully processed (i.e. end of stream) up until the + response has been completely processed. Timeout includes + all retries. + type: string + type: object + matches: + description: Optional. Matches define conditions used for matching + the rule against incoming gRPC requests. Each match is independent, + i.e. this rule will be matched if ANY one of the matches is + satisfied. If no matches field is specified, this rule will + unconditionally match traffic. + items: + properties: + headers: + description: Optional. Specifies a collection of headers + to match. + items: + properties: + key: + description: Required. The key of the header. + type: string + type: + description: 'Optional. Specifies how to match against + the value of the header. If not specified, a default + value of EXACT is used. Possible values: MATCH_TYPE_UNSPECIFIED, + MATCH_ANY, MATCH_ALL' + type: string + value: + description: Required. The value of the header. + type: string + required: + - key + - value + type: object + type: array + method: + description: Optional. A gRPC method to match against. + If this field is empty or omitted, will match all methods. + properties: + caseSensitive: + description: Optional. Specifies that matches are + case sensitive. The default value is true. case_sensitive + must not be used with a type of REGULAR_EXPRESSION. + type: boolean + grpcMethod: + description: Required. Name of the method to match + against. If unspecified, will match all methods. + type: string + grpcService: + description: Required. Name of the service to match + against. If unspecified, will match all services. + type: string + type: + description: 'Optional. Specifies how to match against + the name. If not specified, a default value of "EXACT" + is used. Possible values: TYPE_UNSPECIFIED, EXACT, + REGULAR_EXPRESSION' + type: string + required: + - grpcMethod + - grpcService + type: object + type: object + type: array + required: + - action + type: object + type: array + required: + - hostnames + - location + - projectRef + - rules + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkserviceshttproutes.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesHTTPRoute + plural: networkserviceshttproutes + shortNames: + - gcpnetworkserviceshttproute + - gcpnetworkserviceshttproutes + singular: networkserviceshttproute + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + gateways: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + hostnames: + description: Required. Hostnames define a set of hosts that should + match against the HTTP host header to select a HttpRoute to process + the request. Hostname is the fully qualified domain name of a network + host, as defined by RFC 1123 with the exception that ip addresses + are not allowed. Wildcard hosts are supported as "*" (no prefix + or suffix allowed). + items: + type: string + type: array + location: + description: Immutable. The location for the resource + type: string + meshes: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesMesh` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Required. Rules that define how traffic is routed and + handled. + items: + properties: + action: + description: The detailed rule defining how to route matched + traffic. + properties: + corsPolicy: + description: The specification for allowing client side + cross-origin requests. + properties: + allowCredentials: + description: In response to a preflight request, setting + this to true indicates that the actual request can + include user credentials. This translates to the Access-Control-Allow-Credentials + header. Default value is false. + type: boolean + allowHeaders: + description: Specifies the content for Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: Specifies the regular expression patterns + that match allowed origins. For regular expression + grammar, please see https://github.com/google/re2/wiki/Syntax. + items: + type: string + type: array + allowOrigins: + description: Specifies the list of origins that will + be allowed to do CORS requests. An origin is allowed + if it matches either an item in allow_origins or an + item in allow_origin_regexes. + items: + type: string + type: array + disabled: + description: If true, the CORS policy is disabled. The + default value is false, which indicates that the CORS + policy is in effect. + type: boolean + exposeHeaders: + description: Specifies the content for Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: Specifies how long result of a preflight + request can be cached in seconds. This translates + to the Access-Control-Max-Age header. + type: string + type: object + destinations: + description: The destination to which traffic should be + forwarded. + items: + properties: + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of a BackendService to route traffic to. + + Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + weight: + description: 'Specifies the proportion of requests + forwarded to the backend referenced by the serviceName + field. This is computed as: weight/Sum(weights in + this destination list). For non-zero values, there + may be some epsilon from the exact proportion defined + here depending on the precision an implementation + supports. If only one serviceName is specified and + it has a weight greater than 0, 100% of the traffic + is forwarded to that backend. If weights are specified + for any one service name, they need to be specified + for all of them. If weights are unspecified for + all services, then, traffic is distributed in equal + proportions to all of them.' + format: int64 + type: integer + type: object + type: array + faultInjectionPolicy: + description: The specification for fault injection introduced + into traffic to test the resiliency of clients to backend + service failure. As part of fault injection, when clients + send requests to a backend service, delays can be introduced + on a percentage of requests before sending those requests + to the backend service. Similarly requests from clients + can be aborted for a percentage of requests. timeout and + retry_policy will be ignored by clients that are configured + with a fault_injection_policy + properties: + abort: + description: The specification for aborting to client + requests. + properties: + httpStatus: + description: The HTTP status code used to abort + the request. The value must be between 200 and + 599 inclusive. + format: int64 + type: integer + percentage: + description: The percentage of traffic which will + be aborted. The value must be between [0, 100] + format: int64 + type: integer + type: object + delay: + description: The specification for injecting delay to + client requests. + properties: + fixedDelay: + description: Specify a fixed delay before forwarding + the request. + type: string + percentage: + description: The percentage of traffic on which + delay will be injected. The value must be between + [0, 100] + format: int64 + type: integer + type: object + type: object + redirect: + description: If set, the request is directed as configured + by this field. + properties: + hostRedirect: + description: The host that will be used in the redirect + response instead of the one that was supplied in the + request. + type: string + httpsRedirect: + description: If set to true, the URL scheme in the redirected + request is set to https. If set to false, the URL + scheme of the redirected request will remain the same + as that of the request. The default is set to false. + type: boolean + pathRedirect: + description: The path that will be used in the redirect + response instead of the one that was supplied in the + request. path_redirect can not be supplied together + with prefix_redirect. Supply one alone or neither. + If neither is supplied, the path of the original request + will be used for the redirect. + type: string + portRedirect: + description: The port that will be used in the redirected + request instead of the one that was supplied in the + request. + format: int64 + type: integer + prefixRewrite: + description: Indicates that during redirection, the + matched prefix (or path) should be swapped with this + value. This option allows URLs be dynamically created + based on the request. + type: string + responseCode: + description: 'The HTTP Status code to use for the redirect. + Possible values: MOVED_PERMANENTLY_DEFAULT, FOUND, + SEE_OTHER, TEMPORARY_REDIRECT, PERMANENT_REDIRECT' + type: string + stripQuery: + description: if set to true, any accompanying query + portion of the original URL is removed prior to redirecting + the request. If set to false, the query portion of + the original URL is retained. The default is set to + false. + type: boolean + type: object + requestHeaderModifier: + description: The specification for modifying the headers + of a matching request prior to delivery of the request + to the destination. + properties: + add: + additionalProperties: + type: string + description: Add the headers with given map where key + is the name of the header, value is the value of the + header. + type: object + remove: + description: Remove headers (matching by header names) + specified in the list. + items: + type: string + type: array + set: + additionalProperties: + type: string + description: Completely overwrite/replace the headers + with given map where key is the name of the header, + value is the value of the header. + type: object + type: object + requestMirrorPolicy: + description: Specifies the policy on how requests intended + for the routes destination are shadowed to a separate + mirrored destination. Proxy will not wait for the shadow + destination to respond before returning the response. + Prior to sending traffic to the shadow service, the host/authority + header is suffixed with -shadow. + properties: + destination: + description: The destination the requests will be mirrored + to. The weight of the destination will be ignored. + properties: + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of a BackendService to route traffic to. + + Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + weight: + description: 'Specifies the proportion of requests + forwarded to the backend referenced by the serviceName + field. This is computed as: weight/Sum(weights + in this destination list). For non-zero values, + there may be some epsilon from the exact proportion + defined here depending on the precision an implementation + supports. If only one serviceName is specified + and it has a weight greater than 0, 100% of the + traffic is forwarded to that backend. If weights + are specified for any one service name, they need + to be specified for all of them. If weights are + unspecified for all services, then, traffic is + distributed in equal proportions to all of them.' + format: int64 + type: integer + type: object + type: object + responseHeaderModifier: + description: The specification for modifying the headers + of a response prior to sending the response back to the + client. + properties: + add: + additionalProperties: + type: string + description: Add the headers with given map where key + is the name of the header, value is the value of the + header. + type: object + remove: + description: Remove headers (matching by header names) + specified in the list. + items: + type: string + type: array + set: + additionalProperties: + type: string + description: Completely overwrite/replace the headers + with given map where key is the name of the header, + value is the value of the header. + type: object + type: object + retryPolicy: + description: Specifies the retry policy associated with + this route. + properties: + numRetries: + description: Specifies the allowed number of retries. + This number must be > 0. If not specified, default + to 1. + format: int64 + type: integer + perTryTimeout: + description: Specifies a non-zero timeout per retry + attempt. + type: string + retryConditions: + description: 'Specifies one or more conditions when + this retry policy applies. Valid values are: 5xx: + Proxy will attempt a retry if the destination service + responds with any 5xx response code, of if the destination + service does not respond at all, example: disconnect, + reset, read timeout, connection failure and refused + streams. gateway-error: Similar to 5xx, but only applies + to response codes 502, 503, 504. reset: Proxy will + attempt a retry if the destination service does not + respond at all (disconnect/reset/read timeout) connect-failure: + Proxy will retry on failures connecting to destination + for example due to connection timeouts. retriable-4xx: + Proxy will retry fro retriable 4xx response codes. + Currently the only retriable error supported is 409. + refused-stream: Proxy will retry if the destination + resets the stream with a REFUSED_STREAM error code. + This reset type indicates that it is safe to retry.' + items: + type: string + type: array + type: object + timeout: + description: Specifies the timeout for selected route. Timeout + is computed from the time the request has been fully processed + (i.e. end of stream) up until the response has been completely + processed. Timeout includes all retries. + type: string + urlRewrite: + description: The specification for rewrite URL before forwarding + requests to the destination. + properties: + hostRewrite: + description: Prior to forwarding the request to the + selected destination, the requests host header is + replaced by this value. + type: string + pathPrefixRewrite: + description: Prior to forwarding the request to the + selected destination, the matching portion of the + requests path is replaced by this value. + type: string + type: object + type: object + matches: + description: A list of matches define conditions used for matching + the rule against incoming HTTP requests. Each match is independent, + i.e. this rule will be matched if ANY one of the matches is + satisfied. + items: + properties: + fullPathMatch: + description: The HTTP request path value should exactly + match this value. Only one of full_path_match, prefix_match, + or regex_match should be used. + type: string + headers: + description: Specifies a list of HTTP request headers + to match against. ALL of the supplied headers must be + matched. + items: + properties: + exactMatch: + description: The value of the header should match + exactly the content of exact_match. + type: string + header: + description: The name of the HTTP header to match + against. + type: string + invertMatch: + description: If specified, the match result will + be inverted before checking. Default value is + set to false. + type: boolean + prefixMatch: + description: The value of the header must start + with the contents of prefix_match. + type: string + presentMatch: + description: A header with header_name must exist. + The match takes place whether or not the header + has a value. + type: boolean + rangeMatch: + description: If specified, the rule will match if + the request header value is within the range. + properties: + end: + description: End of the range (exclusive) + format: int64 + type: integer + start: + description: Start of the range (inclusive) + format: int64 + type: integer + type: object + regexMatch: + description: 'The value of the header must match + the regular expression specified in regex_match. + For regular expression grammar, please see: https://github.com/google/re2/wiki/Syntax' + type: string + suffixMatch: + description: The value of the header must end with + the contents of suffix_match. + type: string + type: object + type: array + ignoreCase: + description: Specifies if prefix_match and full_path_match + matches are case sensitive. The default value is false. + type: boolean + prefixMatch: + description: The HTTP request path value must begin with + specified prefix_match. prefix_match must begin with + a /. Only one of full_path_match, prefix_match, or regex_match + should be used. + type: string + queryParameters: + description: Specifies a list of query parameters to match + against. ALL of the query parameters must be matched. + items: + properties: + exactMatch: + description: The value of the query parameter must + exactly match the contents of exact_match. Only + one of exact_match, regex_match, or present_match + must be set. + type: string + presentMatch: + description: Specifies that the QueryParameterMatcher + matches if request contains query parameter, irrespective + of whether the parameter has a value or not. Only + one of exact_match, regex_match, or present_match + must be set. + type: boolean + queryParameter: + description: The name of the query parameter to + match. + type: string + regexMatch: + description: The value of the query parameter must + match the regular expression specified by regex_match. + For regular expression grammar, please see https://github.com/google/re2/wiki/Syntax + Only one of exact_match, regex_match, or present_match + must be set. + type: string + type: object + type: array + regexMatch: + description: The HTTP request path value must satisfy + the regular expression specified by regex_match after + removing any query parameters and anchor supplied with + the original URL. For regular expression grammar, please + see https://github.com/google/re2/wiki/Syntax Only one + of full_path_match, prefix_match, or regex_match should + be used. + type: string + type: object + type: array + type: object + type: array + required: + - hostnames + - location + - projectRef + - rules + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkservicesmeshes.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesMesh + plural: networkservicesmeshes + shortNames: + - gcpnetworkservicesmesh + - gcpnetworkservicesmeshes + singular: networkservicesmesh + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + interceptionPort: + description: Optional. If set to a valid TCP port (1-65535), instructs + the SIDECAR proxy to listen on the specified port of localhost (127.0.0.1) + address. The SIDECAR proxy will expect all traffic to be redirected + to this port regardless of its actual ip:port destination. If unset, + a port '15001' is used as the interception port. This field is only + valid if the type of Mesh is SIDECAR. + format: int64 + type: integer + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkservicestcproutes.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesTCPRoute + plural: networkservicestcproutes + shortNames: + - gcpnetworkservicestcproute + - gcpnetworkservicestcproutes + singular: networkservicestcproute + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + gateways: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + meshes: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesMesh` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Required. Rules that define how traffic is routed and + handled. At least one RouteRule must be supplied. If there are multiple + rules then the action taken will be the first rule to match. + items: + properties: + action: + description: Required. The detailed rule defining how to route + matched traffic. + properties: + destinations: + description: Optional. The destination services to which + traffic should be forwarded. At least one destination + service is required. + items: + properties: + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URL of a BackendService to route traffic to. + + Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + weight: + description: 'Optional. Specifies the proportion of + requests forwarded to the backend referenced by + the serviceName field. This is computed as: weight/Sum(weights + in this destination list). For non-zero values, + there may be some epsilon from the exact proportion + defined here depending on the precision an implementation + supports. If only one serviceName is specified and + it has a weight greater than 0, 100% of the traffic + is forwarded to that backend. If weights are specified + for any one service name, they need to be specified + for all of them. If weights are unspecified for + all services, then, traffic is distributed in equal + proportions to all of them.' + format: int64 + type: integer + required: + - serviceRef + type: object + type: array + originalDestination: + description: Optional. If true, Router will use the destination + IP and port of the original connection as the destination + of the request. Default is false. + type: boolean + type: object + matches: + description: Optional. RouteMatch defines the predicate used + to match requests to a given action. Multiple match types + are “OR”ed for evaluation. If no routeMatch field is specified, + this rule will unconditionally match traffic. + items: + properties: + address: + description: 'Required. Must be specified in the CIDR + range format. A CIDR range consists of an IP Address + and a prefix length to construct the subnet mask. By + default, the prefix length is 32 (i.e. matches a single + IP address). Only IPV4 addresses are supported. Examples: + “10.0.0.1” - matches against this exact IP address. + “10.0.0.0/8" - matches against any IP address within + the 10.0.0.0 subnet and 255.255.255.0 mask. "0.0.0.0/0" + - matches against any IP address''.' + type: string + port: + description: Required. Specifies the destination port + to match against. + type: string + required: + - address + - port + type: object + type: array + required: + - action + type: object + type: array + required: + - location + - projectRef + - rules + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkservicestlsroutes.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesTLSRoute + plural: networkservicestlsroutes + shortNames: + - gcpnetworkservicestlsroute + - gcpnetworkservicestlsroutes + singular: networkservicestlsroute + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + gateways: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + meshes: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesMesh` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Required. Rules that define how traffic is routed and + handled. At least one RouteRule must be supplied. If there are multiple + rules then the action taken will be the first rule to match. + items: + properties: + action: + description: Required. The detailed rule defining how to route + matched traffic. + properties: + destinations: + description: Required. The destination services to which + traffic should be forwarded. At least one destination + service is required. + items: + properties: + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URL of a BackendService to route traffic to. + + Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + weight: + description: 'Optional. Specifies the proportion of + requests forwareded to the backend referenced by + the service_name field. This is computed as: weight/Sum(weights + in destinations) Weights in all destinations does + not need to sum up to 100.' + format: int64 + type: integer + required: + - serviceRef + type: object + type: array + required: + - destinations + type: object + matches: + description: Required. RouteMatch defines the predicate used + to match requests to a given action. Multiple match types + are "OR"ed for evaluation. + items: + properties: + alpn: + description: 'Optional. ALPN (Application-Layer Protocol + Negotiation) to match against. Examples: "http/1.1", + "h2". At least one of sni_host and alpn is required. + Up to 5 alpns across all matches can be set.' + items: + type: string + type: array + sniHost: + description: Optional. SNI (server name indicator) to + match against. SNI will be matched against all wildcard + domains, i.e. www.example.com will be first matched + against www.example.com, then *.example.com, then *.com. + Partial wildcards are not supported, and values like + *w.example.com are invalid. At least one of sni_host + and alpn is required. Up to 5 sni hosts across all matches + can be set. + items: + type: string + type: array + type: object + type: array + required: + - action + - matches + type: object + type: array + required: + - location + - projectRef + - rules + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: notebooksenvironments.notebooks.cnrm.cloud.google.com +spec: + group: notebooks.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NotebooksEnvironment + plural: notebooksenvironments + shortNames: + - gcpnotebooksenvironment + - gcpnotebooksenvironments + singular: notebooksenvironment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + containerImage: + description: Use a container image to start the notebook instance. + properties: + repository: + description: |- + The path to the container image repository. + For example: gcr.io/{project_id}/{imageName}. + type: string + tag: + description: The tag of the container image. If not specified, + this defaults to the latest tag. + type: string + required: + - repository + type: object + description: + description: A brief description of this environment. + type: string + displayName: + description: Display name of this environment for the UI. + type: string + locationRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `NotebooksLocation` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + postStartupScript: + description: |- + Path to a Bash script that automatically runs after a notebook instance fully boots up. + The path must be a URL or Cloud Storage path. Example: "gs://path-to-file/file-name". + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + vmImage: + description: Use a Compute Engine VM image to start the notebook instance. + properties: + imageFamily: + description: Use this VM image family to find the image; the newest + image in this family will be used. + type: string + imageName: + description: Use VM image name to find the image. + type: string + project: + description: |- + The name of the Google Cloud project that this VM image belongs to. + Format: projects/{project_id}. + type: string + required: + - project + type: object + required: + - locationRef + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Instance creation time. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: orgpolicycustomconstraints.orgpolicy.cnrm.cloud.google.com +spec: + group: orgpolicy.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OrgPolicyCustomConstraint + plural: orgpolicycustomconstraints + shortNames: + - gcporgpolicycustomconstraint + - gcporgpolicycustomconstraints + singular: orgpolicycustomconstraint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + actionType: + description: 'The action to take if the condition is met. Possible + values: ["ALLOW", "DENY"].' + type: string + condition: + description: A CEL condition that refers to a supported service resource, + for example 'resource.management.autoUpgrade == false'. For details + about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language). + type: string + description: + description: A human-friendly description of the constraint to display + as an error message when the policy is violated. + type: string + displayName: + description: A human-friendly name for the constraint. + type: string + methodTypes: + description: A list of RESTful methods for which to enforce the constraint. + Can be 'CREATE', 'UPDATE', or both. Not all Google Cloud services + support both methods. To see supported methods for each service, + find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services). + items: + type: string + type: array + parent: + description: Immutable. The parent of the resource, an organization. + Format should be 'organizations/{organization_id}'. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourceTypes: + description: Immutable. Immutable. The fully qualified name of the + Google Cloud REST resource containing the object and field you want + to restrict. For example, 'container.googleapis.com/NodePool'. + items: + type: string + type: array + required: + - actionType + - condition + - methodTypes + - parent + - resourceTypes + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The timestamp representing when the constraint + was last updated. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: osconfigguestpolicies.osconfig.cnrm.cloud.google.com +spec: + group: osconfig.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OSConfigGuestPolicy + plural: osconfigguestpolicies + shortNames: + - gcposconfigguestpolicy + - gcposconfigguestpolicies + singular: osconfigguestpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + assignment: + description: Specifies the VMs that are assigned this policy. This + allows you to target sets or groups of VMs by different parameters + such as labels, names, OS, or zones. Empty assignments will target + ALL VMs underneath this policy. Conflict Management Policies that + exist higher up in the resource hierarchy (closer to the Org) will + override those lower down if there is a conflict. At the same level + in the resource hierarchy (ie. within a project), the service will + prevent the creation of multiple policies that conflict with each + other. If there are multiple policies that specify the same config + (eg. package, software recipe, repository, etc.), the service will + ensure that no VM could potentially receive instructions from both + policies. To create multiple policies that specify different versions + of a package or different configs for different Operating Systems, + each policy must be mutually exclusive in their targeting according + to labels, OS, or other criteria. Different configs are identified + for conflicts in different ways. Packages are identified by their + name and the package manager(s) they target. Package repositories + are identified by their unique id where applicable. Some package + managers don't have a unique identifier for repositories and where + that's the case, no uniqueness is validated by the service. Note + that if OS Inventory is disabled, a VM will not be assigned a policy + that targets by OS because the service will see this VM's OS as + unknown. + properties: + groupLabels: + description: Targets instances matching at least one of these + label sets. This allows an assignment to target disparate groups, + for example "env=prod or env=staging". + items: + properties: + labels: + additionalProperties: + type: string + description: Google Compute Engine instance labels that + must be present for an instance to be included in this + assignment group. + type: object + type: object + type: array + instanceNamePrefixes: + description: Targets VM instances whose name starts with one of + these prefixes. Like labels, this is another way to group VM + instances when targeting configs, for example prefix="prod-". + Only supported for project-level policies. + items: + type: string + type: array + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + osTypes: + description: Targets VM instances matching at least one of the + following OS types. VM instances must match all supplied criteria + for a given OsType to be included. + items: + properties: + osArchitecture: + description: Targets VM instances with OS Inventory enabled + and having the following OS architecture. + type: string + osShortName: + description: Targets VM instances with OS Inventory enabled + and having the following OS short name, for example "debian" + or "windows". + type: string + osVersion: + description: Targets VM instances with OS Inventory enabled + and having the following following OS version. + type: string + type: object + type: array + zones: + description: Targets instances in any of these zones. Leave empty + to target instances in any zone. Zonal targeting is uncommon + and is supported to facilitate the management of changes by + zone. + items: + type: string + type: array + type: object + description: + description: Description of the GuestPolicy. Length of the description + is limited to 1024 characters. + type: string + packageRepositories: + description: List of package repository configurations assigned to + the VM instance. + items: + properties: + apt: + description: An Apt Repository. + properties: + archiveType: + description: 'Type of archive files in this repository. + The default behavior is DEB. Possible values: ARCHIVE_TYPE_UNSPECIFIED, + DEB, DEB_SRC' + type: string + components: + description: Required. List of components for this repository. + Must contain at least one item. + items: + type: string + type: array + distribution: + description: Required. Distribution of this repository. + type: string + gpgKey: + description: URI of the key file for this repository. The + agent maintains a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` + containing all the keys in any applied guest policy. + type: string + uri: + description: Required. URI for this repository. + type: string + required: + - distribution + - uri + type: object + goo: + description: A Goo Repository. + properties: + name: + description: Required. The name of the repository. + type: string + url: + description: Required. The url of the repository. + type: string + required: + - name + - url + type: object + yum: + description: A Yum Repository. + properties: + baseUrl: + description: Required. The location of the repository directory. + type: string + displayName: + description: The display name of the repository. + type: string + gpgKeys: + description: URIs of GPG keys. + items: + type: string + type: array + id: + description: Required. A one word, unique name for this + repository. This is the `repo id` in the Yum config file + and also the `display_name` if `display_name` is omitted. + This id is also used as the unique identifier when checking + for guest policy conflicts. + type: string + required: + - baseUrl + - id + type: object + zypper: + description: A Zypper Repository. + properties: + baseUrl: + description: Required. The location of the repository directory. + type: string + displayName: + description: The display name of the repository. + type: string + gpgKeys: + description: URIs of GPG keys. + items: + type: string + type: array + id: + description: Required. A one word, unique name for this + repository. This is the `repo id` in the zypper config + file and also the `display_name` if `display_name` is + omitted. This id is also used as the unique identifier + when checking for guest policy conflicts. + type: string + required: + - baseUrl + - id + type: object + type: object + type: array + packages: + description: List of package configurations assigned to the VM instance. + items: + properties: + desiredState: + description: 'The desired_state the agent should maintain for + this package. The default is to ensure the package is installed. + Possible values: DESIRED_STATE_UNSPECIFIED, INSTALLED, REMOVED' + type: string + manager: + description: 'Type of package manager that can be used to install + this package. If a system does not have the package manager, + the package is not installed or removed no error message is + returned. By default, or if you specify `ANY`, the agent attempts + to install and remove this package using the default package + manager. This is useful when creating a policy that applies + to different types of systems. The default behavior is ANY. + Possible values: MANAGER_UNSPECIFIED, ANY, APT, YUM, ZYPPER, + GOO' + type: string + name: + description: Required. The name of the package. A package is + uniquely identified for conflict validation by checking the + package name and the manager(s) that the package targets. + type: string + type: object + type: array + recipes: + description: Optional. A list of Recipes to install on the VM. + items: + properties: + artifacts: + description: Resources available to be used in the steps in + the recipe. + items: + properties: + allowInsecure: + description: 'Defaults to false. When false, recipes are + subject to validations based on the artifact type: Remote: + A checksum must be specified, and only protocols with + transport-layer security are permitted. GCS: An object + generation number must be specified.' + type: boolean + gcs: + description: A Google Cloud Storage artifact. + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Bucket of the Google Cloud Storage object. Given an example URL: `https://storage.googleapis.com/my-bucket/foo/bar#1234567` this value would be `my-bucket`. + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + generation: + description: Must be provided if allow_insecure is + false. Generation number of the Google Cloud Storage + object. `https://storage.googleapis.com/my-bucket/foo/bar#1234567` + this value would be `1234567`. + format: int64 + type: integer + object: + description: 'Name of the Google Cloud Storage object. + As specified [here] (https://cloud.google.com/storage/docs/naming#objectnames) + Given an example URL: `https://storage.googleapis.com/my-bucket/foo/bar#1234567` + this value would be `foo/bar`.' + type: string + type: object + id: + description: Required. Id of the artifact, which the installation + and update steps of this recipe can reference. Artifacts + in a recipe cannot have the same id. + type: string + remote: + description: A generic remote artifact. + properties: + checksum: + description: Must be provided if `allow_insecure` + is `false`. SHA256 checksum in hex format, to compare + to the checksum of the artifact. If the checksum + is not empty and it doesn't match the artifact then + the recipe installation fails before running any + of the steps. + type: string + uri: + description: 'URI from which to fetch the object. + It should contain both the protocol and path following + the format: {protocol}://{location}.' + type: string + type: object + type: object + type: array + desiredState: + description: 'Default is INSTALLED. The desired state the agent + should maintain for this recipe. INSTALLED: The software recipe + is installed on the instance but won''t be updated to new + versions. UPDATED: The software recipe is installed on the + instance. The recipe is updated to a higher version, if a + higher version of the recipe is assigned to this instance. + REMOVE: Remove is unsupported for software recipes and attempts + to create or update a recipe to the REMOVE state is rejected. + Possible values: DESIRED_STATE_UNSPECIFIED, INSTALLED, REMOVED' + type: string + installSteps: + description: Actions to be taken for installing this recipe. + On failure it stops executing steps and does not attempt another + installation. Any steps taken (including partially completed + steps) are not rolled back. + items: + properties: + archiveExtraction: + description: Extracts an archive into the specified directory. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + destination: + description: Directory to extract archive to. Defaults + to `/` on Linux or `C:` on Windows. + type: string + type: + description: 'Required. The type of the archive to + extract. Possible values: TYPE_UNSPECIFIED, VALIDATION, + DESIRED_STATE_CHECK, DESIRED_STATE_ENFORCEMENT, + DESIRED_STATE_CHECK_POST_ENFORCEMENT' + type: string + type: object + dpkgInstallation: + description: Installs a deb file via dpkg. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + type: object + fileCopy: + description: Copies a file onto the instance. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + destination: + description: Required. The absolute path on the instance + to put the file. + type: string + overwrite: + description: Whether to allow this step to overwrite + existing files. If this is false and the file already + exists the file is not overwritten and the step + is considered a success. Defaults to false. + type: boolean + permissions: + description: 'Consists of three octal digits which + represent, in order, the permissions of the owner, + group, and other users for the file (similarly to + the numeric mode used in the linux chmod utility). + Each digit represents a three bit number with the + 4 bit corresponding to the read permissions, the + 2 bit corresponds to the write bit, and the one + bit corresponds to the execute permission. Default + behavior is 755. Below are some examples of permissions + and their associated values: read, write, and execute: + 7 read and execute: 5 read and write: 6 read only: + 4' + type: string + type: object + fileExec: + description: Executes an artifact or local file. + properties: + allowedExitCodes: + description: Defaults to [0]. A list of possible return + values that the program can return to indicate a + success. + items: + format: int64 + type: integer + type: array + args: + description: Arguments to be passed to the provided + executable. + items: + type: string + type: array + artifactId: + description: The id of the relevant artifact in the + recipe. + type: string + localPath: + description: The absolute path of the file on the + local filesystem. + type: string + type: object + msiInstallation: + description: Installs an MSI file. + properties: + allowedExitCodes: + description: Return codes that indicate that the software + installed or updated successfully. Behaviour defaults + to [0] + items: + format: int64 + type: integer + type: array + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + flags: + description: The flags to use when installing the + MSI defaults to ["/i"] (i.e. the install flag). + items: + type: string + type: array + type: object + rpmInstallation: + description: Installs an rpm file via the rpm utility. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + type: object + scriptRun: + description: Runs commands in a shell. + properties: + allowedExitCodes: + description: Return codes that indicate that the software + installed or updated successfully. Behaviour defaults + to [0] + items: + format: int64 + type: integer + type: array + interpreter: + description: 'The script interpreter to use to run + the script. If no interpreter is specified the script + is executed directly, which likely only succeed + for scripts with [shebang lines](https://en.wikipedia.org/wiki/Shebang_(Unix)). + Possible values: INTERPRETER_UNSPECIFIED, NONE, + SHELL, POWERSHELL' + type: string + script: + description: Required. The shell script to be executed. + type: string + type: object + type: object + type: array + name: + description: Required. Unique identifier for the recipe. Only + one recipe with a given name is installed on an instance. + Names are also used to identify resources which helps to determine + whether guest policies have conflicts. This means that requests + to create multiple recipes with the same name and version + are rejected since they could potentially have conflicting + assignments. + type: string + updateSteps: + description: Actions to be taken for updating this recipe. On + failure it stops executing steps and does not attempt another + update for this recipe. Any steps taken (including partially + completed steps) are not rolled back. + items: + properties: + archiveExtraction: + description: Extracts an archive into the specified directory. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + destination: + description: Directory to extract archive to. Defaults + to `/` on Linux or `C:` on Windows. + type: string + type: + description: 'Required. The type of the archive to + extract. Possible values: TYPE_UNSPECIFIED, VALIDATION, + DESIRED_STATE_CHECK, DESIRED_STATE_ENFORCEMENT, + DESIRED_STATE_CHECK_POST_ENFORCEMENT' + type: string + type: object + dpkgInstallation: + description: Installs a deb file via dpkg. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + type: object + fileCopy: + description: Copies a file onto the instance. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + destination: + description: Required. The absolute path on the instance + to put the file. + type: string + overwrite: + description: Whether to allow this step to overwrite + existing files. If this is false and the file already + exists the file is not overwritten and the step + is considered a success. Defaults to false. + type: boolean + permissions: + description: 'Consists of three octal digits which + represent, in order, the permissions of the owner, + group, and other users for the file (similarly to + the numeric mode used in the linux chmod utility). + Each digit represents a three bit number with the + 4 bit corresponding to the read permissions, the + 2 bit corresponds to the write bit, and the one + bit corresponds to the execute permission. Default + behavior is 755. Below are some examples of permissions + and their associated values: read, write, and execute: + 7 read and execute: 5 read and write: 6 read only: + 4' + type: string + type: object + fileExec: + description: Executes an artifact or local file. + properties: + allowedExitCodes: + description: Defaults to [0]. A list of possible return + values that the program can return to indicate a + success. + items: + format: int64 + type: integer + type: array + args: + description: Arguments to be passed to the provided + executable. + items: + type: string + type: array + artifactId: + description: The id of the relevant artifact in the + recipe. + type: string + localPath: + description: The absolute path of the file on the + local filesystem. + type: string + type: object + msiInstallation: + description: Installs an MSI file. + properties: + allowedExitCodes: + description: Return codes that indicate that the software + installed or updated successfully. Behaviour defaults + to [0] + items: + format: int64 + type: integer + type: array + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + flags: + description: The flags to use when installing the + MSI defaults to ["/i"] (i.e. the install flag). + items: + type: string + type: array + type: object + rpmInstallation: + description: Installs an rpm file via the rpm utility. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + type: object + scriptRun: + description: Runs commands in a shell. + properties: + allowedExitCodes: + description: Return codes that indicate that the software + installed or updated successfully. Behaviour defaults + to [0] + items: + format: int64 + type: integer + type: array + interpreter: + description: 'The script interpreter to use to run + the script. If no interpreter is specified the script + is executed directly, which likely only succeed + for scripts with [shebang lines](https://en.wikipedia.org/wiki/Shebang_(Unix)). + Possible values: INTERPRETER_UNSPECIFIED, NONE, + SHELL, POWERSHELL' + type: string + script: + description: Required. The shell script to be executed. + type: string + type: object + type: object + type: array + version: + description: The version of this software recipe. Version can + be up to 4 period separated numbers (e.g. 12.34.56.78). + type: string + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. Time this GuestPolicy was created. + format: date-time + type: string + etag: + description: The etag for this GuestPolicy. If this is provided on + update, it must match the server's etag. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. Last time this GuestPolicy was updated. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: osconfigospolicyassignments.osconfig.cnrm.cloud.google.com +spec: + group: osconfig.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OSConfigOSPolicyAssignment + plural: osconfigospolicyassignments + shortNames: + - gcposconfigospolicyassignment + - gcposconfigospolicyassignments + singular: osconfigospolicyassignment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: OS policy assignment description. Length of the description + is limited to 1024 characters. + type: string + instanceFilter: + description: Required. Filter to select VMs. + properties: + all: + description: Target all VMs in the project. If true, no other + criteria is permitted. + type: boolean + exclusionLabels: + description: List of label sets used for VM exclusion. If the + list has more than one label set, the VM is excluded if any + of the label sets are applicable for the VM. + items: + properties: + labels: + additionalProperties: + type: string + description: Labels are identified by key/value pairs in + this map. A VM should contain all the key/value pairs + specified in this map to be selected. + type: object + type: object + type: array + inclusionLabels: + description: List of label sets used for VM inclusion. If the + list has more than one `LabelSet`, the VM is included if any + of the label sets are applicable for the VM. + items: + properties: + labels: + additionalProperties: + type: string + description: Labels are identified by key/value pairs in + this map. A VM should contain all the key/value pairs + specified in this map to be selected. + type: object + type: object + type: array + inventories: + description: List of inventories to select VMs. A VM is selected + if its inventory data matches at least one of the following + inventories. + items: + properties: + osShortName: + description: Required. The OS short name + type: string + osVersion: + description: The OS version Prefix matches are supported + if asterisk(*) is provided as the last character. For + example, to match all versions with a major version of + `7`, specify the following value for this field `7.*` + An empty string matches all OS versions. + type: string + required: + - osShortName + type: object + type: array + type: object + location: + description: Immutable. The location for the resource + type: string + osPolicies: + description: Required. List of OS policies to be applied to the VMs. + items: + properties: + allowNoResourceGroupMatch: + description: This flag determines the OS policy compliance status + when none of the resource groups within the policy are applicable + for a VM. Set this value to `true` if the policy needs to + be reported as compliant even if the policy has nothing to + validate or enforce. + type: boolean + description: + description: Policy description. Length of the description is + limited to 1024 characters. + type: string + id: + description: 'Required. The id of the OS policy with the following + restrictions: * Must contain only lowercase letters, numbers, + and hyphens. * Must start with a letter. * Must be between + 1-63 characters. * Must end with a number or a letter. * Must + be unique within the assignment.' + type: string + mode: + description: 'Required. Policy mode Possible values: MODE_UNSPECIFIED, + VALIDATION, ENFORCEMENT' + type: string + resourceGroups: + description: Required. List of resource groups for the policy. + For a particular VM, resource groups are evaluated in the + order specified and the first resource group that is applicable + is selected and the rest are ignored. If none of the resource + groups are applicable for a VM, the VM is considered to be + non-compliant w.r.t this policy. This behavior can be toggled + by the flag `allow_no_resource_group_match` + items: + properties: + inventoryFilters: + description: 'List of inventory filters for the resource + group. The resources in this resource group are applied + to the target VM if it satisfies at least one of the + following inventory filters. For example, to apply this + resource group to VMs running either `RHEL` or `CentOS` + operating systems, specify 2 items for the list with + following values: inventory_filters[0].os_short_name=''rhel'' + and inventory_filters[1].os_short_name=''centos'' If + the list is empty, this resource group will be applied + to the target VM unconditionally.' + items: + properties: + osShortName: + description: Required. The OS short name + type: string + osVersion: + description: The OS version Prefix matches are supported + if asterisk(*) is provided as the last character. + For example, to match all versions with a major + version of `7`, specify the following value for + this field `7.*` An empty string matches all OS + versions. + type: string + required: + - osShortName + type: object + type: array + resources: + description: Required. List of resources configured for + this resource group. The resources are executed in the + exact order specified here. + items: + properties: + exec: + description: Exec resource + properties: + enforce: + description: What to run to bring this resource + into the desired state. An exit code of 100 + indicates "success", any other exit code indicates + a failure running enforce. + properties: + args: + description: Optional arguments to pass + to the source during execution. + items: + type: string + type: array + file: + description: A remote or local file. + properties: + allowInsecure: + description: 'Defaults to false. When + false, files are subject to validations + based on the file type: Remote: A + checksum must be specified. Cloud + Storage: An object generation number + must be specified.' + type: boolean + gcs: + description: A Cloud Storage object. + properties: + bucket: + description: Required. Bucket of + the Cloud Storage object. + type: string + generation: + description: Generation number of + the Cloud Storage object. + format: int64 + type: integer + object: + description: Required. Name of the + Cloud Storage object. + type: string + required: + - bucket + - object + type: object + localPath: + description: A local path within the + VM to use. + type: string + remote: + description: A generic remote file. + properties: + sha256Checksum: + description: SHA256 checksum of + the remote file. + type: string + uri: + description: Required. URI from + which to fetch the object. It + should contain both the protocol + and path following the format + `{protocol}://{location}`. + type: string + required: + - uri + type: object + type: object + interpreter: + description: 'Required. The script interpreter + to use. Possible values: INTERPRETER_UNSPECIFIED, + NONE, SHELL, POWERSHELL' + type: string + outputFilePath: + description: Only recorded for enforce Exec. + Path to an output file (that is created + by this Exec) whose content will be recorded + in OSPolicyResourceCompliance after a + successful run. Absence or failure to + read this file will result in this ExecResource + being non-compliant. Output file size + is limited to 100K bytes. + type: string + script: + description: An inline script. The size + of the script is limited to 1024 characters. + type: string + required: + - interpreter + type: object + validate: + description: Required. What to run to validate + this resource is in the desired state. An + exit code of 100 indicates "in desired state", + and exit code of 101 indicates "not in desired + state". Any other exit code indicates a failure + running validate. + properties: + args: + description: Optional arguments to pass + to the source during execution. + items: + type: string + type: array + file: + description: A remote or local file. + properties: + allowInsecure: + description: 'Defaults to false. When + false, files are subject to validations + based on the file type: Remote: A + checksum must be specified. Cloud + Storage: An object generation number + must be specified.' + type: boolean + gcs: + description: A Cloud Storage object. + properties: + bucket: + description: Required. Bucket of + the Cloud Storage object. + type: string + generation: + description: Generation number of + the Cloud Storage object. + format: int64 + type: integer + object: + description: Required. Name of the + Cloud Storage object. + type: string + required: + - bucket + - object + type: object + localPath: + description: A local path within the + VM to use. + type: string + remote: + description: A generic remote file. + properties: + sha256Checksum: + description: SHA256 checksum of + the remote file. + type: string + uri: + description: Required. URI from + which to fetch the object. It + should contain both the protocol + and path following the format + `{protocol}://{location}`. + type: string + required: + - uri + type: object + type: object + interpreter: + description: 'Required. The script interpreter + to use. Possible values: INTERPRETER_UNSPECIFIED, + NONE, SHELL, POWERSHELL' + type: string + outputFilePath: + description: Only recorded for enforce Exec. + Path to an output file (that is created + by this Exec) whose content will be recorded + in OSPolicyResourceCompliance after a + successful run. Absence or failure to + read this file will result in this ExecResource + being non-compliant. Output file size + is limited to 100K bytes. + type: string + script: + description: An inline script. The size + of the script is limited to 1024 characters. + type: string + required: + - interpreter + type: object + required: + - validate + type: object + file: + description: File resource + properties: + content: + description: A a file with this content. The + size of the content is limited to 1024 characters. + type: string + file: + description: A remote or local source. + properties: + allowInsecure: + description: 'Defaults to false. When false, + files are subject to validations based + on the file type: Remote: A checksum must + be specified. Cloud Storage: An object + generation number must be specified.' + type: boolean + gcs: + description: A Cloud Storage object. + properties: + bucket: + description: Required. Bucket of the + Cloud Storage object. + type: string + generation: + description: Generation number of the + Cloud Storage object. + format: int64 + type: integer + object: + description: Required. Name of the Cloud + Storage object. + type: string + required: + - bucket + - object + type: object + localPath: + description: A local path within the VM + to use. + type: string + remote: + description: A generic remote file. + properties: + sha256Checksum: + description: SHA256 checksum of the + remote file. + type: string + uri: + description: Required. URI from which + to fetch the object. It should contain + both the protocol and path following + the format `{protocol}://{location}`. + type: string + required: + - uri + type: object + type: object + path: + description: Required. The absolute path of + the file within the VM. + type: string + permissions: + description: 'Consists of three octal digits + which represent, in order, the permissions + of the owner, group, and other users for the + file (similarly to the numeric mode used in + the linux chmod utility). Each digit represents + a three bit number with the 4 bit corresponding + to the read permissions, the 2 bit corresponds + to the write bit, and the one bit corresponds + to the execute permission. Default behavior + is 755. Below are some examples of permissions + and their associated values: read, write, + and execute: 7 read and execute: 5 read and + write: 6 read only: 4' + type: string + state: + description: 'Required. Desired state of the + file. Possible values: OS_POLICY_COMPLIANCE_STATE_UNSPECIFIED, + COMPLIANT, NON_COMPLIANT, UNKNOWN, NO_OS_POLICIES_APPLICABLE' + type: string + required: + - path + - state + type: object + id: + description: 'Required. The id of the resource with + the following restrictions: * Must contain only + lowercase letters, numbers, and hyphens. * Must + start with a letter. * Must be between 1-63 characters. + * Must end with a number or a letter. * Must be + unique within the OS policy.' + type: string + pkg: + description: Package resource + properties: + apt: + description: A package managed by Apt. + properties: + name: + description: Required. Package name. + type: string + required: + - name + type: object + deb: + description: A deb package file. + properties: + pullDeps: + description: 'Whether dependencies should + also be installed. - install when false: + `dpkg -i package` - install when true: + `apt-get update && apt-get -y install + package.deb`' + type: boolean + source: + description: Required. A deb package. + properties: + allowInsecure: + description: 'Defaults to false. When + false, files are subject to validations + based on the file type: Remote: A + checksum must be specified. Cloud + Storage: An object generation number + must be specified.' + type: boolean + gcs: + description: A Cloud Storage object. + properties: + bucket: + description: Required. Bucket of + the Cloud Storage object. + type: string + generation: + description: Generation number of + the Cloud Storage object. + format: int64 + type: integer + object: + description: Required. Name of the + Cloud Storage object. + type: string + required: + - bucket + - object + type: object + localPath: + description: A local path within the + VM to use. + type: string + remote: + description: A generic remote file. + properties: + sha256Checksum: + description: SHA256 checksum of + the remote file. + type: string + uri: + description: Required. URI from + which to fetch the object. It + should contain both the protocol + and path following the format + `{protocol}://{location}`. + type: string + required: + - uri + type: object + type: object + required: + - source + type: object + desiredState: + description: 'Required. The desired state the + agent should maintain for this package. Possible + values: DESIRED_STATE_UNSPECIFIED, INSTALLED, + REMOVED' + type: string + googet: + description: A package managed by GooGet. + properties: + name: + description: Required. Package name. + type: string + required: + - name + type: object + msi: + description: An MSI package. + properties: + properties: + description: Additional properties to use + during installation. This should be in + the format of Property=Setting. Appended + to the defaults of `ACTION=INSTALL REBOOT=ReallySuppress`. + items: + type: string + type: array + source: + description: Required. The MSI package. + properties: + allowInsecure: + description: 'Defaults to false. When + false, files are subject to validations + based on the file type: Remote: A + checksum must be specified. Cloud + Storage: An object generation number + must be specified.' + type: boolean + gcs: + description: A Cloud Storage object. + properties: + bucket: + description: Required. Bucket of + the Cloud Storage object. + type: string + generation: + description: Generation number of + the Cloud Storage object. + format: int64 + type: integer + object: + description: Required. Name of the + Cloud Storage object. + type: string + required: + - bucket + - object + type: object + localPath: + description: A local path within the + VM to use. + type: string + remote: + description: A generic remote file. + properties: + sha256Checksum: + description: SHA256 checksum of + the remote file. + type: string + uri: + description: Required. URI from + which to fetch the object. It + should contain both the protocol + and path following the format + `{protocol}://{location}`. + type: string + required: + - uri + type: object + type: object + required: + - source + type: object + rpm: + description: An rpm package file. + properties: + pullDeps: + description: 'Whether dependencies should + also be installed. - install when false: + `rpm --upgrade --replacepkgs package.rpm` + - install when true: `yum -y install package.rpm` + or `zypper -y install package.rpm`' + type: boolean + source: + description: Required. An rpm package. + properties: + allowInsecure: + description: 'Defaults to false. When + false, files are subject to validations + based on the file type: Remote: A + checksum must be specified. Cloud + Storage: An object generation number + must be specified.' + type: boolean + gcs: + description: A Cloud Storage object. + properties: + bucket: + description: Required. Bucket of + the Cloud Storage object. + type: string + generation: + description: Generation number of + the Cloud Storage object. + format: int64 + type: integer + object: + description: Required. Name of the + Cloud Storage object. + type: string + required: + - bucket + - object + type: object + localPath: + description: A local path within the + VM to use. + type: string + remote: + description: A generic remote file. + properties: + sha256Checksum: + description: SHA256 checksum of + the remote file. + type: string + uri: + description: Required. URI from + which to fetch the object. It + should contain both the protocol + and path following the format + `{protocol}://{location}`. + type: string + required: + - uri + type: object + type: object + required: + - source + type: object + yum: + description: A package managed by YUM. + properties: + name: + description: Required. Package name. + type: string + required: + - name + type: object + zypper: + description: A package managed by Zypper. + properties: + name: + description: Required. Package name. + type: string + required: + - name + type: object + required: + - desiredState + type: object + repository: + description: Package repository resource + properties: + apt: + description: An Apt Repository. + properties: + archiveType: + description: 'Required. Type of archive + files in this repository. Possible values: + ARCHIVE_TYPE_UNSPECIFIED, DEB, DEB_SRC' + type: string + components: + description: Required. List of components + for this repository. Must contain at least + one item. + items: + type: string + type: array + distribution: + description: Required. Distribution of this + repository. + type: string + gpgKey: + description: URI of the key file for this + repository. The agent maintains a keyring + at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg`. + type: string + uri: + description: Required. URI for this repository. + type: string + required: + - archiveType + - components + - distribution + - uri + type: object + goo: + description: A Goo Repository. + properties: + name: + description: Required. The name of the repository. + type: string + url: + description: Required. The url of the repository. + type: string + required: + - name + - url + type: object + yum: + description: A Yum Repository. + properties: + baseUrl: + description: Required. The location of the + repository directory. + type: string + displayName: + description: The display name of the repository. + type: string + gpgKeys: + description: URIs of GPG keys. + items: + type: string + type: array + id: + description: Required. A one word, unique + name for this repository. This is the + `repo id` in the yum config file and also + the `display_name` if `display_name` is + omitted. This id is also used as the unique + identifier when checking for resource + conflicts. + type: string + required: + - baseUrl + - id + type: object + zypper: + description: A Zypper Repository. + properties: + baseUrl: + description: Required. The location of the + repository directory. + type: string + displayName: + description: The display name of the repository. + type: string + gpgKeys: + description: URIs of GPG keys. + items: + type: string + type: array + id: + description: Required. A one word, unique + name for this repository. This is the + `repo id` in the zypper config file and + also the `display_name` if `display_name` + is omitted. This id is also used as the + unique identifier when checking for GuestPolicy + conflicts. + type: string + required: + - baseUrl + - id + type: object + type: object + required: + - id + type: object + type: array + required: + - resources + type: object + type: array + required: + - id + - mode + - resourceGroups + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rollout: + description: 'Required. Rollout to deploy the OS policy assignment. + A rollout is triggered in the following situations: 1) OSPolicyAssignment + is created. 2) OSPolicyAssignment is updated and the update contains + changes to one of the following fields: - instance_filter - os_policies + 3) OSPolicyAssignment is deleted.' + properties: + disruptionBudget: + description: Required. The maximum number (or percentage) of VMs + per zone to disrupt at any given moment. + properties: + fixed: + description: Specifies a fixed value. + format: int64 + type: integer + percent: + description: Specifies the relative value defined as a percentage, + which will be multiplied by a reference value. + format: int64 + type: integer + type: object + minWaitDuration: + description: Required. This determines the minimum duration of + time to wait after the configuration changes are applied through + the current rollout. A VM continues to count towards the `disruption_budget` + at least until this duration of time has passed after configuration + changes are applied. + type: string + required: + - disruptionBudget + - minWaitDuration + type: object + skipAwaitRollout: + description: Set to true to skip awaiting rollout during resource + creation and update. + type: boolean + required: + - instanceFilter + - location + - osPolicies + - projectRef + - rollout + type: object + status: + properties: + baseline: + description: Output only. Indicates that this revision has been successfully + rolled out in this zone and new VMs will be assigned OS policies + from this revision. For a given OS policy assignment, there is only + one revision with a value of `true` for this field. + type: boolean + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + deleted: + description: Output only. Indicates that this revision deletes the + OS policy assignment. + type: boolean + etag: + description: The etag for this OS policy assignment. If this is provided + on update, it must match the server's etag. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + reconciling: + description: 'Output only. Indicates that reconciliation is in progress + for the revision. This value is `true` when the `rollout_state` + is one of: * IN_PROGRESS * CANCELLING' + type: boolean + revisionCreateTime: + description: Output only. The timestamp that the revision was created. + format: date-time + type: string + revisionId: + description: Output only. The assignment revision ID A new revision + is committed whenever a rollout is triggered for a OS policy assignment + type: string + rolloutState: + description: 'Output only. OS policy assignment rollout state Possible + values: ROLLOUT_STATE_UNSPECIFIED, IN_PROGRESS, CANCELLING, CANCELLED, + SUCCEEDED' + type: string + uid: + description: Output only. Server generated unique id for the OS policy + assignment resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: osconfigpatchdeployments.osconfig.cnrm.cloud.google.com +spec: + group: osconfig.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OSConfigPatchDeployment + plural: osconfigpatchdeployments + shortNames: + - gcposconfigpatchdeployment + - gcposconfigpatchdeployments + singular: osconfigpatchdeployment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. Description of the patch deployment. Length + of the description is limited to 1024 characters. + type: string + duration: + description: |- + Immutable. Duration of the patch. After the duration ends, the patch times out. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + instanceFilter: + description: Immutable. VM instances to patch. + properties: + all: + description: Immutable. Target all VM instances in the project. + If true, no other criteria is permitted. + type: boolean + groupLabels: + description: Immutable. Targets VM instances matching ANY of these + GroupLabels. This allows targeting of disparate groups of VM + instances. + items: + properties: + labels: + additionalProperties: + type: string + description: Immutable. Compute Engine instance labels that + must be present for a VM instance to be targeted by this + filter. + type: object + required: + - labels + type: object + type: array + instanceNamePrefixes: + description: |- + Immutable. Targets VMs whose name starts with one of these prefixes. Similar to labels, this is another way to group + VMs when targeting configs, for example prefix="prod-". + items: + type: string + type: array + instances: + description: |- + Immutable. Targets any of the VM instances specified. Instances are specified by their URI in the 'form zones/{{zone}}/instances/{{instance_name}}', + 'projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}', or + 'https://www.googleapis.com/compute/v1/projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}'. + items: + type: string + type: array + zones: + description: Immutable. Targets VM instances in ANY of these zones. + Leave empty to target VM instances in any zone. + items: + type: string + type: array + type: object + oneTimeSchedule: + description: Immutable. Schedule a one-time execution. + properties: + executeTime: + description: |- + Immutable. The desired patch job execution time. A timestamp in RFC3339 UTC "Zulu" format, + accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + required: + - executeTime + type: object + patchConfig: + description: Immutable. Patch configuration that is applied. + properties: + apt: + description: Immutable. Apt update settings. Use this setting + to override the default apt patch rules. + properties: + excludes: + description: Immutable. List of packages to exclude from update. + These packages will be excluded. + items: + type: string + type: array + exclusivePackages: + description: |- + Immutable. An exclusive list of packages to be updated. These are the only packages that will be updated. + If these packages are not installed, they will be ignored. This field cannot be specified with + any other patch configuration fields. + items: + type: string + type: array + type: + description: 'Immutable. By changing the type to DIST, the + patching is performed using apt-get dist-upgrade instead. + Possible values: ["DIST", "UPGRADE"].' + type: string + type: object + goo: + description: Immutable. goo update settings. Use this setting + to override the default goo patch rules. + properties: + enabled: + description: Immutable. goo update settings. Use this setting + to override the default goo patch rules. + type: boolean + required: + - enabled + type: object + migInstancesAllowed: + description: Immutable. Allows the patch job to run on Managed + instance groups (MIGs). + type: boolean + postStep: + description: Immutable. The ExecStep to run after the patch update. + properties: + linuxExecStepConfig: + description: Immutable. The ExecStepConfig for all Linux VMs + targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + windowsExecStepConfig: + description: Immutable. The ExecStepConfig for all Windows + VMs targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + type: object + preStep: + description: Immutable. The ExecStep to run before the patch update. + properties: + linuxExecStepConfig: + description: Immutable. The ExecStepConfig for all Linux VMs + targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + windowsExecStepConfig: + description: Immutable. The ExecStepConfig for all Windows + VMs targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + type: object + rebootConfig: + description: 'Immutable. Post-patch reboot settings. Possible + values: ["DEFAULT", "ALWAYS", "NEVER"].' + type: string + windowsUpdate: + description: Immutable. Windows update settings. Use this setting + to override the default Windows patch rules. + properties: + classifications: + description: 'Immutable. Only apply updates of these windows + update classifications. If empty, all updates are applied. + Possible values: ["CRITICAL", "SECURITY", "DEFINITION", + "DRIVER", "FEATURE_PACK", "SERVICE_PACK", "TOOL", "UPDATE_ROLLUP", + "UPDATE"].' + items: + type: string + type: array + excludes: + description: Immutable. List of KBs to exclude from update. + items: + type: string + type: array + exclusivePatches: + description: |- + Immutable. An exclusive list of kbs to be updated. These are the only patches that will be updated. + This field must not be used with other patch configurations. + items: + type: string + type: array + type: object + yum: + description: Immutable. Yum update settings. Use this setting + to override the default yum patch rules. + properties: + excludes: + description: Immutable. List of packages to exclude from update. + These packages will be excluded. + items: + type: string + type: array + exclusivePackages: + description: |- + Immutable. An exclusive list of packages to be updated. These are the only packages that will be updated. + If these packages are not installed, they will be ignored. This field cannot be specified with + any other patch configuration fields. + items: + type: string + type: array + minimal: + description: Immutable. Will cause patch to run yum update-minimal + instead. + type: boolean + security: + description: Immutable. Adds the --security flag to yum update. + Not supported on all platforms. + type: boolean + type: object + zypper: + description: Immutable. zypper update settings. Use this setting + to override the default zypper patch rules. + properties: + categories: + description: Immutable. Install only patches with these categories. + Common categories include security, recommended, and feature. + items: + type: string + type: array + excludes: + description: Immutable. List of packages to exclude from update. + items: + type: string + type: array + exclusivePatches: + description: |- + Immutable. An exclusive list of patches to be updated. These are the only patches that will be installed using 'zypper patch patch:' command. + This field must not be used with any other patch configuration fields. + items: + type: string + type: array + severities: + description: Immutable. Install only patches with these severities. + Common severities include critical, important, moderate, + and low. + items: + type: string + type: array + withOptional: + description: Immutable. Adds the --with-optional flag to zypper + patch. + type: boolean + withUpdate: + description: Immutable. Adds the --with-update flag, to zypper + patch. + type: boolean + type: object + type: object + patchDeploymentId: + description: |- + Immutable. A name for the patch deployment in the project. When creating a name the following rules apply: + * Must contain only lowercase letters, numbers, and hyphens. + * Must start with a letter. + * Must be between 1-63 characters. + * Must end with a number or a letter. + * Must be unique within the project. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + recurringSchedule: + description: Immutable. Schedule recurring executions. + properties: + endTime: + description: |- + Immutable. The end time at which a recurring patch deployment schedule is no longer active. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + lastExecuteTime: + description: |- + The time the last patch job ran successfully. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + monthly: + description: Immutable. Schedule with monthly executions. + properties: + monthDay: + description: |- + Immutable. One day of the month. 1-31 indicates the 1st to the 31st day. -1 indicates the last day of the month. + Months without the target day will be skipped. For example, a schedule to run "every month on the 31st" + will not run in February, April, June, etc. + type: integer + weekDayOfMonth: + description: Immutable. Week day in a month. + properties: + dayOfWeek: + description: 'Immutable. A day of the week. Possible values: + ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", + "SATURDAY", "SUNDAY"].' + type: string + weekOrdinal: + description: Immutable. Week number in a month. 1-4 indicates + the 1st to 4th week of the month. -1 indicates the last + week of the month. + type: integer + required: + - dayOfWeek + - weekOrdinal + type: object + type: object + nextExecuteTime: + description: |- + The time the next patch job is scheduled to run. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + startTime: + description: |- + Immutable. The time that the recurring schedule becomes effective. Defaults to createTime of the patch deployment. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + timeOfDay: + description: Immutable. Time of the day to run a recurring deployment. + properties: + hours: + description: |- + Immutable. Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Immutable. Minutes of hour of day. Must be from + 0 to 59. + type: integer + nanos: + description: Immutable. Fractions of seconds in nanoseconds. + Must be from 0 to 999,999,999. + type: integer + seconds: + description: Immutable. Seconds of minutes of the time. Must + normally be from 0 to 59. An API may allow the value 60 + if it allows leap-seconds. + type: integer + type: object + timeZone: + description: |- + Immutable. Defines the time zone that timeOfDay is relative to. The rules for daylight saving time are + determined by the chosen time zone. + properties: + id: + description: Immutable. IANA Time Zone Database time zone, + e.g. "America/New_York". + type: string + version: + description: Immutable. IANA Time Zone Database version number, + e.g. "2019a". + type: string + required: + - id + type: object + weekly: + description: Immutable. Schedule with weekly executions. + properties: + dayOfWeek: + description: 'Immutable. IANA Time Zone Database time zone, + e.g. "America/New_York". Possible values: ["MONDAY", "TUESDAY", + "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"].' + type: string + required: + - dayOfWeek + type: object + required: + - timeOfDay + - timeZone + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + rollout: + description: Immutable. Rollout strategy of the patch job. + properties: + disruptionBudget: + description: |- + Immutable. The maximum number (or percentage) of VMs per zone to disrupt at any given moment. The number of VMs calculated from multiplying the percentage by the total number of VMs in a zone is rounded up. + During patching, a VM is considered disrupted from the time the agent is notified to begin until patching has completed. This disruption time includes the time to complete reboot and any post-patch steps. + A VM contributes to the disruption budget if its patching operation fails either when applying the patches, running pre or post patch steps, or if it fails to respond with a success notification before timing out. VMs that are not running or do not have an active agent do not count toward this disruption budget. + For zone-by-zone rollouts, if the disruption budget in a zone is exceeded, the patch job stops, because continuing to the next zone requires completion of the patch process in the previous zone. + For example, if the disruption budget has a fixed value of 10, and 8 VMs fail to patch in the current zone, the patch job continues to patch 2 VMs at a time until the zone is completed. When that zone is completed successfully, patching begins with 10 VMs at a time in the next zone. If 10 VMs in the next zone fail to patch, the patch job stops. + properties: + fixed: + description: Immutable. Specifies a fixed value. + type: integer + percentage: + description: Immutable. Specifies the relative value defined + as a percentage, which will be multiplied by a reference + value. + type: integer + type: object + mode: + description: 'Immutable. Mode of the patch rollout. Possible values: + ["ZONE_BY_ZONE", "CONCURRENT_ZONES"].' + type: string + required: + - disruptionBudget + - mode + type: object + required: + - instanceFilter + - patchDeploymentId + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Time the patch deployment was created. Timestamp is in RFC3339 text format. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + lastExecuteTime: + description: |- + The last time a patch job was started by this deployment. Timestamp is in RFC3339 text format. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + name: + description: |- + Unique name for the patch deployment resource in a project. + The patch deployment name is in the form: projects/{project_id}/patchDeployments/{patchDeploymentId}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + Time the patch deployment was last updated. Timestamp is in RFC3339 text format. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: osloginsshpublickeys.oslogin.cnrm.cloud.google.com +spec: + group: oslogin.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OSLoginSSHPublicKey + plural: osloginsshpublickeys + shortNames: + - gcposloginsshpublickey + - gcposloginsshpublickeys + singular: osloginsshpublickey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + expirationTimeUsec: + description: An expiration time in microseconds since epoch. + type: string + key: + description: Immutable. Public key text in SSH format, defined by + RFC4253 section 6.6. + type: string + project: + description: Immutable. The project ID of the Google Cloud Platform + project. + type: string + resourceID: + description: Immutable. Optional. The service-generated fingerprint + of the resource. Used for acquisition only. Leave unset to create + a new resource. + type: string + user: + description: Immutable. The user email. + type: string + required: + - key + - user + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + fingerprint: + description: The SHA-256 fingerprint of the SSH public key. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacapools.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACAPool + plural: privatecacapools + shortNames: + - gcpprivatecacapool + - gcpprivatecacapools + singular: privatecacapool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + issuancePolicy: + description: Optional. The IssuancePolicy to control how Certificates + will be issued from this CaPool. + properties: + allowedIssuanceModes: + description: Optional. If specified, then only methods allowed + in the IssuanceModes may be used to issue Certificates. + properties: + allowConfigBasedIssuance: + description: Optional. When true, allows callers to create + Certificates by specifying a CertificateConfig. + type: boolean + allowCsrBasedIssuance: + description: Optional. When true, allows callers to create + Certificates by specifying a CSR. + type: boolean + type: object + allowedKeyTypes: + description: Optional. If any AllowedKeyType is specified, then + the certificate request's public key must match one of the key + types listed here. Otherwise, any key may be used. + items: + properties: + ellipticCurve: + description: Represents an allowed Elliptic Curve key type. + properties: + signatureAlgorithm: + description: 'Optional. A signature algorithm that must + be used. If this is omitted, any EC-based signature + algorithm will be allowed. Possible values: EC_SIGNATURE_ALGORITHM_UNSPECIFIED, + ECDSA_P256, ECDSA_P384, EDDSA_25519' + type: string + type: object + rsa: + description: Represents an allowed RSA key type. + properties: + maxModulusSize: + description: Optional. The maximum allowed RSA modulus + size, in bits. If this is not set, or if set to zero, + the service will not enforce an explicit upper bound + on RSA modulus sizes. + format: int64 + type: integer + minModulusSize: + description: Optional. The minimum allowed RSA modulus + size, in bits. If this is not set, or if set to zero, + the service-level min RSA modulus size will continue + to apply. + format: int64 + type: integer + type: object + type: object + type: array + baselineValues: + description: Optional. A set of X.509 values that will be applied + to all certificates issued through this CaPool. If a certificate + request includes conflicting values for the same properties, + they will be overwritten by the values defined here. If a certificate + request uses a CertificateTemplate that defines conflicting + predefined_values for the same properties, the certificate issuance + request will fail. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does not + know how to handle this extension, the client should + consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Required. The value of this X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. + If this value is missing, the max path length will be + omitted from the CA certificate. + format: int64 + type: integer + zeroMaxIssuerPathLength: + description: Optional. When true, the "path length constraint" + in Basic Constraints extension will be set to 0. if + both max_issuer_path_length and zero_max_issuer_path_length + are unset, the max path length will be omitted from + the CA certificate. + type: boolean + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + identityConstraints: + description: Optional. Describes constraints on identities that + may appear in Certificates issued through this CaPool. If this + is omitted, then this CaPool will not add restrictions on a + certificate's identity. + properties: + allowSubjectAltNamesPassthrough: + description: Required. If this is true, the SubjectAltNames + extension may be copied from a certificate request into + the signed certificate. Otherwise, the requested SubjectAltNames + will be discarded. + type: boolean + allowSubjectPassthrough: + description: Required. If this is true, the Subject field + may be copied from a certificate request into the signed + certificate. Otherwise, the requested Subject will be discarded. + type: boolean + celExpression: + description: Optional. A CEL expression that may be used to + validate the resolved X.509 Subject and/or Subject Alternative + Name before a certificate is signed. To see the full allowed + syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel + properties: + description: + description: Optional. Description of the expression. + This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in + Common Expression Language syntax. + type: string + location: + description: Optional. String indicating the location + of the expression for error reporting, e.g. a file name + and a position in the file. + type: string + title: + description: Optional. Title for the expression, i.e. + a short string describing its purpose. This can be used + e.g. in UIs which allow to enter the expression. + type: string + type: object + required: + - allowSubjectAltNamesPassthrough + - allowSubjectPassthrough + type: object + maximumLifetime: + description: Optional. The maximum lifetime allowed for issued + Certificates. Note that if the issuing CertificateAuthority + expires before a Certificate's requested maximum_lifetime, the + effective lifetime will be explicitly truncated to match it. + type: string + passthroughExtensions: + description: Optional. Describes the set of X.509 extensions that + may appear in a Certificate issued through this CaPool. If a + certificate request sets extensions that don't appear in the + passthrough_extensions, those extensions will be dropped. If + a certificate request uses a CertificateTemplate with predefined_values + that don't appear here, the certificate issuance request will + fail. If this is omitted, then this CaPool will not add restrictions + on a certificate's X.509 extensions. These constraints do not + apply to X.509 extensions set in this CaPool's baseline_values. + properties: + additionalExtensions: + description: Optional. A set of ObjectIds identifying custom + X.509 extensions. Will be combined with known_extensions + to determine the full set of X.509 extensions. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + knownExtensions: + description: Optional. A set of named X.509 extensions. Will + be combined with additional_extensions to determine the + full set of X.509 extensions. + items: + type: string + type: array + type: object + type: object + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + publishingOptions: + description: Optional. The PublishingOptions to follow when issuing + Certificates from any CertificateAuthority in this CaPool. + properties: + publishCaCert: + description: Optional. When true, publishes each CertificateAuthority's + CA certificate and includes its URL in the "Authority Information + Access" X.509 extension in all issued Certificates. If this + is false, the CA certificate will not be published and the corresponding + X.509 extension will not be written in issued certificates. + type: boolean + publishCrl: + description: Optional. When true, publishes each CertificateAuthority's + CRL and includes its URL in the "CRL Distribution Points" X.509 + extension in all issued Certificates. If this is false, CRLs + will not be published and the corresponding X.509 extension + will not be written in issued certificates. CRLs will expire + 7 days from their creation. However, we will rebuild daily. + CRLs are also rebuilt shortly after a certificate is revoked. + type: boolean + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tier: + description: 'Immutable. Required. Immutable. The Tier of this CaPool. + Possible values: TIER_UNSPECIFIED, ENTERPRISE, DEVOPS' + type: string + required: + - location + - projectRef + - tier + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificateauthorities.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificateAuthority + plural: privatecacertificateauthorities + shortNames: + - gcpprivatecacertificateauthority + - gcpprivatecacertificateauthorities + singular: privatecacertificateauthority + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + caPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The caPool for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + config: + description: Immutable. Required. Immutable. The config used to create + a self-signed X.509 certificate or CSR. + properties: + subjectConfig: + description: Immutable. Required. Specifies some of the values + in a certificate that are related to the subject. + properties: + subject: + description: Immutable. Required. Contains distinguished name + fields such as the common name, location and organization. + properties: + commonName: + description: Immutable. The "common name" of the subject. + type: string + countryCode: + description: Immutable. The country code of the subject. + type: string + locality: + description: Immutable. The locality or city of the subject. + type: string + organization: + description: Immutable. The organization of the subject. + type: string + organizationalUnit: + description: Immutable. The organizational_unit of the + subject. + type: string + postalCode: + description: Immutable. The postal code of the subject. + type: string + province: + description: Immutable. The province, territory, or regional + state of the subject. + type: string + streetAddress: + description: Immutable. The street address of the subject. + type: string + type: object + subjectAltName: + description: Immutable. Optional. The subject alternative + name fields. + properties: + customSans: + description: Immutable. Contains additional subject alternative + name values. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the + client does not know how to handle this extension, + the client should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this + X.509 extension. + properties: + objectIdPath: + description: Immutable. Required. The parts + of an OID path. The most significant parts + of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + dnsNames: + description: Immutable. Contains only valid, fully-qualified + host names. + items: + type: string + type: array + emailAddresses: + description: Immutable. Contains only valid RFC 2822 E-mail + addresses. + items: + type: string + type: array + ipAddresses: + description: Immutable. Contains only valid 32-bit IPv4 + addresses or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Immutable. Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + required: + - subject + type: object + x509Config: + description: Immutable. Required. Describes how some of the technical + X.509 fields in a certificate should be populated. + properties: + additionalExtensions: + description: Immutable. Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the client + does not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + caOptions: + description: Immutable. Optional. Describes options in this + X509Parameters that are relevant in a CA certificate. + properties: + isCa: + description: Immutable. Optional. Refers to the "CA" X.509 + extension, which is a boolean value. When this value + is missing, the extension will be omitted from the CA + certificate. + type: boolean + maxIssuerPathLength: + description: Immutable. Optional. Refers to the path length + restriction X.509 extension. For a CA certificate, this + value describes the depth of subordinate CA certificates + that are allowed. If this value is less than 0, the + request will fail. If this value is missing, the max + path length will be omitted from the CA certificate. + format: int64 + type: integer + zeroMaxIssuerPathLength: + description: Immutable. Optional. When true, the "path + length constraint" in Basic Constraints extension will + be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length + are unset, the max path length will be omitted from + the CA certificate. + type: boolean + type: object + keyUsage: + description: Immutable. Optional. Indicates the intended use + for keys that correspond to a certificate. + properties: + baseKeyUsage: + description: Immutable. Describes high-level ways in which + a key may be used. + properties: + certSign: + description: Immutable. The key may be used to sign + certificates. + type: boolean + contentCommitment: + description: Immutable. The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: Immutable. The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: Immutable. The key may be used to encipher + data. + type: boolean + decipherOnly: + description: Immutable. The key may be used to decipher + only. + type: boolean + digitalSignature: + description: Immutable. The key may be used for digital + signatures. + type: boolean + encipherOnly: + description: Immutable. The key may be used to encipher + only. + type: boolean + keyAgreement: + description: Immutable. The key may be used in a key + agreement protocol. + type: boolean + keyEncipherment: + description: Immutable. The key may be used to encipher + other keys. + type: boolean + type: object + extendedKeyUsage: + description: Immutable. Detailed scenarios in which a + key may be used. + properties: + clientAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Immutable. Used to describe extended key + usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Immutable. Optional. Describes the X.509 certificate + policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an OID + path. The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + required: + - subjectConfig + - x509Config + type: object + gcsBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as `gs://`) or suffixes (such as `.googleapis.com`). For example, to use a bucket named `my-bucket`, you would simply specify `my-bucket`. If not specified, a managed bucket will be created. + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + keySpec: + description: Immutable. Required. Immutable. Used when issuing certificates + for this CertificateAuthority. If this CertificateAuthority is a + self-signed CertificateAuthority, this key is also used to sign + the self-signed CA certificate. Otherwise, it is used to sign a + CSR. + properties: + algorithm: + description: 'Immutable. The algorithm to use for creating a managed + Cloud KMS key for a for a simplified experience. All managed + keys will be have their ProtectionLevel as `HSM`. Possible values: + RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, + RSA_PKCS1_2048_SHA256, RSA_PKCS1_3072_SHA256, RSA_PKCS1_4096_SHA256, + EC_P256_SHA256, EC_P384_SHA384' + type: string + cloudKmsKeyVersionRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The resource name for an existing Cloud KMS CryptoKeyVersion + in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. + This option enables full flexibility in the key's capabilities + and properties. + type: string + name: + description: |- + [WARNING] KMSCryptoKeyVersion not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + lifetime: + description: Immutable. Required. The desired lifetime of the CA certificate. + Used to create the "not_before_time" and "not_after_time" fields + inside an X.509 certificate. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. Required. Immutable. The Type of this CertificateAuthority. + Possible values: SELF_SIGNED, SUBORDINATE' + type: string + required: + - caPoolRef + - config + - keySpec + - lifetime + - location + - projectRef + - type + type: object + status: + properties: + accessUrls: + description: Output only. URLs for accessing content published by + this CA, such as the CA certificate and CRLs. + properties: + caCertificateAccessUrl: + description: The URL where this CertificateAuthority's CA certificate + is published. This will only be set for CAs that have been activated. + type: string + crlAccessUrls: + description: The URLs where this CertificateAuthority's CRLs are + published. This will only be set for CAs that have been activated. + items: + type: string + type: array + type: object + caCertificateDescriptions: + description: Output only. A structured description of this CertificateAuthority's + CA certificate and its issuers. Ordered as self-to-root. + items: + properties: + aiaIssuingCertificateUrls: + description: Describes lists of issuer CA certificate URLs that + appear in the "Authority Information Access" extension in + the certificate. + items: + type: string + type: array + authorityKeyId: + description: Identifies the subject_key_id of the parent certificate, + per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit + SHA-1 hash of the public key. + type: string + type: object + certFingerprint: + description: The hash of the x.509 certificate. + properties: + sha256Hash: + description: The SHA 256 hash, encoded in hexadecimal, of + the DER x509 certificate. + type: string + type: object + crlDistributionPoints: + description: Describes a list of locations to obtain CRL information, + i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 + items: + type: string + type: array + publicKey: + description: The public key that corresponds to an issued certificate. + properties: + format: + description: 'Required. The format of the public key. Possible + values: PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + subjectDescription: + description: Describes some of the values in a certificate that + are related to the subject and lifetime. + properties: + hexSerialNumber: + description: The serial number encoded in lowercase hexadecimal. + type: string + lifetime: + description: For convenience, the actual lifetime of an + issued certificate. + type: string + notAfterTime: + description: The time after which the certificate is expired. + Per RFC 5280, the validity period for a certificate is + the period of time from not_before_time through not_after_time, + inclusive. Corresponds to 'not_before_time' + 'lifetime' + - 1 second. + format: date-time + type: string + notBeforeTime: + description: The time at which the certificate becomes valid. + format: date-time + type: string + subject: + description: Contains distinguished name fields such as + the common name, location and organization. + properties: + commonName: + description: The "common name" of the subject. + type: string + countryCode: + description: The country code of the subject. + type: string + locality: + description: The locality or city of the subject. + type: string + organization: + description: The organization of the subject. + type: string + organizationalUnit: + description: The organizational_unit of the subject. + type: string + postalCode: + description: The postal code of the subject. + type: string + province: + description: The province, territory, or regional state + of the subject. + type: string + streetAddress: + description: The street address of the subject. + type: string + type: object + subjectAltName: + description: The subject alternative name fields. + properties: + customSans: + description: Contains additional subject alternative + name values. + items: + properties: + critical: + description: Optional. Indicates whether or not + this extension is critical (i.e., if the client + does not know how to handle this extension, + the client should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Required. The parts of an OID + path. The most significant parts of the + path come first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 + extension. + type: string + type: object + type: array + dnsNames: + description: Contains only valid, fully-qualified host + names. + items: + type: string + type: array + emailAddresses: + description: Contains only valid RFC 2822 E-mail addresses. + items: + type: string + type: array + ipAddresses: + description: Contains only valid 32-bit IPv4 addresses + or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + type: object + subjectKeyId: + description: Provides a means of identifiying certificates that + contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit + SHA-1 hash of the public key. + type: string + type: object + x509Description: + description: Describes some of the technical X.509 fields in + a certificate. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does + not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the + "Authority Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value + describes the depth of subordinate CA certificates + that are allowed. If this value is less than 0, the + request will fail. If this value is missing, the max + path length will be omitted from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + config: + properties: + publicKey: + description: Optional. The public key that corresponds to this + config. This is, for example, used when issuing Certificates, + but not when creating a self-signed CertificateAuthority or + CertificateAuthority CSR. + properties: + format: + description: 'Required. The format of the public key. Possible + values: PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + x509Config: + properties: + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + type: object + type: object + createTime: + description: Output only. The time at which this CertificateAuthority + was created. + format: date-time + type: string + deleteTime: + description: Output only. The time at which this CertificateAuthority + was soft deleted, if it is in the DELETED state. + format: date-time + type: string + expireTime: + description: Output only. The time at which this CertificateAuthority + will be permanently purged, if it is in the DELETED state. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pemCaCertificates: + description: Output only. This CertificateAuthority's certificate + chain, including the current CertificateAuthority's certificate. + Ordered such that the root issuer is the final element (consistent + with RFC 5246). For a self-signed CA, this will only list the current + CertificateAuthority's certificate. + items: + type: string + type: array + state: + description: 'Output only. The State for this CertificateAuthority. + Possible values: ENABLED, DISABLED, STAGED, AWAITING_USER_ACTIVATION, + DELETED' + type: string + subordinateConfig: + description: Optional. If this is a subordinate CertificateAuthority, + this field will be set with the subordinate configuration, which + describes its issuers. This may be updated, but this CertificateAuthority + must continue to validate. + properties: + certificateAuthority: + description: Required. This can refer to a CertificateAuthority + in the same project that was used to create a subordinate CertificateAuthority. + This field is used for information and usability purposes only. + The resource name is in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. + type: string + pemIssuerChain: + description: Required. Contains the PEM certificate chain for + the issuers of this CertificateAuthority, but not pem certificate + for this CA itself. + properties: + pemCertificates: + description: Required. Expected to be in leaf-to-root order + according to RFC 5246. + items: + type: string + type: array + type: object + type: object + tier: + description: 'Output only. The CaPool.Tier of the CaPool that includes + this CertificateAuthority. Possible values: ENTERPRISE, DEVOPS' + type: string + updateTime: + description: Output only. The time at which this CertificateAuthority + was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificates.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificate + plural: privatecacertificates + shortNames: + - gcpprivatecacertificate + - gcpprivatecacertificates + singular: privatecacertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + caPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The ca_pool for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateAuthorityRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The certificate authority for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACertificateAuthority` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}/certificateAuthorities/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateTemplateRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format `projects/*/locations/*/certificateTemplates/*`. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate. + + Allowed value: The `selfLink` field of a `PrivateCACertificateTemplate` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + config: + description: Immutable. Immutable. A description of the certificate + and key that does not require X.509 or ASN.1. + properties: + publicKey: + description: Immutable. Optional. The public key that corresponds + to this config. This is, for example, used when issuing Certificates, + but not when creating a self-signed CertificateAuthority or + CertificateAuthority CSR. + properties: + format: + description: 'Immutable. Required. The format of the public + key. Possible values: KEY_FORMAT_UNSPECIFIED, PEM' + type: string + key: + description: Immutable. Required. A public key. The padding + and encoding must match with the `KeyFormat` value specified + for the `format` field. + type: string + required: + - format + - key + type: object + subjectConfig: + description: Immutable. Required. Specifies some of the values + in a certificate that are related to the subject. + properties: + subject: + description: Immutable. Required. Contains distinguished name + fields such as the common name, location and organization. + properties: + commonName: + description: Immutable. The "common name" of the subject. + type: string + countryCode: + description: Immutable. The country code of the subject. + type: string + locality: + description: Immutable. The locality or city of the subject. + type: string + organization: + description: Immutable. The organization of the subject. + type: string + organizationalUnit: + description: Immutable. The organizational_unit of the + subject. + type: string + postalCode: + description: Immutable. The postal code of the subject. + type: string + province: + description: Immutable. The province, territory, or regional + state of the subject. + type: string + streetAddress: + description: Immutable. The street address of the subject. + type: string + type: object + subjectAltName: + description: Immutable. Optional. The subject alternative + name fields. + properties: + dnsNames: + description: Immutable. Contains only valid, fully-qualified + host names. + items: + type: string + type: array + emailAddresses: + description: Immutable. Contains only valid RFC 2822 E-mail + addresses. + items: + type: string + type: array + ipAddresses: + description: Immutable. Contains only valid 32-bit IPv4 + addresses or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Immutable. Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + required: + - subject + type: object + x509Config: + description: Immutable. Required. Describes how some of the technical + X.509 fields in a certificate should be populated. + properties: + additionalExtensions: + description: Immutable. Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the client + does not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Immutable. Optional. Describes Online Certificate + Status Protocol (OCSP) endpoint addresses that appear in + the "Authority Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Immutable. Optional. Describes options in this + X509Parameters that are relevant in a CA certificate. + properties: + isCa: + description: Immutable. Optional. When true, the "CA" + in Basic Constraints extension will be set to true. + type: boolean + maxIssuerPathLength: + description: Immutable. Optional. Refers to the "path + length constraint" in Basic Constraints extension. For + a CA certificate, this value describes the depth of + subordinate CA certificates that are allowed. If this + value is less than 0, the request will fail. + format: int64 + type: integer + nonCa: + description: Immutable. Optional. When true, the "CA" + in Basic Constraints extension will be set to false. + If both `is_ca` and `non_ca` are unset, the extension + will be omitted from the CA certificate. + type: boolean + zeroMaxIssuerPathLength: + description: Immutable. Optional. When true, the "path + length constraint" in Basic Constraints extension will + be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length + are unset, the max path length will be omitted from + the CA certificate. + type: boolean + type: object + keyUsage: + description: Immutable. Optional. Indicates the intended use + for keys that correspond to a certificate. + properties: + baseKeyUsage: + description: Immutable. Describes high-level ways in which + a key may be used. + properties: + certSign: + description: Immutable. The key may be used to sign + certificates. + type: boolean + contentCommitment: + description: Immutable. The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: Immutable. The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: Immutable. The key may be used to encipher + data. + type: boolean + decipherOnly: + description: Immutable. The key may be used to decipher + only. + type: boolean + digitalSignature: + description: Immutable. The key may be used for digital + signatures. + type: boolean + encipherOnly: + description: Immutable. The key may be used to encipher + only. + type: boolean + keyAgreement: + description: Immutable. The key may be used in a key + agreement protocol. + type: boolean + keyEncipherment: + description: Immutable. The key may be used to encipher + other keys. + type: boolean + type: object + extendedKeyUsage: + description: Immutable. Detailed scenarios in which a + key may be used. + properties: + clientAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Immutable. Used to describe extended key + usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Immutable. Optional. Describes the X.509 certificate + policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an OID + path. The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + required: + - subjectConfig + - x509Config + type: object + lifetime: + description: Immutable. Required. Immutable. The desired lifetime + of a certificate. Used to create the "not_before_time" and "not_after_time" + fields inside an X.509 certificate. Note that the lifetime may be + truncated if it would extend past the life of any certificate authority + in the issuing chain. + type: string + location: + description: Immutable. The location for the resource + type: string + pemCsr: + description: Immutable. Immutable. A pem-encoded X.509 certificate + signing request (CSR). + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subjectMode: + description: 'Immutable. Immutable. Specifies how the Certificate''s + identity fields are to be decided. If this is omitted, the `DEFAULT` + subject mode will be used. Possible values: SUBJECT_REQUEST_MODE_UNSPECIFIED, + DEFAULT, REFLECTED_SPIFFE' + type: string + required: + - caPoolRef + - lifetime + - location + - projectRef + type: object + status: + properties: + certificateDescription: + description: Output only. A structured description of the issued X.509 + certificate. + properties: + aiaIssuingCertificateUrls: + description: Describes lists of issuer CA certificate URLs that + appear in the "Authority Information Access" extension in the + certificate. + items: + type: string + type: array + authorityKeyId: + description: Identifies the subject_key_id of the parent certificate, + per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit SHA-1 + hash of the public key. + type: string + type: object + certFingerprint: + description: The hash of the x.509 certificate. + properties: + sha256Hash: + description: The SHA 256 hash, encoded in hexadecimal, of + the DER x509 certificate. + type: string + type: object + crlDistributionPoints: + description: Describes a list of locations to obtain CRL information, + i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 + items: + type: string + type: array + publicKey: + description: The public key that corresponds to an issued certificate. + properties: + format: + description: 'Required. The format of the public key. Possible + values: KEY_FORMAT_UNSPECIFIED, PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + subjectDescription: + description: Describes some of the values in a certificate that + are related to the subject and lifetime. + properties: + hexSerialNumber: + description: The serial number encoded in lowercase hexadecimal. + type: string + lifetime: + description: For convenience, the actual lifetime of an issued + certificate. + type: string + notAfterTime: + description: The time after which the certificate is expired. + Per RFC 5280, the validity period for a certificate is the + period of time from not_before_time through not_after_time, + inclusive. Corresponds to 'not_before_time' + 'lifetime' + - 1 second. + format: date-time + type: string + notBeforeTime: + description: The time at which the certificate becomes valid. + format: date-time + type: string + subject: + description: Contains distinguished name fields such as the + common name, location and / organization. + properties: + commonName: + description: The "common name" of the subject. + type: string + countryCode: + description: The country code of the subject. + type: string + locality: + description: The locality or city of the subject. + type: string + organization: + description: The organization of the subject. + type: string + organizationalUnit: + description: The organizational_unit of the subject. + type: string + postalCode: + description: The postal code of the subject. + type: string + province: + description: The province, territory, or regional state + of the subject. + type: string + streetAddress: + description: The street address of the subject. + type: string + type: object + subjectAltName: + description: The subject alternative name fields. + properties: + customSans: + description: Contains additional subject alternative name + values. + items: + properties: + critical: + description: Optional. Indicates whether or not + this extension is critical (i.e., if the client + does not know how to handle this extension, the + client should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + dnsNames: + description: Contains only valid, fully-qualified host + names. + items: + type: string + type: array + emailAddresses: + description: Contains only valid RFC 2822 E-mail addresses. + items: + type: string + type: array + ipAddresses: + description: Contains only valid 32-bit IPv4 addresses + or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + type: object + subjectKeyId: + description: Provides a means of identifiying certificates that + contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit SHA-1 + hash of the public key. + type: string + type: object + x509Description: + description: Describes some of the technical X.509 fields in a + certificate. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does not + know how to handle this extension, the client should + consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. + If this value is missing, the max path length will be + omitted from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time at which this Certificate was created. + format: date-time + type: string + issuerCertificateAuthority: + description: Output only. The resource name of the issuing CertificateAuthority + in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pemCertificate: + description: Output only. The pem-encoded, signed X.509 certificate. + type: string + pemCertificateChain: + description: Output only. The chain that may be used to verify the + X.509 certificate. Expected to be in issuer-to-root order according + to RFC 5246. + items: + type: string + type: array + revocationDetails: + description: Output only. Details regarding the revocation of this + Certificate. This Certificate is considered revoked if and only + if this field is present. + properties: + revocationState: + description: 'Indicates why a Certificate was revoked. Possible + values: REVOCATION_REASON_UNSPECIFIED, KEY_COMPROMISE, CERTIFICATE_AUTHORITY_COMPROMISE, + AFFILIATION_CHANGED, SUPERSEDED, CESSATION_OF_OPERATION, CERTIFICATE_HOLD, + PRIVILEGE_WITHDRAWN, ATTRIBUTE_AUTHORITY_COMPROMISE' + type: string + revocationTime: + description: The time at which this Certificate was revoked. + format: date-time + type: string + type: object + updateTime: + description: Output only. The time at which this Certificate was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificatetemplates.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificateTemplate + plural: privatecacertificatetemplates + shortNames: + - gcpprivatecacertificatetemplate + - gcpprivatecacertificatetemplates + singular: privatecacertificatetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A human-readable description of scenarios this + template is intended for. + type: string + identityConstraints: + description: Optional. Describes constraints on identities that may + be appear in Certificates issued using this template. If this is + omitted, then this template will not add restrictions on a certificate's + identity. + properties: + allowSubjectAltNamesPassthrough: + description: Required. If this is true, the SubjectAltNames extension + may be copied from a certificate request into the signed certificate. + Otherwise, the requested SubjectAltNames will be discarded. + type: boolean + allowSubjectPassthrough: + description: Required. If this is true, the Subject field may + be copied from a certificate request into the signed certificate. + Otherwise, the requested Subject will be discarded. + type: boolean + celExpression: + description: Optional. A CEL expression that may be used to validate + the resolved X.509 Subject and/or Subject Alternative Name before + a certificate is signed. To see the full allowed syntax and + some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel + properties: + description: + description: Optional. Description of the expression. This + is a longer text which describes the expression, e.g. when + hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: Optional. String indicating the location of the + expression for error reporting, e.g. a file name and a position + in the file. + type: string + title: + description: Optional. Title for the expression, i.e. a short + string describing its purpose. This can be used e.g. in + UIs which allow to enter the expression. + type: string + type: object + required: + - allowSubjectAltNamesPassthrough + - allowSubjectPassthrough + type: object + location: + description: Immutable. The location for the resource + type: string + passthroughExtensions: + description: Optional. Describes the set of X.509 extensions that + may appear in a Certificate issued using this CertificateTemplate. + If a certificate request sets extensions that don't appear in the + passthrough_extensions, those extensions will be dropped. If the + issuing CaPool's IssuancePolicy defines baseline_values that don't + appear here, the certificate issuance request will fail. If this + is omitted, then this template will not add restrictions on a certificate's + X.509 extensions. These constraints do not apply to X.509 extensions + set in this CertificateTemplate's predefined_values. + properties: + additionalExtensions: + description: Optional. A set of ObjectIds identifying custom X.509 + extensions. Will be combined with known_extensions to determine + the full set of X.509 extensions. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The most + significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + knownExtensions: + description: Optional. A set of named X.509 extensions. Will be + combined with additional_extensions to determine the full set + of X.509 extensions. + items: + type: string + type: array + type: object + predefinedValues: + description: Optional. A set of X.509 values that will be applied + to all issued certificates that use this template. If the certificate + request includes conflicting values for the same properties, they + will be overwritten by the values defined here. If the issuing CaPool's + IssuancePolicy defines conflicting baseline_values for the same + properties, the certificate issuance request will fail. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this extension + is critical (i.e., if the client does not know how to + handle this extension, the client should consider this + to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Required. The value of this X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status Protocol + (OCSP) endpoint addresses that appear in the "Authority Information + Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, the + extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. If + this value is missing, the max path length will be omitted + from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys that + correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key may + be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic commitments. + Note that this may also be referred to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate revocation + lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially + described as "TLS WWW client authentication", though + regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially + described as "Signing of downloadable executable code + client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially + described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially + described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially + described as "TLS WWW server authentication", though + regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially + described as "Binding the hash of an object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that are + not listed in the KeyUsage.ExtendedKeyUsageOptions message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The most + significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time at which this CertificateTemplate + was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The time at which this CertificateTemplate + was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: privilegedaccessmanagerentitlements.privilegedaccessmanager.cnrm.cloud.google.com +spec: + group: privilegedaccessmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivilegedAccessManagerEntitlement + listKind: PrivilegedAccessManagerEntitlementList + plural: privilegedaccessmanagerentitlements + singular: privilegedaccessmanagerentitlement + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: PrivilegedAccessManagerEntitlement is the Schema for the PrivilegedAccessManagerEntitlement + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PrivilegedAccessManagerEntitlementSpec defines the desired + state of PrivilegedAccessManagerEntitlement. + properties: + additionalNotificationTargets: + description: Optional. Additional email addresses to be notified based + on actions taken. + properties: + adminEmailRecipients: + description: Optional. Additional email addresses to be notified + when a principal (requester) is granted access. + items: + type: string + type: array + requesterEmailRecipients: + description: Optional. Additional email address to be notified + about an eligible entitlement. + items: + type: string + type: array + type: object + approvalWorkflow: + description: Optional. The approvals needed before access are granted + to a requester. No approvals are needed if this field is null. + properties: + manualApprovals: + description: An approval workflow where users designated as approvers + review and act on the grants. + properties: + requireApproverJustification: + description: Optional. Whether the approvers need to provide + a justification for their actions. + type: boolean + steps: + description: Optional. List of approval steps in this workflow. + These steps are followed in the specified order sequentially. + Only 1 step is supported. + items: + description: Step represents a logical step in a manual + approval workflow. + properties: + approvalsNeeded: + description: Required. How many users from the above + list need to approve. If there aren't enough distinct + users in the list, then the workflow indefinitely + blocks. Should always be greater than 0. 1 is the + only supported value. + format: int32 + type: integer + approverEmailRecipients: + description: Optional. Additional email addresses to + be notified when a grant is pending approval. + items: + type: string + type: array + approvers: + description: Optional. The potential set of approvers + in this step. This list must contain at most one entry. + items: + description: AccessControlEntry is used to control + who can do some operation. + properties: + principals: + description: 'Optional. Users who are allowed + for the operation. Each entry should be a valid + v1 IAM principal identifier. The format for + these is documented at: https://cloud.google.com/iam/docs/principal-identifiers#v1' + items: + type: string + type: array + required: + - principals + type: object + type: array + required: + - approvalsNeeded + type: object + type: array + type: object + required: + - manualApprovals + type: object + eligibleUsers: + description: Who can create grants using this entitlement. This list + should contain at most one entry. + items: + description: AccessControlEntry is used to control who can do some + operation. + properties: + principals: + description: 'Optional. Users who are allowed for the operation. + Each entry should be a valid v1 IAM principal identifier. + The format for these is documented at: https://cloud.google.com/iam/docs/principal-identifiers#v1' + items: + type: string + type: array + required: + - principals + type: object + type: array + folderRef: + description: Immutable. The Folder that this resource belongs to. + One and only one of 'projectRef', 'folderRef', or 'organizationRef' + must be set. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The 'name' field of a folder, when not managed by + Config Connector. This field must be set when 'name' field is + not set. + type: string + name: + description: The 'name' field of a 'Folder' resource. This field + must be set when 'external' field is not set. + type: string + namespace: + description: The 'namespace' field of a 'Folder' resource. If + unset, the namespace is defaulted to the namespace of the referencer + resource. + type: string + type: object + location: + description: Immutable. Location of the resource. + type: string + maxRequestDuration: + description: Required. The maximum amount of time that access is granted + for a request. A requester can ask for a duration less than this, + but never more. + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. One and only one of 'projectRef', 'folderRef', or 'organizationRef' + must be set. + properties: + external: + description: The 'name' field of an organization, when not managed + by Config Connector. + type: string + required: + - external + type: object + privilegedAccess: + description: The access granted to a requester on successful approval. + properties: + gcpIAMAccess: + description: Access to a Google Cloud resource through IAM. + properties: + roleBindings: + description: Required. Role bindings that are created on successful + grant. + items: + description: RoleBinding represents IAM role bindings that + are created after a successful grant. + properties: + conditionExpression: + description: |- + Optional. The expression field of the IAM condition to be associated + with the role. If specified, a user with an active grant for this + entitlement is able to access the resource only if this condition + evaluates to true for their request. + + This field uses the same CEL format as IAM and supports all attributes + that IAM supports, except tags. More details can be found at + https://cloud.google.com/iam/docs/conditions-overview#attributes. + type: string + role: + description: Required. IAM role to be granted. More + details can be found at https://cloud.google.com/iam/docs/roles-overview. + type: string + required: + - role + type: object + type: array + required: + - roleBindings + type: object + required: + - gcpIAMAccess + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + One and only one of 'projectRef', 'folderRef', or 'organizationRef' + must be set. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + requesterJustificationConfig: + description: Required. The manner in which the requester should provide + a justification for requesting access. + properties: + notMandatory: + description: NotMandatory justification type means the justification + isn't required and can be provided in any of the supported formats. + The user must explicitly opt out using this field if a justification + from the requester isn't mandatory. The only accepted value + is `{}` (empty struct). Either 'notMandatory' or 'unstructured' + field must be set. + type: object + x-kubernetes-preserve-unknown-fields: true + unstructured: + description: Unstructured justification type means the justification + is in the format of a string. If this is set, the server allows + the requester to provide a justification but doesn't validate + it. The only accepted value is `{}` (empty struct). Either 'notMandatory' + or 'unstructured' field must be set. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + resourceID: + description: Immutable. The PrivilegedAccessManagerEntitlement name. + If not given, the 'metadata.name' will be used. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + required: + - eligibleUsers + - location + - maxRequestDuration + - privilegedAccess + - requesterJustificationConfig + type: object + status: + description: PrivilegedAccessManagerEntitlementStatus defines the config + connector machine state of PrivilegedAccessManagerEntitlement. + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the PrivilegedAccessManagerEntitlement + resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to 'metadata.generation', then that means that + the current reported status reflects the most recent desired state + of the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + createTime: + description: Output only. Create time stamp. + type: string + etag: + description: An 'etag' is used for optimistic concurrency control + as a way to prevent simultaneous updates to the same entitlement. + An 'etag' is returned in the response to 'GetEntitlement' and + the caller should put the 'etag' in the request to 'UpdateEntitlement' + so that their change is applied on the same version. If this + field is omitted or if there is a mismatch while updating an + entitlement, then the server rejects the request. + type: string + state: + description: Output only. Current state of this entitlement. + type: string + updateTime: + description: Output only. Update time stamp. + type: string + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: PrivilegedAccessManagerEntitlement is the Schema for the PrivilegedAccessManagerEntitlement + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PrivilegedAccessManagerEntitlementSpec defines the desired + state of PrivilegedAccessManagerEntitlement. + properties: + additionalNotificationTargets: + description: Optional. Additional email addresses to be notified based + on actions taken. + properties: + adminEmailRecipients: + description: Optional. Additional email addresses to be notified + when a principal (requester) is granted access. + items: + type: string + type: array + requesterEmailRecipients: + description: Optional. Additional email address to be notified + about an eligible entitlement. + items: + type: string + type: array + type: object + approvalWorkflow: + description: Optional. The approvals needed before access are granted + to a requester. No approvals are needed if this field is null. + properties: + manualApprovals: + description: An approval workflow where users designated as approvers + review and act on the grants. + properties: + requireApproverJustification: + description: Optional. Whether the approvers need to provide + a justification for their actions. + type: boolean + steps: + description: Optional. List of approval steps in this workflow. + These steps are followed in the specified order sequentially. + Only 1 step is supported. + items: + description: Step represents a logical step in a manual + approval workflow. + properties: + approvalsNeeded: + description: Required. How many users from the above + list need to approve. If there aren't enough distinct + users in the list, then the workflow indefinitely + blocks. Should always be greater than 0. 1 is the + only supported value. + format: int32 + type: integer + approverEmailRecipients: + description: Optional. Additional email addresses to + be notified when a grant is pending approval. + items: + type: string + type: array + approvers: + description: Optional. The potential set of approvers + in this step. This list must contain at most one entry. + items: + description: AccessControlEntry is used to control + who can do some operation. + properties: + principals: + description: 'Optional. Users who are allowed + for the operation. Each entry should be a valid + v1 IAM principal identifier. The format for + these is documented at: https://cloud.google.com/iam/docs/principal-identifiers#v1' + items: + type: string + type: array + required: + - principals + type: object + type: array + required: + - approvalsNeeded + type: object + type: array + type: object + required: + - manualApprovals + type: object + eligibleUsers: + description: Who can create grants using this entitlement. This list + should contain at most one entry. + items: + description: AccessControlEntry is used to control who can do some + operation. + properties: + principals: + description: 'Optional. Users who are allowed for the operation. + Each entry should be a valid v1 IAM principal identifier. + The format for these is documented at: https://cloud.google.com/iam/docs/principal-identifiers#v1' + items: + type: string + type: array + required: + - principals + type: object + type: array + folderRef: + description: Immutable. The Folder that this resource belongs to. + One and only one of 'projectRef', 'folderRef', or 'organizationRef' + must be set. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The 'name' field of a folder, when not managed by + Config Connector. This field must be set when 'name' field is + not set. + type: string + name: + description: The 'name' field of a 'Folder' resource. This field + must be set when 'external' field is not set. + type: string + namespace: + description: The 'namespace' field of a 'Folder' resource. If + unset, the namespace is defaulted to the namespace of the referencer + resource. + type: string + type: object + location: + description: Immutable. Location of the resource. + type: string + maxRequestDuration: + description: Required. The maximum amount of time that access is granted + for a request. A requester can ask for a duration less than this, + but never more. + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. One and only one of 'projectRef', 'folderRef', or 'organizationRef' + must be set. + properties: + external: + description: The 'name' field of an organization, when not managed + by Config Connector. + type: string + required: + - external + type: object + privilegedAccess: + description: The access granted to a requester on successful approval. + properties: + gcpIAMAccess: + description: Access to a Google Cloud resource through IAM. + properties: + roleBindings: + description: Required. Role bindings that are created on successful + grant. + items: + description: RoleBinding represents IAM role bindings that + are created after a successful grant. + properties: + conditionExpression: + description: |- + Optional. The expression field of the IAM condition to be associated + with the role. If specified, a user with an active grant for this + entitlement is able to access the resource only if this condition + evaluates to true for their request. + + This field uses the same CEL format as IAM and supports all attributes + that IAM supports, except tags. More details can be found at + https://cloud.google.com/iam/docs/conditions-overview#attributes. + type: string + role: + description: Required. IAM role to be granted. More + details can be found at https://cloud.google.com/iam/docs/roles-overview. + type: string + required: + - role + type: object + type: array + required: + - roleBindings + type: object + required: + - gcpIAMAccess + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + One and only one of 'projectRef', 'folderRef', or 'organizationRef' + must be set. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + requesterJustificationConfig: + description: Required. The manner in which the requester should provide + a justification for requesting access. + properties: + notMandatory: + description: NotMandatory justification type means the justification + isn't required and can be provided in any of the supported formats. + The user must explicitly opt out using this field if a justification + from the requester isn't mandatory. The only accepted value + is `{}` (empty struct). Either 'notMandatory' or 'unstructured' + field must be set. + type: object + x-kubernetes-preserve-unknown-fields: true + unstructured: + description: Unstructured justification type means the justification + is in the format of a string. If this is set, the server allows + the requester to provide a justification but doesn't validate + it. The only accepted value is `{}` (empty struct). Either 'notMandatory' + or 'unstructured' field must be set. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + resourceID: + description: Immutable. The PrivilegedAccessManagerEntitlement name. + If not given, the 'metadata.name' will be used. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + required: + - eligibleUsers + - location + - maxRequestDuration + - privilegedAccess + - requesterJustificationConfig + type: object + status: + description: PrivilegedAccessManagerEntitlementStatus defines the config + connector machine state of PrivilegedAccessManagerEntitlement. + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the PrivilegedAccessManagerEntitlement + resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to 'metadata.generation', then that means that + the current reported status reflects the most recent desired state + of the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + createTime: + description: Output only. Create time stamp. + type: string + etag: + description: An 'etag' is used for optimistic concurrency control + as a way to prevent simultaneous updates to the same entitlement. + An 'etag' is returned in the response to 'GetEntitlement' and + the caller should put the 'etag' in the request to 'UpdateEntitlement' + so that their change is applied on the same version. If this + field is omitted or if there is a mismatch while updating an + entitlement, then the server rejects the request. + type: string + state: + description: Output only. Current state of this entitlement. + type: string + updateTime: + description: Output only. Update time stamp. + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: projects.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: Project + plural: projects + shortNames: + - gcpproject + - gcpprojects + singular: project + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef + - not: + anyOf: + - required: + - folderRef + - required: + - organizationRef + properties: + billingAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BillingAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + folderRef: + description: |- + The folder that this resource belongs to. Changing this forces the + resource to be migrated to the newly specified folder. Only one of + folderRef or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `folderId` field of a `Folder` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: The display name of the project. + type: string + organizationRef: + description: |- + The organization that this resource belongs to. Changing this + forces the resource to be migrated to the newly specified + organization. Only one of folderRef or organizationRef may be + specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The projectId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - name + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + number: + description: The numeric identifier of the project. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsublitereservations.pubsublite.cnrm.cloud.google.com +spec: + group: pubsublite.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubLiteReservation + plural: pubsublitereservations + shortNames: + - gcppubsublitereservation + - gcppubsublitereservations + singular: pubsublitereservation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: The region of the pubsub lite reservation. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + throughputCapacity: + description: |- + The reserved throughput capacity. Every unit of throughput capacity is + equivalent to 1 MiB/s of published messages or 2 MiB/s of subscribed + messages. + type: integer + required: + - projectRef + - region + - throughputCapacity + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsublitesubscriptions.pubsublite.cnrm.cloud.google.com +spec: + group: pubsublite.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubLiteSubscription + plural: pubsublitesubscriptions + shortNames: + - gcppubsublitesubscription + - gcppubsublitesubscriptions + singular: pubsublitesubscription + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deliveryConfig: + description: The settings for this subscription's message delivery. + properties: + deliveryRequirement: + description: 'When this subscription should send messages to subscribers + relative to messages persistence in storage. Possible values: + ["DELIVER_IMMEDIATELY", "DELIVER_AFTER_STORED", "DELIVERY_REQUIREMENT_UNSPECIFIED"].' + type: string + required: + - deliveryRequirement + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: The region of the pubsub lite topic. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + topic: + description: Immutable. A reference to a Topic resource. + type: string + zone: + description: The zone of the pubsub lite topic. + type: string + required: + - projectRef + - topic + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsublitetopics.pubsublite.cnrm.cloud.google.com +spec: + group: pubsublite.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubLiteTopic + plural: pubsublitetopics + shortNames: + - gcppubsublitetopic + - gcppubsublitetopics + singular: pubsublitetopic + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + partitionConfig: + description: The settings for this topic's partitions. + properties: + capacity: + description: The capacity configuration. + properties: + publishMibPerSec: + description: Subscribe throughput capacity per partition in + MiB/s. Must be >= 4 and <= 16. + type: integer + subscribeMibPerSec: + description: Publish throughput capacity per partition in + MiB/s. Must be >= 4 and <= 16. + type: integer + required: + - publishMibPerSec + - subscribeMibPerSec + type: object + count: + description: The number of partitions in the topic. Must be at + least 1. + type: integer + required: + - count + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: The region of the pubsub lite topic. + type: string + reservationConfig: + description: The settings for this topic's Reservation usage. + properties: + throughputReservation: + description: The Reservation to use for this topic's throughput + capacity. + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retentionConfig: + description: The settings for a topic's message retention. + properties: + perPartitionBytes: + description: |- + The provisioned storage, in bytes, per partition. If the number of bytes stored + in any of the topic's partitions grows beyond this value, older messages will be + dropped to make room for newer ones, regardless of the value of period. + type: string + period: + description: |- + How long a published message is retained. If unset, messages will be retained as + long as the bytes retained for each partition is below perPartitionBytes. A + duration in seconds with up to nine fractional digits, terminated by 's'. + Example: "3.5s". + type: string + required: + - perPartitionBytes + type: object + zone: + description: The zone of the pubsub lite topic. + type: string + required: + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubschemas.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubSchema + plural: pubsubschemas + shortNames: + - gcppubsubschema + - gcppubsubschemas + singular: pubsubschema + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + definition: + description: |- + The definition of the schema. + This should contain a string representing the full definition of the schema + that is a valid schema definition of the type specified in type. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'The type of the schema definition Default value: "TYPE_UNSPECIFIED" + Possible values: ["TYPE_UNSPECIFIED", "PROTOCOL_BUFFER", "AVRO"].' + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubsubscriptions.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubSubscription + plural: pubsubsubscriptions + shortNames: + - gcppubsubsubscription + - gcppubsubsubscriptions + singular: pubsubsubscription + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + ackDeadlineSeconds: + description: |- + This value is the maximum time after a subscriber receives a message + before the subscriber should acknowledge the message. After message + delivery but before the ack deadline expires and before the message is + acknowledged, it is an outstanding message and will not be delivered + again during that time (on a best-effort basis). + + For pull subscriptions, this value is used as the initial value for + the ack deadline. To override this value for a given message, call + subscriptions.modifyAckDeadline with the corresponding ackId if using + pull. The minimum custom deadline you can specify is 10 seconds. The + maximum custom deadline you can specify is 600 seconds (10 minutes). + If this parameter is 0, a default value of 10 seconds is used. + + For push delivery, this value is also used to set the request timeout + for the call to the push endpoint. + + If the subscriber never acknowledges the message, the Pub/Sub system + will eventually redeliver the message. + type: integer + bigqueryConfig: + description: |- + If delivery to BigQuery is used with this subscription, this field is used to configure it. + Either pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined. + If all three are empty, then the subscriber will pull and ack messages using API methods. + properties: + dropUnknownFields: + description: |- + When true and useTopicSchema is true, any fields that are a part of the topic schema that are not part of the BigQuery table schema are dropped when writing to BigQuery. + Otherwise, the schemas must be kept in sync and any messages with extra fields are not written and remain in the subscription's backlog. + type: boolean + tableRef: + description: The name of the table to which to write data. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `{{project}}.{{dataset_id}}.{{value}}`, + where {{value}} is the `name` field of a `BigQueryTable` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + useTopicSchema: + description: When true, use the topic's schema as the columns + to write to in BigQuery, if it exists. + type: boolean + writeMetadata: + description: |- + When true, write the subscription name, messageId, publishTime, attributes, and orderingKey to additional columns in the table. + The subscription name, messageId, and publishTime fields are put in their own columns while all other message properties (other than data) are written to a JSON object in the attributes column. + type: boolean + required: + - tableRef + type: object + cloudStorageConfig: + description: |- + If delivery to Cloud Storage is used with this subscription, this field is used to configure it. + Either pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined. + If all three are empty, then the subscriber will pull and ack messages using API methods. + properties: + avroConfig: + description: If set, message data will be written to Cloud Storage + in Avro format. + properties: + writeMetadata: + description: When true, write the subscription name, messageId, + publishTime, attributes, and orderingKey as additional fields + in the output. + type: boolean + type: object + bucketRef: + description: User-provided name for the Cloud Storage bucket. + The bucket must be created by the user. The bucket name must + be without any prefix like "gs://". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + filenamePrefix: + description: User-provided prefix for Cloud Storage filename. + type: string + filenameSuffix: + description: User-provided suffix for Cloud Storage filename. + Must not end in "/". + type: string + maxBytes: + description: |- + The maximum bytes that can be written to a Cloud Storage file before a new file is created. Min 1 KB, max 10 GiB. + The maxBytes limit may be exceeded in cases where messages are larger than the limit. + type: integer + maxDuration: + description: |- + The maximum duration that can elapse before a new Cloud Storage file is created. Min 1 minute, max 10 minutes, default 5 minutes. + May not exceed the subscription's acknowledgement deadline. + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + type: string + state: + description: An output-only field that indicates whether or not + the subscription can receive messages. + type: string + required: + - bucketRef + type: object + deadLetterPolicy: + description: |- + A policy that specifies the conditions for dead lettering messages in + this subscription. If dead_letter_policy is not set, dead lettering + is disabled. + + The Cloud Pub/Sub service account associated with this subscription's + parent project (i.e., + service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have + permission to Acknowledge() messages on this subscription. + properties: + deadLetterTopicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + maxDeliveryAttempts: + description: |- + The maximum number of delivery attempts for any message. The value must be + between 5 and 100. + + The number of delivery attempts is defined as 1 + (the sum of number of + NACKs and number of times the acknowledgement deadline has been exceeded for the message). + + A NACK is any call to ModifyAckDeadline with a 0 deadline. Note that + client libraries may automatically extend ack_deadlines. + + This field will be honored on a best effort basis. + + If this parameter is 0, a default value of 5 is used. + type: integer + type: object + enableExactlyOnceDelivery: + description: |- + If 'true', Pub/Sub provides the following guarantees for the delivery + of a message with a given value of messageId on this Subscriptions': + + - The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires. + + - An acknowledged message will not be resent to a subscriber. + + Note that subscribers may still receive multiple copies of a message when 'enable_exactly_once_delivery' + is true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values. + type: boolean + enableMessageOrdering: + description: |- + Immutable. If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to + the subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they + may be delivered in any order. + type: boolean + expirationPolicy: + description: |- + A policy that specifies the conditions for this subscription's expiration. + A subscription is considered active as long as any connected subscriber + is successfully consuming messages from the subscription or is issuing + operations on the subscription. If expirationPolicy is not set, a default + policy with ttl of 31 days will be used. If it is set but ttl is "", the + resource never expires. The minimum allowed value for expirationPolicy.ttl + is 1 day. + properties: + ttl: + description: |- + Specifies the "time-to-live" duration for an associated resource. The + resource expires if it is not active for a period of ttl. + If ttl is set to "", the associated resource never expires. + A duration in seconds with up to nine fractional digits, terminated by 's'. + Example - "3.5s". + type: string + required: + - ttl + type: object + filter: + description: |- + Immutable. The subscription only delivers the messages that match the filter. + Pub/Sub automatically acknowledges the messages that don't match the filter. You can filter messages + by their attributes. The maximum length of a filter is 256 bytes. After creating the subscription, + you can't modify the filter. + type: string + messageRetentionDuration: + description: |- + How long to retain unacknowledged messages in the subscription's + backlog, from the moment a message is published. If + retain_acked_messages is true, then this also configures the retention + of acknowledged messages, and thus configures how far back in time a + subscriptions.seek can be done. Defaults to 7 days. Cannot be more + than 7 days ('"604800s"') or less than 10 minutes ('"600s"'). + + A duration in seconds with up to nine fractional digits, terminated + by 's'. Example: '"600.5s"'. + type: string + pushConfig: + description: |- + If push delivery is used with this subscription, this field is used to + configure it. An empty pushConfig signifies that the subscriber will + pull and ack messages using API methods. + properties: + attributes: + additionalProperties: + type: string + description: |- + Endpoint configuration attributes. + + Every endpoint has a set of API supported attributes that can + be used to control different aspects of the message delivery. + + The currently supported attribute is x-goog-version, which you + can use to change the format of the pushed message. This + attribute indicates the version of the data expected by + the endpoint. This controls the shape of the pushed message + (i.e., its fields and metadata). The endpoint version is + based on the version of the Pub/Sub API. + + If not present during the subscriptions.create call, + it will default to the version of the API used to make + such call. If not present during a subscriptions.modifyPushConfig + call, its value will not be changed. subscriptions.get + calls will always return a valid version, even if the + subscription was created without this attribute. + + The possible values for this attribute are: + + - v1beta1: uses the push format defined in the v1beta1 Pub/Sub API. + - v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API. + type: object + noWrapper: + description: |- + When set, the payload to the push endpoint is not wrapped.Sets the + 'data' field as the HTTP body for delivery. + properties: + writeMetadata: + description: |- + When true, writes the Pub/Sub message metadata to + 'x-goog-pubsub-:' headers of the HTTP request. Writes the + Pub/Sub message attributes to ':' headers of the HTTP request. + type: boolean + required: + - writeMetadata + type: object + oidcToken: + description: |- + If specified, Pub/Sub will generate and attach an OIDC JWT token as + an Authorization header in the HTTP request for every pushed message. + properties: + audience: + description: |- + Audience to be used when generating OIDC token. The audience claim + identifies the recipients that the JWT is intended for. The audience + value is a single case-sensitive string. Having multiple values (array) + for the audience field is not supported. More info about the OIDC JWT + token audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3 + Note: if not specified, the Push endpoint URL will be used. + type: string + serviceAccountEmail: + description: |- + Service account email to be used for generating the OIDC token. + The caller (for subscriptions.create, subscriptions.patch, and + subscriptions.modifyPushConfig RPCs) must have the + iam.serviceAccounts.actAs permission for the service account. + type: string + required: + - serviceAccountEmail + type: object + pushEndpoint: + description: |- + A URL locating the endpoint to which messages should be pushed. + For example, a Webhook endpoint might use + "https://example.com/push". + type: string + required: + - pushEndpoint + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retainAckedMessages: + description: |- + Indicates whether to retain acknowledged messages. If 'true', then + messages are not expunged from the subscription's backlog, even if + they are acknowledged, until they fall out of the + messageRetentionDuration window. + type: boolean + retryPolicy: + description: |- + A policy that specifies how Pub/Sub retries message delivery for this subscription. + + If not set, the default retry policy is applied. This generally implies that messages will be retried as soon as possible for healthy subscribers. + RetryPolicy will be triggered on NACKs or acknowledgement deadline exceeded events for a given message. + properties: + maximumBackoff: + description: |- + The maximum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 600 seconds. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + minimumBackoff: + description: |- + The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + type: object + topicRef: + description: Reference to a PubSubTopic. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubtopics.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubTopic + plural: pubsubtopics + shortNames: + - gcppubsubtopic + - gcppubsubtopics + singular: pubsubtopic + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + kmsKeyRef: + description: |- + The KMSCryptoKey to be used to protect access to messages published + on this topic. Your project's Pub/Sub service account + ('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + messageRetentionDuration: + description: |- + Indicates the minimum duration to retain a message after it is published + to the topic. If this field is set, messages published to the topic in + the last messageRetentionDuration are always available to subscribers. + For instance, it allows any attached subscription to seek to a timestamp + that is up to messageRetentionDuration in the past. If this field is not + set, message retention is controlled by settings on individual subscriptions. + Cannot be more than 31 days or less than 10 minutes. + type: string + messageStoragePolicy: + description: |- + Policy constraining the set of Google Cloud Platform regions where + messages published to the topic may be stored. If not present, then no + constraints are in effect. + properties: + allowedPersistenceRegions: + description: |- + A list of IDs of GCP regions where messages that are published to + the topic may be persisted in storage. Messages published by + publishers running in non-allowed GCP regions (or running outside + of GCP altogether) will be routed for storage in one of the + allowed regions. An empty list means that no regions are allowed, + and is not a valid configuration. + items: + type: string + type: array + required: + - allowedPersistenceRegions + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + schemaSettings: + description: Settings for validating messages published against a + schema. + properties: + encoding: + description: 'The encoding of messages validated against schema. + Default value: "ENCODING_UNSPECIFIED" Possible values: ["ENCODING_UNSPECIFIED", + "JSON", "BINARY"].' + type: string + schemaRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/schemas/{{value}}`, + where {{value}} is the `name` field of a `PubSubSchema` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - schemaRef + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: recaptchaenterprisekeys.recaptchaenterprise.cnrm.cloud.google.com +spec: + group: recaptchaenterprise.cnrm.cloud.google.com + names: + categories: + - gcp + kind: RecaptchaEnterpriseKey + plural: recaptchaenterprisekeys + shortNames: + - gcprecaptchaenterprisekey + - gcprecaptchaenterprisekeys + singular: recaptchaenterprisekey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + androidSettings: + description: Settings for keys that can be used by Android apps. + properties: + allowAllPackageNames: + description: If set to true, it means allowed_package_names will + not be enforced. + type: boolean + allowedPackageNames: + description: 'Android package names of apps allowed to use the + key. Example: ''com.companyname.appname''' + items: + type: string + type: array + type: object + displayName: + description: Human-readable display name of this key. Modifiable by + user. + type: string + iosSettings: + description: Settings for keys that can be used by iOS apps. + properties: + allowAllBundleIds: + description: If set to true, it means allowed_bundle_ids will + not be enforced. + type: boolean + allowedBundleIds: + description: 'iOS bundle ids of apps allowed to use the key. Example: + ''com.companyname.productname.appname''' + items: + type: string + type: array + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + testingOptions: + description: Immutable. Options for user acceptance testing. + properties: + testingChallenge: + description: 'Immutable. For challenge-based keys only (CHECKBOX, + INVISIBLE), all challenge requests for this site will return + nocaptcha if NOCAPTCHA, or an unsolvable challenge if UNSOLVABLE_CHALLENGE. + Possible values: TESTING_CHALLENGE_UNSPECIFIED, NOCAPTCHA, UNSOLVABLE_CHALLENGE' + type: string + testingScore: + description: Immutable. All assessments for this Key will return + this score. Must be between 0 (likely not legitimate) and 1 + (likely legitimate) inclusive. + format: double + type: number + type: object + wafSettings: + description: Immutable. Settings specific to keys that can be used + for WAF (Web Application Firewall). + properties: + wafFeature: + description: 'Immutable. Supported WAF features. For more information, + see https://cloud.google.com/recaptcha-enterprise/docs/usecase#comparison_of_features. + Possible values: CHALLENGE_PAGE, SESSION_TOKEN, ACTION_TOKEN, + EXPRESS' + type: string + wafService: + description: 'Immutable. The WAF service that uses this key. Possible + values: CA, FASTLY' + type: string + required: + - wafFeature + - wafService + type: object + webSettings: + description: Settings for keys that can be used by websites. + properties: + allowAllDomains: + description: If set to true, it means allowed_domains will not + be enforced. + type: boolean + allowAmpTraffic: + description: If set to true, the key can be used on AMP (Accelerated + Mobile Pages) websites. This is supported only for the SCORE + integration type. + type: boolean + allowedDomains: + description: 'Domains or subdomains of websites allowed to use + the key. All subdomains of an allowed domain are automatically + allowed. A valid domain requires a host and must not include + any path, port, query or fragment. Examples: ''example.com'' + or ''subdomain.example.com''' + items: + type: string + type: array + challengeSecurityPreference: + description: 'Settings for the frequency and difficulty at which + this key triggers captcha challenges. This should only be specified + for IntegrationTypes CHECKBOX and INVISIBLE. Possible values: + CHALLENGE_SECURITY_PREFERENCE_UNSPECIFIED, USABILITY, BALANCE, + SECURITY' + type: string + integrationType: + description: 'Immutable. Required. Describes how this key is integrated + with the website. Possible values: SCORE, CHECKBOX, INVISIBLE' + type: string + required: + - integrationType + type: object + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp corresponding to the creation of this Key. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: beta + cnrm.cloud.google.com/system: "true" + name: redisclusters.redis.cnrm.cloud.google.com +spec: + group: redis.cnrm.cloud.google.com + names: + categories: + - gcp + kind: RedisCluster + listKind: RedisClusterList + plural: redisclusters + singular: rediscluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: RedisCluster is the Schema for the RedisCluster API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RedisClusterSpec defines the desired state of RedisCluster + properties: + authorizationMode: + description: Optional. The authorization mode of the Redis cluster. + If not provided, auth feature is disabled for the cluster. + type: string + deletionProtectionEnabled: + description: Optional. The delete operation will fail when the value + is set to true. + type: boolean + location: + description: Immutable. Location of the resource. + type: string + nodeType: + description: Optional. The type of a redis node in the cluster. NodeType + determines the underlying machine-type of a redis node. + type: string + persistenceConfig: + description: Optional. Persistence config (RDB, AOF) for the cluster. + properties: + aofConfig: + description: Optional. AOF configuration. This field will be ignored + if mode is not AOF. + properties: + appendFsync: + description: Optional. fsync configuration. + type: string + type: object + mode: + description: Optional. The mode of persistence. + type: string + rdbConfig: + description: Optional. RDB configuration. This field will be ignored + if mode is not RDB. + properties: + rdbSnapshotPeriod: + description: Optional. Period between RDB snapshots. + type: string + rdbSnapshotStartTime: + description: Optional. The time that the first snapshot was/will + be attempted, and to which future snapshots will be aligned. + If not provided, the current time will be used. + type: string + type: object + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + pscConfigs: + description: Required. Each PscConfig configures the consumer network + where IPs will be designated to the cluster for client access through + Private Service Connect Automation. Currently, only one PscConfig + is supported. + items: + properties: + networkRef: + description: Required. The network where the IP address of the + discovery endpoint will be reserved, in the form of projects/{network_project}/global/networks/{network_id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed Compute + Network resource. Should be in the format `projects//global/networks/`. + type: string + name: + description: The `name` field of a `ComputeNetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeNetwork` + resource. + type: string + type: object + required: + - networkRef + type: object + type: array + redisConfigs: + additionalProperties: + type: string + description: Optional. Key/Value pairs of customer overrides for mutable + Redis Configs + type: object + replicaCount: + description: Optional. The number of replica nodes per shard. + format: int32 + type: integer + resourceID: + description: The RedisCluster name. If not given, the metadata.name + will be used. + type: string + shardCount: + description: Required. Number of shards for the Redis cluster. + format: int32 + type: integer + transitEncryptionMode: + description: Optional. The in-transit encryption for the Redis cluster. + If not provided, encryption is disabled for the cluster. + type: string + zoneDistributionConfig: + description: Optional. This config will be used to determine how the + customer wants us to distribute cluster resources within the region. + properties: + mode: + description: Optional. The mode of zone distribution. Defaults + to MULTI_ZONE, when not specified. + type: string + zone: + description: Optional. When SINGLE ZONE distribution is selected, + zone field would be used to allocate all resources in that zone. + This is not applicable to MULTI_ZONE, and would be ignored for + MULTI_ZONE clusters. + type: string + type: object + required: + - location + - projectRef + type: object + status: + description: RedisClusterStatus defines the config connector machine state + of RedisCluster + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the RedisCluster resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + createTime: + description: Output only. The timestamp associated with the cluster + creation request. + type: string + discoveryEndpoints: + description: Output only. Endpoints created on each given network, + for Redis clients to connect to the cluster. Currently only + one discovery endpoint is supported. + items: + properties: + address: + description: Output only. Address of the exposed Redis endpoint + used by clients to connect to the service. The address + could be either IP or hostname. + type: string + port: + description: Output only. The port number of the exposed + Redis endpoint. + format: int32 + type: integer + pscConfig: + description: Output only. Customer configuration for where + the endpoint is created and accessed from. + properties: + network: + description: Required. The network where the IP address + of the discovery endpoint will be reserved, in the + form of projects/{network_project}/global/networks/{network_id}. + type: string + type: object + type: object + type: array + preciseSizeGb: + description: Output only. Precise value of redis memory size in + GB for the entire cluster. + type: number + pscConnections: + description: Output only. PSC connections for discovery of the + cluster topology and accessing the cluster. + items: + properties: + address: + description: Output only. The IP allocated on the consumer + network for the PSC forwarding rule. + type: string + forwardingRule: + description: 'Output only. The URI of the consumer side + forwarding rule. Example: projects/{projectNumOrId}/regions/us-east1/forwardingRules/{resourceId}.' + type: string + network: + description: The consumer network where the IP address resides, + in the form of projects/{project_id}/global/networks/{network_id}. + type: string + projectID: + description: Output only. The consumer project_id where + the forwarding rule is created from. + type: string + pscConnectionID: + description: Output only. The PSC connection id of the forwarding + rule connected to the service attachment. + type: string + type: object + type: array + sizeGb: + description: Output only. Redis memory size in GB for the entire + cluster rounded up to the next integer. + format: int32 + type: integer + state: + description: Output only. The current state of this cluster. Can + be CREATING, READY, UPDATING, DELETING and SUSPENDED + type: string + stateInfo: + description: Output only. Additional information about the current + state of the cluster. + properties: + updateInfo: + description: Describes ongoing update on the cluster when + cluster state is UPDATING. + properties: + targetReplicaCount: + description: Target number of replica nodes per shard. + format: int32 + type: integer + targetShardCount: + description: Target number of shards for redis cluster + format: int32 + type: integer + type: object + type: object + uid: + description: Output only. System assigned, unique identifier for + the cluster. + type: string + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: RedisCluster is the Schema for the RedisCluster API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RedisClusterSpec defines the desired state of RedisCluster + properties: + authorizationMode: + description: Optional. The authorization mode of the Redis cluster. + If not provided, auth feature is disabled for the cluster. + type: string + deletionProtectionEnabled: + description: Optional. The delete operation will fail when the value + is set to true. + type: boolean + location: + description: Immutable. Location of the resource. + type: string + nodeType: + description: Optional. The type of a redis node in the cluster. NodeType + determines the underlying machine-type of a redis node. + type: string + persistenceConfig: + description: Optional. Persistence config (RDB, AOF) for the cluster. + properties: + aofConfig: + description: Optional. AOF configuration. This field will be ignored + if mode is not AOF. + properties: + appendFsync: + description: Optional. fsync configuration. + type: string + type: object + mode: + description: Optional. The mode of persistence. + type: string + rdbConfig: + description: Optional. RDB configuration. This field will be ignored + if mode is not RDB. + properties: + rdbSnapshotPeriod: + description: Optional. Period between RDB snapshots. + type: string + rdbSnapshotStartTime: + description: Optional. The time that the first snapshot was/will + be attempted, and to which future snapshots will be aligned. + If not provided, the current time will be used. + type: string + type: object + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + pscConfigs: + description: Required. Each PscConfig configures the consumer network + where IPs will be designated to the cluster for client access through + Private Service Connect Automation. Currently, only one PscConfig + is supported. + items: + properties: + networkRef: + description: Required. The network where the IP address of the + discovery endpoint will be reserved, in the form of projects/{network_project}/global/networks/{network_id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed Compute + Network resource. Should be in the format `projects//global/networks/`. + type: string + name: + description: The `name` field of a `ComputeNetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeNetwork` + resource. + type: string + type: object + required: + - networkRef + type: object + type: array + redisConfigs: + additionalProperties: + type: string + description: Optional. Key/Value pairs of customer overrides for mutable + Redis Configs + type: object + replicaCount: + description: Optional. The number of replica nodes per shard. + format: int32 + type: integer + resourceID: + description: The RedisCluster name. If not given, the metadata.name + will be used. + type: string + shardCount: + description: Required. Number of shards for the Redis cluster. + format: int32 + type: integer + transitEncryptionMode: + description: Optional. The in-transit encryption for the Redis cluster. + If not provided, encryption is disabled for the cluster. + type: string + zoneDistributionConfig: + description: Optional. This config will be used to determine how the + customer wants us to distribute cluster resources within the region. + properties: + mode: + description: Optional. The mode of zone distribution. Defaults + to MULTI_ZONE, when not specified. + type: string + zone: + description: Optional. When SINGLE ZONE distribution is selected, + zone field would be used to allocate all resources in that zone. + This is not applicable to MULTI_ZONE, and would be ignored for + MULTI_ZONE clusters. + type: string + type: object + required: + - location + - projectRef + type: object + status: + description: RedisClusterStatus defines the config connector machine state + of RedisCluster + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the RedisCluster resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + createTime: + description: Output only. The timestamp associated with the cluster + creation request. + type: string + discoveryEndpoints: + description: Output only. Endpoints created on each given network, + for Redis clients to connect to the cluster. Currently only + one discovery endpoint is supported. + items: + properties: + address: + description: Output only. Address of the exposed Redis endpoint + used by clients to connect to the service. The address + could be either IP or hostname. + type: string + port: + description: Output only. The port number of the exposed + Redis endpoint. + format: int32 + type: integer + pscConfig: + description: Output only. Customer configuration for where + the endpoint is created and accessed from. + properties: + network: + description: Required. The network where the IP address + of the discovery endpoint will be reserved, in the + form of projects/{network_project}/global/networks/{network_id}. + type: string + type: object + type: object + type: array + preciseSizeGb: + description: Output only. Precise value of redis memory size in + GB for the entire cluster. + type: number + pscConnections: + description: Output only. PSC connections for discovery of the + cluster topology and accessing the cluster. + items: + properties: + address: + description: Output only. The IP allocated on the consumer + network for the PSC forwarding rule. + type: string + forwardingRule: + description: 'Output only. The URI of the consumer side + forwarding rule. Example: projects/{projectNumOrId}/regions/us-east1/forwardingRules/{resourceId}.' + type: string + network: + description: The consumer network where the IP address resides, + in the form of projects/{project_id}/global/networks/{network_id}. + type: string + projectID: + description: Output only. The consumer project_id where + the forwarding rule is created from. + type: string + pscConnectionID: + description: Output only. The PSC connection id of the forwarding + rule connected to the service attachment. + type: string + type: object + type: array + sizeGb: + description: Output only. Redis memory size in GB for the entire + cluster rounded up to the next integer. + format: int32 + type: integer + state: + description: Output only. The current state of this cluster. Can + be CREATING, READY, UPDATING, DELETING and SUSPENDED + type: string + stateInfo: + description: Output only. Additional information about the current + state of the cluster. + properties: + updateInfo: + description: Describes ongoing update on the cluster when + cluster state is UPDATING. + properties: + targetReplicaCount: + description: Target number of replica nodes per shard. + format: int32 + type: integer + targetShardCount: + description: Target number of shards for redis cluster + format: int32 + type: integer + type: object + type: object + uid: + description: Output only. System assigned, unique identifier for + the cluster. + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: redisinstances.redis.cnrm.cloud.google.com +spec: + group: redis.cnrm.cloud.google.com + names: + categories: + - gcp + kind: RedisInstance + plural: redisinstances + shortNames: + - gcpredisinstance + - gcpredisinstances + singular: redisinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + alternativeLocationId: + description: |- + Immutable. Only applicable to STANDARD_HA tier which protects the instance + against zonal failures by provisioning it across two zones. + If provided, it must be a different zone from the one provided in + [locationId]. + type: string + authEnabled: + description: |- + Optional. Indicates whether OSS Redis AUTH is enabled for the + instance. If set to "true" AUTH is enabled on the instance. + Default value is "false" meaning AUTH is disabled. + type: boolean + authString: + description: Output only. AUTH String set on the instance. This field + will only be populated if auth_enabled is true. + type: string + authorizedNetworkRef: + description: |- + The network to which the instance is connected. If left + unspecified, the default network will be used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + connectMode: + description: 'Immutable. The connection mode of the Redis instance. + Default value: "DIRECT_PEERING" Possible values: ["DIRECT_PEERING", + "PRIVATE_SERVICE_ACCESS"].' + type: string + customerManagedKeyRef: + description: |- + Immutable. Optional. The KMS key reference that you want to use to + encrypt the data at rest for this Redis instance. If this is + provided, CMEK is enabled. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + displayName: + description: An arbitrary and optional user-provided name for the + instance. + type: string + locationId: + description: |- + Immutable. The zone where the instance will be provisioned. If not provided, + the service will choose a zone for the instance. For STANDARD_HA tier, + instances will be created across two zones for protection against + zonal failures. If [alternativeLocationId] is also provided, it must + be different from [locationId]. + type: string + maintenancePolicy: + description: Maintenance policy for an instance. + properties: + createTime: + description: |- + Output only. The time when the policy was created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + description: + description: |- + Optional. Description of what this policy is for. + Create/Update methods return INVALID_ARGUMENT if the + length is greater than 512. + type: string + updateTime: + description: |- + Output only. The time when the policy was last updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + weeklyMaintenanceWindow: + description: |- + Optional. Maintenance window that is applied to resources covered by this policy. + Minimum 1. For the current version, the maximum number + of weekly_window is expected to be one. + items: + properties: + day: + description: |- + Required. The day of week that maintenance updates occur. + + - DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified. + - MONDAY: Monday + - TUESDAY: Tuesday + - WEDNESDAY: Wednesday + - THURSDAY: Thursday + - FRIDAY: Friday + - SATURDAY: Saturday + - SUNDAY: Sunday Possible values: ["DAY_OF_WEEK_UNSPECIFIED", "MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"]. + type: string + duration: + description: |- + Output only. Duration of the maintenance window. + The current window is fixed at 1 hour. + A duration in seconds with up to nine fractional digits, + terminated by 's'. Example: "3.5s". + type: string + startTime: + description: Required. Start time of the window in UTC time. + properties: + hours: + description: |- + Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 + to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must + be from 0 to 999,999,999. + type: integer + seconds: + description: |- + Seconds of minutes of the time. Must normally be from 0 to 59. + An API may allow the value 60 if it allows leap-seconds. + type: integer + type: object + required: + - day + - startTime + type: object + type: array + type: object + maintenanceSchedule: + description: Upcoming maintenance schedule. + items: + properties: + endTime: + description: |- + Output only. The end time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + scheduleDeadlineTime: + description: |- + Output only. The deadline that the maintenance schedule start time + can not go beyond, including reschedule. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + startTime: + description: |- + Output only. The start time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + type: object + type: array + memorySizeGb: + description: Redis memory size in GiB. + type: integer + persistenceConfig: + description: Persistence configuration for an instance. + properties: + persistenceMode: + description: "Optional. Controls whether Persistence features + are enabled. If not provided, the existing value will be used.\n\n- + DISABLED: \tPersistence is disabled for the instance, and any + existing snapshots are deleted.\n- RDB: RDB based Persistence + is enabled. Possible values: [\"DISABLED\", \"RDB\"]." + type: string + rdbNextSnapshotTime: + description: |- + Output only. The next time that a snapshot attempt is scheduled to occur. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + rdbSnapshotPeriod: + description: "Optional. Available snapshot periods for scheduling.\n\n- + ONE_HOUR:\tSnapshot every 1 hour.\n- SIX_HOURS:\tSnapshot every + 6 hours.\n- TWELVE_HOURS:\tSnapshot every 12 hours.\n- TWENTY_FOUR_HOURS:\tSnapshot + every 24 hours. Possible values: [\"ONE_HOUR\", \"SIX_HOURS\", + \"TWELVE_HOURS\", \"TWENTY_FOUR_HOURS\"]." + type: string + rdbSnapshotStartTime: + description: |- + Optional. Date and time that the first snapshot was/will be attempted, + and to which future snapshots will be aligned. If not provided, + the current time will be used. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + readReplicasMode: + description: |- + Optional. Read replica mode. Can only be specified when trying to create the instance. + If not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED. + - READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the + instance cannot scale up or down the number of replicas. + - READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance + can scale up and down the number of replicas. Possible values: ["READ_REPLICAS_DISABLED", "READ_REPLICAS_ENABLED"]. + type: string + redisConfigs: + additionalProperties: + type: string + description: |- + Redis configuration parameters, according to http://redis.io/topics/config. + Please check Memorystore documentation for the list of supported parameters: + https://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs. + type: object + redisVersion: + description: |- + The version of Redis software. If not provided, latest supported + version will be used. Please check the API documentation linked + at the top for the latest valid values. + type: string + region: + description: Immutable. The name of the Redis region of the instance. + type: string + replicaCount: + description: |- + Optional. The number of replica nodes. The valid range for the Standard Tier with + read replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled + for a Standard Tier instance, the only valid value is 1 and the default is 1. + The valid value for basic tier is 0 and the default is also 0. + type: integer + reservedIpRange: + description: |- + Immutable. The CIDR range of internal addresses that are reserved for this + instance. If not provided, the service will choose an unused /29 + block, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be + unique and non-overlapping with existing subnets in an authorized + network. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + secondaryIpRange: + description: |- + Optional. Additional IP range for node placement. Required when enabling read replicas on + an existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or + "auto". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address + range associated with the private service access connection, or "auto". + type: string + tier: + description: |- + Immutable. The service tier of the instance. Must be one of these values: + + - BASIC: standalone instance + - STANDARD_HA: highly available primary/replica instances Default value: "BASIC" Possible values: ["BASIC", "STANDARD_HA"]. + type: string + transitEncryptionMode: + description: |- + Immutable. The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance. + + - SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication Default value: "DISABLED" Possible values: ["SERVER_AUTHENTICATION", "DISABLED"]. + type: string + required: + - memorySizeGb + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + The time the instance was created in RFC3339 UTC "Zulu" format, + accurate to nanoseconds. + type: string + currentLocationId: + description: |- + The current zone where the Redis endpoint is placed. + For Basic Tier instances, this will always be the same as the + [locationId] provided by the user at creation time. For Standard Tier + instances, this can be either [locationId] or [alternativeLocationId] + and can change after a failover event. + type: string + host: + description: |- + Hostname or IP address of the exposed Redis endpoint used by clients + to connect to the service. + type: string + maintenanceSchedule: + description: Upcoming maintenance schedule. + items: + properties: + endTime: + description: |- + Output only. The end time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + scheduleDeadlineTime: + description: |- + Output only. The deadline that the maintenance schedule start time + can not go beyond, including reschedule. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + startTime: + description: |- + Output only. The start time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + type: object + type: array + nodes: + description: Output only. Info per node. + items: + properties: + id: + description: Node identifying string. e.g. 'node-0', 'node-1'. + type: string + zone: + description: Location of the node. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + authString: + description: Output only. AUTH String set on the instance. This + field will only be populated if auth_enabled is true. + type: string + type: object + persistenceIamIdentity: + description: |- + Output only. Cloud IAM identity used by import / export operations + to transfer data to/from Cloud Storage. Format is "serviceAccount:". + The value may change over time for a given instance so should be + checked before each import/export operation. + type: string + port: + description: The port number of the exposed Redis endpoint. + type: integer + readEndpoint: + description: |- + Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only. + Targets all healthy replica nodes in instance. Replication is asynchronous and replica nodes + will exhibit some lag behind the primary. Write requests must target 'host'. + type: string + readEndpointPort: + description: |- + Output only. The port number of the exposed readonly redis endpoint. Standard tier only. + Write requests should target 'port'. + type: integer + serverCaCerts: + description: List of server CA certificates for the instance. + items: + properties: + cert: + description: The certificate data in PEM format. + type: string + createTime: + description: The time when the certificate was created. + type: string + expireTime: + description: The time when the certificate expires. + type: string + serialNumber: + description: Serial number, as extracted from the certificate. + type: string + sha1Fingerprint: + description: Sha1 Fingerprint of the certificate. + type: string + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: resourcemanagerliens.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ResourceManagerLien + plural: resourcemanagerliens + shortNames: + - gcpresourcemanagerlien + - gcpresourcemanagerliens + singular: resourcemanagerlien + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + origin: + description: |- + Immutable. A stable, user-visible/meaningful string identifying the origin + of the Lien, intended to be inspected programmatically. Maximum length of + 200 characters. + type: string + parent: + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{value}}`, + where {{value}} is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + reason: + description: |- + Immutable. Concise user-visible strings indicating why an action cannot be performed + on a resource. Maximum length of 200 characters. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + restrictions: + description: |- + Immutable. The types of operations which should be blocked as a result of this Lien. + Each value should correspond to an IAM permission. The server will validate + the permissions against those for which Liens are supported. An empty + list is meaningless and will be rejected. + e.g. ['resourcemanager.projects.delete']. + items: + type: string + type: array + required: + - origin + - parent + - reason + - restrictions + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time of creation. + type: string + name: + description: A system-generated unique identifier for this Lien. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: resourcemanagerpolicies.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ResourceManagerPolicy + plural: resourcemanagerpolicies + shortNames: + - gcpresourcemanagerpolicy + - gcpresourcemanagerpolicies + singular: resourcemanagerpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + booleanPolicy: + description: A boolean policy is a constraint that is either enforced + or not. + properties: + enforced: + description: If true, then the Policy is enforced. If false, then + any configuration is acceptable. + type: boolean + required: + - enforced + type: object + constraint: + description: Immutable. The name of the Constraint the Policy is configuring, + for example, serviceuser.services. + type: string + folderRef: + description: |- + The folder on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Folder` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + listPolicy: + description: A policy that can define specific values that are allowed + or denied for the given constraint. It can also be used to allow + or deny all values. . + properties: + allow: + description: One or the other must be set. + properties: + all: + description: The policy allows or denies all values. + type: boolean + values: + description: The policy can define specific values that are + allowed or denied. + items: + type: string + type: array + type: object + deny: + description: One or the other must be set. + properties: + all: + description: The policy allows or denies all values. + type: boolean + values: + description: The policy can define specific values that are + allowed or denied. + items: + type: string + type: array + type: object + inheritFromParent: + description: If set to true, the values from the effective Policy + of the parent resource are inherited, meaning the values set + in this Policy are added to the values inherited up the hierarchy. + type: boolean + suggestedValue: + description: The Google Cloud Console will try to default to a + configuration that matches the value specified in this field. + type: string + type: object + organizationRef: + description: |- + The organization on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: |- + The project on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + restorePolicy: + description: A restore policy is a constraint to restore the default + policy. + properties: + default: + description: May only be set to true. If set, then the default + Policy is restored. + type: boolean + required: + - default + type: object + version: + description: Version of the Policy. Default version is 0. + type: integer + required: + - constraint + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: The etag of the organization policy. etag is used for + optimistic concurrency control as a way to help prevent simultaneous + updates of a policy from overwriting each other. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: 'The timestamp in RFC3339 UTC "Zulu" format, accurate + to nanoseconds, representing when the variable was last updated. + Example: "2016-10-09T12:33:37.578138407Z".' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: runjobs.run.cnrm.cloud.google.com +spec: + group: run.cnrm.cloud.google.com + names: + categories: + - gcp + kind: RunJob + plural: runjobs + shortNames: + - gcprunjob + - gcprunjobs + singular: runjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + annotations: + additionalProperties: + type: string + description: |- + Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. + + Cloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected on new resources. + All system annotations in v1 now have a corresponding field in v2 Job. + + This field follows Kubernetes annotations' namespacing, limits, and rules. + type: object + binaryAuthorization: + description: Settings for the Binary Authorization feature. + properties: + breakglassJustification: + description: If present, indicates to use Breakglass using this + justification. If useDefault is False, then it must be empty. + For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass. + type: string + useDefault: + description: If True, indicates to use the default project's binary + authorization policy. If False, binary authorization will be + disabled. + type: boolean + type: object + client: + description: Arbitrary identifier for the API client. + type: string + clientVersion: + description: Arbitrary version identifier for the API client. + type: string + launchStage: + description: |- + The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA. + If no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features. + + For example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. Possible values: ["UNIMPLEMENTED", "PRELAUNCH", "EARLY_ACCESS", "ALPHA", "BETA", "GA", "DEPRECATED"]. + type: string + location: + description: Immutable. The location of the cloud run job. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + template: + description: The template used to create executions for this Job. + properties: + annotations: + additionalProperties: + type: string + description: |- + Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. + + Cloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected. + All system annotations in v1 now have a corresponding field in v2 ExecutionTemplate. + + This field follows Kubernetes annotations' namespacing, limits, and rules. + type: object + parallelism: + description: Specifies the maximum desired number of tasks the + execution should run at given time. Must be <= taskCount. When + the job is run, if this field is 0 or unset, the maximum possible + value will be used for that execution. The actual number of + tasks running in steady state will be less than this number + when there are fewer tasks waiting to be completed remaining, + i.e. when the work left to do is less than max parallelism. + type: integer + taskCount: + description: 'Specifies the desired number of tasks the execution + should run. Setting to 1 means that parallelism is limited to + 1 and the success of that task signals the success of the execution. + More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/.' + type: integer + template: + description: Describes the task(s) that will be created when executing + an execution. + properties: + containers: + description: Holds the single container that defines the unit + of execution for this task. + items: + properties: + args: + description: 'Arguments to the entrypoint. The docker + image''s CMD is used if this is not provided. Variable + references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the + reference in the input string will be unchanged. The + $(VAR_NAME) syntax can be escaped with a double $$, + ie: $$(VAR_NAME). Escaped references will never be + expanded, regardless of whether the variable exists + or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell.' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within + a shell. The docker image''s ENTRYPOINT is used if + this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If + a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell.' + items: + type: string + type: array + env: + description: List of environment variables to set in + the container. + items: + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER, and mnay not exceed + 32768 characters. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previous defined environment + variables in the container and any route environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether + the variable exists or not. Defaults to "", + and the maximum length is 32768 bytes.' + type: string + valueSource: + description: Source for the environment variable's + value. + properties: + secretKeyRef: + description: Selects a secret and a specific + version from Cloud Secret Manager. + properties: + secretRef: + description: 'The name of the secret in + Cloud Secret Manager. Format: {secretName} + if the secret is in the same project. + projects/{project}/secrets/{secretName} + if the secret is in a different project.' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` + field of a `SecretManagerSecret` + resource.' + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + versionRef: + description: The Cloud Secret Manager + secret version. Can be 'latest' for + the latest value or an integer for a + specific version. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `version` + field of a `SecretManagerSecretVersion` + resource.' + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - secretRef + - versionRef + type: object + type: object + required: + - name + type: object + type: array + image: + description: 'URL of the Container image in Google Container + Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images.' + type: string + livenessProbe: + description: |- + DEPRECATED. `liveness_probe` is deprecated. This field is not supported by the Cloud Run API. Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + This field is not supported in Cloud Run Job currently. + properties: + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. Exactly one of HTTPGet or TCPSocket + must be specified. + properties: + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + properties: + name: + description: The header field name. + type: string + value: + description: The header field value. + type: string + required: + - name + type: object + type: array + path: + description: Path to access on the HTTP server. + Defaults to '/'. + type: string + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before the probe is initiated. Defaults + to 0 seconds. Minimum value is 0. Maximum value + for liveness probe is 3600. Maximum value for + startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.' + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. Maximum value for liveness probe is 3600. Maximum + value for startup probe is 240. Must be greater + or equal than timeoutSeconds. + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. Exactly one of HTTPGet or TCPSocket + must be specified. + properties: + port: + description: Port number to access on the container. + Must be in the range 1 to 65535. If not specified, + defaults to 8080. + type: integer + type: object + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. Maximum value is 3600. Must be smaller + than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.' + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + type: string + ports: + description: |- + List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. + + If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on. + items: + properties: + containerPort: + description: Port number the container listens + on. This must be a valid TCP port number, 0 + < containerPort < 65536. + type: integer + name: + description: If specified, used to specify which + protocol to use. Allowed values are "http1" + and "h2c". + type: string + type: object + type: array + resources: + description: 'Compute Resource requirements by this + container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources.' + properties: + limits: + additionalProperties: + type: string + description: 'Only memory and CPU are supported. + Note: The only supported values for CPU are ''1'', + ''2'', ''4'', and ''8''. Setting 4 CPU requires + at least 2Gi of memory. The values of the map + is string form of the ''quantity'' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go.' + type: object + type: object + startupProbe: + description: |- + DEPRECATED. `startup_probe` is deprecated. This field is not supported by the Cloud Run API. Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + This field is not supported in Cloud Run Job currently. + properties: + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. Exactly one of HTTPGet or TCPSocket + must be specified. + properties: + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + properties: + name: + description: The header field name. + type: string + value: + description: The header field value. + type: string + required: + - name + type: object + type: array + path: + description: Path to access on the HTTP server. + Defaults to '/'. + type: string + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before the probe is initiated. Defaults + to 0 seconds. Minimum value is 0. Maximum value + for liveness probe is 3600. Maximum value for + startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.' + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. Maximum value for liveness probe is 3600. Maximum + value for startup probe is 240. Must be greater + or equal than timeoutSeconds. + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. Exactly one of HTTPGet or TCPSocket + must be specified. + properties: + port: + description: Port number to access on the container. + Must be in the range 1 to 65535. If not specified, + defaults to 8080. + type: integer + type: object + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. Maximum value is 3600. Must be smaller + than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.' + type: integer + type: object + volumeMounts: + description: Volume to mount into the container's filesystem. + items: + properties: + mountPath: + description: Path within the container at which + the volume should be mounted. Must not contain + ':'. For Cloud SQL volumes, it can be left empty, + or must otherwise be /cloudsql. All instances + defined in the Volume will be available as /cloudsql/[instance]. + For more information on Cloud SQL volumes, visit + https://cloud.google.com/sql/docs/mysql/connect-run. + type: string + name: + description: This must match the Name of a Volume. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which + might be configured in the container image. + type: string + required: + - image + type: object + type: array + encryptionKeyRef: + description: A reference to a customer managed encryption + key (CMEK) to use to encrypt this container image. For more + information, go to https://cloud.google.com/run/docs/securing/using-cmek + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + executionEnvironment: + description: 'The execution environment being used to host + this Task. Possible values: ["EXECUTION_ENVIRONMENT_GEN1", + "EXECUTION_ENVIRONMENT_GEN2"].' + type: string + maxRetries: + description: Number of retries allowed per Task, before marking + this Task failed. + type: integer + serviceAccountRef: + description: Email address of the IAM service account associated + with the revision of the service. The service account represents + the identity of the running revision, and determines what + permissions the revision has. If not provided, the revision + will use the project's default service account. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + timeout: + description: |- + Max allowed time duration the Task may be active before the system will actively try to mark it failed and kill associated containers. This applies per attempt of a task, meaning each retry can run for the full timeout. + + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + type: string + volumes: + description: A list of Volumes to make available to containers. + items: + properties: + cloudSqlInstance: + description: For Cloud SQL volumes, contains the specific + instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run + for more information on how to connect Cloud SQL and + Cloud Run. + properties: + instanceRefs: + items: + description: 'The Cloud SQL instance connection + names, as can be found in https://console.cloud.google.com/sql/instances. + Visit https://cloud.google.com/sql/docs/mysql/connect-run + for more information on how to connect Cloud + SQL and Cloud Run. Format: {project}:{location}:{instance}' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `connectionName` + field of a `SQLInstance` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + emptyDir: + description: Ephemeral storage used as a shared volume. + properties: + medium: + description: 'The different types of medium supported + for EmptyDir. Default value: "MEMORY" Possible + values: ["MEMORY"].' + type: string + sizeLimit: + description: 'Limit on the storage usable by this + EmptyDir volume. The size limit is also applicable + for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory + limits of all containers in a pod. This field''s + values are of the ''Quantity'' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. + The default is nil which means that the limit + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir.' + type: string + type: object + name: + description: Volume's name. + type: string + secret: + description: 'Secret represents a secret that should + populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret.' + properties: + defaultMode: + description: Integer representation of mode bits + to use on created files by default. Must be a + value between 0000 and 0777 (octal), defaulting + to 0444. Directories within the path are not affected + by this setting. + type: integer + items: + description: If unspecified, the volume will expose + a file whose name is the secret, relative to VolumeMount.mount_path. + If specified, the key will be used as the version + to fetch from Cloud Secret Manager and the path + will be the name of the file exposed in the volume. + When items are defined, they must specify a path + and a version. + items: + properties: + mode: + description: Integer octal mode bits to use + on this file, must be a value between 01 + and 0777 (octal). If 0 or not set, the Volume's + default mode will be used. + type: integer + path: + description: The relative path of the secret + in the container. + type: string + versionRef: + description: The Cloud Secret Manager secret + version. Can be 'latest' for the latest + value or an integer for a specific version + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `version` + field of a `SecretManagerSecretVersion` + resource.' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - path + - versionRef + type: object + type: array + secretRef: + description: 'The name of the secret in Cloud Secret + Manager. Format: {secret} if the secret is in + the same project. projects/{project}/secrets/{secret} + if the secret is in a different project.' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field + of a `SecretManagerSecret` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - secretRef + type: object + required: + - name + type: object + type: array + vpcAccess: + description: VPC Access configuration to use for this Task. + For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. + properties: + connectorRef: + description: 'VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, + where {project} can be project id or number.' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `VPCAccessConnector` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + egress: + description: 'Traffic VPC egress settings. Possible values: + ["ALL_TRAFFIC", "PRIVATE_RANGES_ONLY"].' + type: string + networkInterfaces: + description: Direct VPC egress settings. Currently only + single network interface is supported. + items: + properties: + networkRef: + description: |- + The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both + network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be + looked up from the subnetwork. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subnetworkRef: + description: |- + The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both + network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the + subnetwork with the same name with the network will be used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeSubnetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tags: + description: Network tags applied to this Cloud + Run job. + items: + type: string + type: array + type: object + type: array + type: object + type: object + required: + - template + type: object + required: + - location + - projectRef + - template + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The creation time. + type: string + creator: + description: Email address of the authenticated creator. + type: string + deleteTime: + description: The deletion time. + type: string + etag: + description: A system-generated fingerprint for this version of the + resource. May be used to detect modification conflict during updates. + type: string + executionCount: + description: Number of executions created for this job. + type: integer + expireTime: + description: For a deleted resource, the time after which it will + be permamently deleted. + type: string + lastModifier: + description: Email address of the last authenticated modifier. + type: string + latestCreatedExecution: + description: Name of the last created execution. + items: + properties: + completionTime: + description: |- + Completion timestamp of the execution. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + createTime: + description: |- + Creation timestamp of the execution. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + name: + description: Name of the execution. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + reconciling: + description: |- + Returns true if the Job is currently being acted upon by the system to bring it into the desired state. + + When a new Job is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Job to the desired state. This process is called reconciliation. While reconciliation is in process, observedGeneration and latest_succeeded_execution, will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the state matches the Job, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state. + + If reconciliation succeeded, the following fields will match: observedGeneration and generation, latest_succeeded_execution and latestCreatedExecution. + + If reconciliation failed, observedGeneration and latest_succeeded_execution will have the state of the last succeeded execution or empty for newly created Job. Additional information on the failure can be found in terminalCondition and conditions. + type: boolean + terminalCondition: + description: The Condition of this Job, containing its readiness status, + and detailed error information in case it did not reach the desired + state. + items: + properties: + executionReason: + description: A reason for the execution condition. + type: string + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + message: + description: Human readable message indicating details about + the current status. + type: string + reason: + description: A common (service-level) reason for this condition. + type: string + revisionReason: + description: A reason for the revision condition. + type: string + severity: + description: How to interpret failures of this condition, one + of Error, Warning, Info. + type: string + state: + description: State of the condition. + type: string + type: + description: 'type is used to communicate the status of the + reconciliation process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting + Types common to all resources include: * "Ready": True when + the Resource is ready.' + type: string + type: object + type: array + uid: + description: Server assigned unique identifier for the Execution. + The value is a UUID4 string and guaranteed to remain unchanged until + the resource is deleted. + type: string + updateTime: + description: The last-modified time. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: runservices.run.cnrm.cloud.google.com +spec: + group: run.cnrm.cloud.google.com + names: + categories: + - gcp + kind: RunService + plural: runservices + shortNames: + - gcprunservice + - gcprunservices + singular: runservice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + annotations: + additionalProperties: + type: string + description: |- + Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. + + Cloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected in new resources. + All system annotations in v1 now have a corresponding field in v2 Service. + + This field follows Kubernetes annotations' namespacing, limits, and rules. + type: object + binaryAuthorization: + description: Settings for the Binary Authorization feature. + properties: + breakglassJustification: + description: If present, indicates to use Breakglass using this + justification. If useDefault is False, then it must be empty. + For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass. + type: string + useDefault: + description: If True, indicates to use the default project's binary + authorization policy. If False, binary authorization will be + disabled. + type: boolean + type: object + client: + description: Arbitrary identifier for the API client. + type: string + clientVersion: + description: Arbitrary version identifier for the API client. + type: string + customAudiences: + description: |- + One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. The custom audiences are encoded in the token and used to authenticate requests. + For more information, see https://cloud.google.com/run/docs/configuring/custom-audiences. + items: + type: string + type: array + description: + description: User-provided description of the Service. This field + currently has a 512-character limit. + type: string + ingress: + description: 'Provides the ingress settings for this Service. On output, + returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED + if no revision is active. Possible values: ["INGRESS_TRAFFIC_ALL", + "INGRESS_TRAFFIC_INTERNAL_ONLY", "INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER"].' + type: string + launchStage: + description: |- + The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA. + If no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features. + + For example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. Possible values: ["UNIMPLEMENTED", "PRELAUNCH", "EARLY_ACCESS", "ALPHA", "BETA", "GA", "DEPRECATED"]. + type: string + location: + description: Immutable. The location of the cloud run service. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + template: + description: The template used to create revisions for this Service. + properties: + annotations: + additionalProperties: + type: string + description: |- + Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. + + Cloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected. + All system annotations in v1 now have a corresponding field in v2 RevisionTemplate. + + This field follows Kubernetes annotations' namespacing, limits, and rules. + type: object + containers: + description: Holds the containers that define the unit of execution + for this Service. + items: + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s environment. + If a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped + references will never be expanded, regardless of whether + the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell.' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The docker image''s ENTRYPOINT is used if this is not + provided. Variable references $(VAR_NAME) are expanded + using the container''s environment. If a variable cannot + be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell.' + items: + type: string + type: array + dependsOn: + description: Containers which should be started before this + container. If specified the container will wait to start + until all containers with the listed names are healthy. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER, and mnay not exceed 32768 characters. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previous defined environment + variables in the container and any route environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "", and the maximum length + is 32768 bytes.' + type: string + valueSource: + description: Source for the environment variable's + value. + properties: + secretKeyRef: + description: Selects a secret and a specific version + from Cloud Secret Manager. + properties: + secretRef: + description: 'The name of the secret in Cloud + Secret Manager. Format: {secretName} if + the secret is in the same project. projects/{project}/secrets/{secretName} + if the secret is in a different project.' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` + field of a `SecretManagerSecret` resource.' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + versionRef: + description: The Cloud Secret Manager secret + version. Can be 'latest' for the latest + value or an integer for a specific version. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `version` + field of a `SecretManagerSecretVersion` + resource.' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - secretRef + type: object + type: object + required: + - name + type: object + type: array + image: + description: 'URL of the Container image in Google Container + Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images.' + type: string + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.' + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: |- + Port number to access on the container. Number must be in the range 1 to 65535. + If not specified, defaults to the same value as container.ports[0].containerPort. + type: integer + service: + description: |- + The name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + If this is not specified, the default behavior is defined by gRPC. + type: string + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + properties: + name: + description: The header field name. + type: string + value: + description: The header field value. + type: string + required: + - name + type: object + type: array + path: + description: Path to access on the HTTP server. + Defaults to '/'. + type: string + port: + description: |- + Port number to access on the container. Number must be in the range 1 to 65535. + If not specified, defaults to the same value as container.ports[0].containerPort. + type: integer + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before the probe is initiated. Defaults + to 0 seconds. Minimum value is 0. Maximum value for + liveness probe is 3600. Maximum value for startup + probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.' + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. Maximum + value for liveness probe is 3600. Maximum value for + startup probe is 240. Must be greater or equal than + timeoutSeconds. + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. Maximum value is 3600. Must be smaller than periodSeconds. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.' + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + type: string + ports: + description: |- + List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. + + If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on. + items: + properties: + containerPort: + description: Port number the container listens on. + This must be a valid TCP port number, 0 < containerPort + < 65536. + type: integer + name: + description: If specified, used to specify which protocol + to use. Allowed values are "http1" and "h2c". + type: string + type: object + type: array + resources: + description: 'Compute Resource requirements by this container. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources.' + properties: + cpuIdle: + description: Determines whether CPU should be throttled + or not outside of requests. + type: boolean + limits: + additionalProperties: + type: string + description: 'Only memory and CPU are supported. Note: + The only supported values for CPU are ''1'', ''2'', + ''4'', and ''8''. Setting 4 CPU requires at least + 2Gi of memory. The values of the map is string form + of the ''quantity'' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go.' + type: object + startupCpuBoost: + description: Determines whether CPU should be boosted + on startup of a new container instance above the requested + CPU threshold, this can help reduce cold-start latency. + type: boolean + type: object + startupProbe: + description: 'Startup probe of application within the container. + All other probes are disabled if a startup probe is provided, + until it succeeds. Container will not be added to service + endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.' + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: |- + Port number to access on the container. Number must be in the range 1 to 65535. + If not specified, defaults to the same value as container.ports[0].containerPort. + type: integer + service: + description: |- + The name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + If this is not specified, the default behavior is defined by gRPC. + type: string + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + Exactly one of HTTPGet or TCPSocket must be specified. + properties: + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + properties: + name: + description: The header field name. + type: string + value: + description: The header field value. + type: string + required: + - name + type: object + type: array + path: + description: Path to access on the HTTP server. + Defaults to '/'. + type: string + port: + description: |- + Port number to access on the container. Must be in the range 1 to 65535. + If not specified, defaults to the same value as container.ports[0].containerPort. + type: integer + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before the probe is initiated. Defaults + to 0 seconds. Minimum value is 0. Maximum value for + liveness probe is 3600. Maximum value for startup + probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.' + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. Maximum + value for liveness probe is 3600. Maximum value for + startup probe is 240. Must be greater or equal than + timeoutSeconds. + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. Exactly one of HTTPGet or TCPSocket must + be specified. + properties: + port: + description: |- + Port number to access on the container. Must be in the range 1 to 65535. + If not specified, defaults to the same value as container.ports[0].containerPort. + type: integer + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. Maximum value is 3600. Must be smaller than periodSeconds. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.' + type: integer + type: object + volumeMounts: + description: Volume to mount into the container's filesystem. + items: + properties: + mountPath: + description: Path within the container at which the + volume should be mounted. Must not contain ':'. + For Cloud SQL volumes, it can be left empty, or + must otherwise be /cloudsql. All instances defined + in the Volume will be available as /cloudsql/[instance]. + For more information on Cloud SQL volumes, visit + https://cloud.google.com/sql/docs/mysql/connect-run. + type: string + name: + description: This must match the Name of a Volume. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. + type: string + required: + - image + type: object + type: array + encryptionKeyRef: + description: A reference to a customer managed encryption key + (CMEK) to use to encrypt this container image. For more information, + go to https://cloud.google.com/run/docs/securing/using-cmek + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + executionEnvironment: + description: 'The sandbox environment to host this Revision. Possible + values: ["EXECUTION_ENVIRONMENT_GEN1", "EXECUTION_ENVIRONMENT_GEN2"].' + type: string + labels: + additionalProperties: + type: string + description: |- + Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. + For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. + + Cloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected. + All system labels in v1 now have a corresponding field in v2 RevisionTemplate. + type: object + maxInstanceRequestConcurrency: + description: Sets the maximum number of requests that each serving + instance can receive. + type: integer + revision: + description: The unique name for the revision. If this field is + omitted, it will be automatically generated based on the Service + name. + type: string + scaling: + description: Scaling settings for this Revision. + properties: + maxInstanceCount: + description: Maximum number of serving instances that this + resource should have. + type: integer + minInstanceCount: + description: Minimum number of serving instances that this + resource should have. + type: integer + type: object + serviceAccountRef: + description: Email address of the IAM service account associated + with the revision of the service. The service account represents + the identity of the running revision, and determines what permissions + the revision has. If not provided, the revision will use the + project's default service account. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sessionAffinity: + description: Enables session affinity. For more information, go + to https://cloud.google.com/run/docs/configuring/session-affinity. + type: boolean + timeout: + description: |- + Max allowed time for an instance to respond to a request. + + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + type: string + volumes: + description: A list of Volumes to make available to containers. + items: + properties: + cloudSqlInstance: + description: For Cloud SQL volumes, contains the specific + instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run + for more information on how to connect Cloud SQL and Cloud + Run. + properties: + instances: + items: + description: 'The Cloud SQL instance connection names, + as can be found in https://console.cloud.google.com/sql/instances. + Visit https://cloud.google.com/sql/docs/mysql/connect-run + for more information on how to connect Cloud SQL + and Cloud Run. Format: {project}:{location}:{instance}' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `connectionName` + field of a `SQLInstance` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + emptyDir: + description: Ephemeral storage used as a shared volume. + properties: + medium: + description: 'The different types of medium supported + for EmptyDir. Default value: "MEMORY" Possible values: + ["MEMORY"].' + type: string + sizeLimit: + description: 'Limit on the storage usable by this EmptyDir + volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir + would be the minimum value between the SizeLimit specified + here and the sum of memory limits of all containers + in a pod. This field''s values are of the ''Quantity'' + k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir.' + type: string + type: object + name: + description: Volume's name. + type: string + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret.' + properties: + defaultMode: + description: Integer representation of mode bits to + use on created files by default. Must be a value between + 0000 and 0777 (octal), defaulting to 0444. Directories + within the path are not affected by this setting. + type: integer + items: + description: If unspecified, the volume will expose + a file whose name is the secret, relative to VolumeMount.mount_path. + If specified, the key will be used as the version + to fetch from Cloud Secret Manager and the path will + be the name of the file exposed in the volume. When + items are defined, they must specify a path and a + version. + items: + properties: + mode: + description: Integer octal mode bits to use on + this file, must be a value between 01 and 0777 + (octal). If 0 or not set, the Volume's default + mode will be used. + type: integer + path: + description: The relative path of the secret in + the container. + type: string + versionRef: + description: The Cloud Secret Manager secret version. + Can be 'latest' for the latest value or an integer + for a specific version + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `version` + field of a `SecretManagerSecretVersion` + resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - path + type: object + type: array + secretRef: + description: 'The name of the secret in Cloud Secret + Manager. Format: {secret} if the secret is in the + same project. projects/{project}/secrets/{secret} + if the secret is in a different project.' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of + a `SecretManagerSecret` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - secretRef + type: object + required: + - name + type: object + type: array + vpcAccess: + description: VPC Access configuration to use for this Task. For + more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. + properties: + connectorRef: + description: 'VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, + where {project} can be project id or number.' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `VPCAccessConnector` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + egress: + description: 'Traffic VPC egress settings. Possible values: + ["ALL_TRAFFIC", "PRIVATE_RANGES_ONLY"].' + type: string + networkInterfaces: + description: Direct VPC egress settings. Currently only single + network interface is supported. + items: + properties: + networkRef: + description: |- + The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both + network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be + looked up from the subnetwork. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subnetworkRef: + description: |- + The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both + network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the + subnetwork with the same name with the network will be used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeSubnetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tags: + description: Network tags applied to this Cloud Run + service. + items: + type: string + type: array + type: object + type: array + type: object + type: object + traffic: + description: Specifies how to distribute traffic over a collection + of Revisions belonging to the Service. If traffic is empty or not + provided, defaults to 100% traffic to the latest Ready Revision. + items: + properties: + percent: + description: Specifies percent of the traffic to this Revision. + This defaults to zero if unspecified. + type: integer + revision: + description: Revision to which to send this portion of traffic, + if traffic allocation is by revision. + type: string + tag: + description: Indicates a string to be part of the URI to exclusively + reference this target. + type: string + type: + description: 'The allocation type for this traffic target. Possible + values: ["TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST", "TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION"].' + type: string + type: object + type: array + required: + - location + - projectRef + - template + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The creation time. + type: string + creator: + description: Email address of the authenticated creator. + type: string + deleteTime: + description: The deletion time. + type: string + etag: + description: A system-generated fingerprint for this version of the + resource. May be used to detect modification conflict during updates. + type: string + expireTime: + description: For a deleted resource, the time after which it will + be permamently deleted. + type: string + lastModifier: + description: Email address of the last authenticated modifier. + type: string + latestCreatedRevision: + description: Name of the last created revision. See comments in reconciling + for additional information on reconciliation process in Cloud Run. + type: string + latestReadyRevision: + description: Name of the latest revision that is serving traffic. + See comments in reconciling for additional information on reconciliation + process in Cloud Run. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + reconciling: + description: |- + Returns true if the Service is currently being acted upon by the system to bring it into the desired state. + + When a new Service is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Service to the desired serving state. This process is called reconciliation. While reconciliation is in process, observedGeneration, latest_ready_revison, trafficStatuses, and uri will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the serving state matches the Service, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state. + + If reconciliation succeeded, the following fields will match: traffic and trafficStatuses, observedGeneration and generation, latestReadyRevision and latestCreatedRevision. + + If reconciliation failed, trafficStatuses, observedGeneration, and latestReadyRevision will have the state of the last serving revision, or empty for newly created Services. Additional information on the failure can be found in terminalCondition and conditions. + type: boolean + terminalCondition: + description: The Condition of this Service, containing its readiness + status, and detailed error information in case it did not reach + a serving state. See comments in reconciling for additional information + on reconciliation process in Cloud Run. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human readable message indicating details about the + current status. + type: string + reason: + description: A common (service-level) reason for this condition. + type: string + revisionReason: + description: A reason for the revision condition. + type: string + severity: + description: How to interpret failures of this condition, one + of Error, Warning, Info. + type: string + state: + description: State of the condition. + type: string + type: + description: 'type is used to communicate the status of the reconciliation + process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting + Types common to all resources include: * "Ready": True when + the Resource is ready.' + type: string + type: object + trafficStatuses: + description: Detailed status information for corresponding traffic + targets. See comments in reconciling for additional information + on reconciliation process in Cloud Run. + items: + properties: + percent: + description: Specifies percent of the traffic to this Revision. + type: integer + revision: + description: Revision to which this traffic is sent. + type: string + tag: + description: Indicates the string used in the URI to exclusively + reference this target. + type: string + type: + description: The allocation type for this traffic target. + type: string + uri: + description: Displays the target URI. + type: string + type: object + type: array + uid: + description: Server assigned unique identifier for the trigger. The + value is a UUID4 string and guaranteed to remain unchanged until + the resource is deleted. + type: string + updateTime: + description: The last-modified time. + type: string + uri: + description: The main URI in which this Service is serving traffic. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: secretmanagersecrets.secretmanager.cnrm.cloud.google.com +spec: + group: secretmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SecretManagerSecret + listKind: SecretManagerSecretList + plural: secretmanagersecrets + shortNames: + - gcpsecretmanagersecret + - gcpsecretmanagersecrets + singular: secretmanagersecret + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: SecretManagerSecret is the Schema for the SecretManagerSecret + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SecretManagerSecretSpec defines the desired state of SecretManagerSecret + properties: + annotations: + additionalProperties: + type: string + description: |- + Optional. Custom metadata about the secret. + + Annotations are distinct from various forms of labels. + Annotations exist to allow client tools to store their own state + information without requiring a database. + + Annotation keys must be between 1 and 63 characters long, have a UTF-8 + encoding of maximum 128 bytes, begin and end with an alphanumeric character + ([a-z0-9A-Z]), and may have dashes (-), underscores (_), dots (.), and + alphanumerics in between these symbols. + + The total size of annotation keys and values must be less than 16KiB. + type: object + expireTime: + description: Optional. Timestamp in UTC when the [Secret][google.cloud.secretmanager.v1.Secret] + is scheduled to expire. This is always provided on output, regardless + of what was sent on input. + type: string + replication: + description: |- + Optional. Immutable. The replication policy of the secret data attached to + the [Secret][google.cloud.secretmanager.v1.Secret]. + + The replication policy cannot be changed after the Secret has been created. + properties: + auto: + description: The [Secret][google.cloud.secretmanager.v1.Secret] + will automatically be replicated without any restrictions. + properties: + customerManagedEncryption: + description: |- + Optional. The customer-managed encryption configuration of the + [Secret][google.cloud.secretmanager.v1.Secret]. If no configuration is + provided, Google-managed default encryption is used. + + Updates to the [Secret][google.cloud.secretmanager.v1.Secret] encryption + configuration only apply to + [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] added + afterwards. They do not apply retroactively to existing + [SecretVersions][google.cloud.secretmanager.v1.SecretVersion]. + properties: + kmsKeyRef: + description: |- + Required. The resource name of the Cloud KMS CryptoKey used to encrypt + secret payloads. + + For secrets using the + [UserManaged][google.cloud.secretmanager.v1.Replication.UserManaged] + replication policy type, Cloud KMS CryptoKeys must reside in the same + location as the [replica location][Secret.UserManaged.Replica.location]. + + For secrets using the + [Automatic][google.cloud.secretmanager.v1.Replication.Automatic] + replication policy type, Cloud KMS CryptoKeys must reside in `global`. + + The expected format is `projects/*/locations/*/keyRings/*/cryptoKeys/*`. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed + KMSCryptoKey. Should be in the format `projects/[kms_project_id]/locations/[region]/keyRings/[key_ring_id]/cryptoKeys/[key]`. + type: string + name: + description: The `name` of a `KMSCryptoKey` resource. + type: string + namespace: + description: The `namespace` of a `KMSCryptoKey` resource. + type: string + type: object + required: + - kmsKeyRef + type: object + type: object + automatic: + description: The Secret will automatically be replicated without + any restrictions. + type: boolean + userManaged: + description: The [Secret][google.cloud.secretmanager.v1.Secret] + will only be replicated into the locations specified. + properties: + replicas: + description: |- + Required. The list of Replicas for this + [Secret][google.cloud.secretmanager.v1.Secret]. + + Cannot be empty. + items: + properties: + customerManagedEncryption: + description: |- + Optional. The customer-managed encryption configuration of the + [User-Managed Replica][Replication.UserManaged.Replica]. If no + configuration is provided, Google-managed default encryption is used. + + Updates to the [Secret][google.cloud.secretmanager.v1.Secret] + encryption configuration only apply to + [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] added + afterwards. They do not apply retroactively to existing + [SecretVersions][google.cloud.secretmanager.v1.SecretVersion]. + properties: + kmsKeyRef: + description: |- + Required. The resource name of the Cloud KMS CryptoKey used to encrypt + secret payloads. + + For secrets using the + [UserManaged][google.cloud.secretmanager.v1.Replication.UserManaged] + replication policy type, Cloud KMS CryptoKeys must reside in the same + location as the [replica location][Secret.UserManaged.Replica.location]. + + For secrets using the + [Automatic][google.cloud.secretmanager.v1.Replication.Automatic] + replication policy type, Cloud KMS CryptoKeys must reside in `global`. + + The expected format is `projects/*/locations/*/keyRings/*/cryptoKeys/*`. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed + KMSCryptoKey. Should be in the format `projects/[kms_project_id]/locations/[region]/keyRings/[key_ring_id]/cryptoKeys/[key]`. + type: string + name: + description: The `name` of a `KMSCryptoKey` + resource. + type: string + namespace: + description: The `namespace` of a `KMSCryptoKey` + resource. + type: string + type: object + required: + - kmsKeyRef + type: object + location: + description: 'The canonical IDs of the location to replicate + data. For example: `"us-east1"`.' + type: string + required: + - location + type: object + type: array + required: + - replicas + type: object + type: object + resourceID: + description: Immutable. The SecretManagerSecret name. If not given, + the metadata.name will be used. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + rotation: + description: Optional. Rotation policy attached to the [Secret][google.cloud.secretmanager.v1.Secret]. + May be excluded if there is no rotation policy. + properties: + nextRotationTime: + description: |- + Optional. Timestamp in UTC at which the + [Secret][google.cloud.secretmanager.v1.Secret] is scheduled to rotate. + Cannot be set to less than 300s (5 min) in the future and at most + 3153600000s (100 years). + + [next_rotation_time][google.cloud.secretmanager.v1.Rotation.next_rotation_time] + MUST be set if + [rotation_period][google.cloud.secretmanager.v1.Rotation.rotation_period] + is set. + type: string + rotationPeriod: + description: |- + Input only. The Duration between rotation notifications. Must be in seconds + and at least 3600s (1h) and at most 3153600000s (100 years). + + If + [rotation_period][google.cloud.secretmanager.v1.Rotation.rotation_period] + is set, + [next_rotation_time][google.cloud.secretmanager.v1.Rotation.next_rotation_time] + must be set. + [next_rotation_time][google.cloud.secretmanager.v1.Rotation.next_rotation_time] + will be advanced by this period when the service automatically sends + rotation notifications. + type: string + type: object + topics: + description: Optional. A list of up to 10 Pub/Sub topics to which + messages are published when control plane operations are called + on the secret or its versions. + items: + properties: + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: If provided must be in the format `projects/[project_id]/topics/[topic_id]`. + type: string + name: + description: The `metadata.name` field of a `PubSubTopic` + resource. + type: string + namespace: + description: The `metadata.namespace` field of a `PubSubTopic` + resource. + type: string + type: object + required: + - topicRef + type: object + type: array + ttl: + description: Input only. The TTL for the [Secret][google.cloud.secretmanager.v1.Secret]. + type: string + versionAliases: + additionalProperties: + type: string + description: |- + Optional. Mapping from version alias to version name. + + A version alias is a string with a maximum length of 63 characters and can + contain uppercase and lowercase letters, numerals, and the hyphen (`-`) + and underscore ('_') characters. An alias string must start with a + letter and cannot be the string 'latest' or 'NEW'. + No more than 50 aliases can be assigned to a given secret. + + Version-Alias pairs will be viewable via GetSecret and modifiable via + UpdateSecret. Access by alias is only be supported on + GetSecretVersion and AccessSecretVersion. + type: object + type: object + status: + description: SecretManagerSecretStatus defines the config connector machine + state of SecretManagerSecret + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the SecretManagerSecret resource + in GCP. + type: string + name: + description: '[DEPRECATED] Please read from `.status.externalRef` + instead. Config Connector will remove the `.status.name` in v1 Version.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: secretmanagersecretversions.secretmanager.cnrm.cloud.google.com +spec: + group: secretmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SecretManagerSecretVersion + listKind: SecretManagerSecretVersionList + plural: secretmanagersecretversions + shortNames: + - gcpsecretmanagersecretversion + - gcpsecretmanagersecretversions + singular: secretmanagersecretversion + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: SecretManagerSecretVersion is the Schema for the SecretManagerSecretVersion + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SecretManagerSecretVersionSpec defines the desired state + of SecretManagerSecretVersion + properties: + deletionPolicy: + description: 'DEPRECATED. You do not need to set this field in direct + reconciler mode. Use delete-policy annotation instead. https://cloud.google.com/config-connector/docs/how-to/managing-deleting-resources#keeping_resources_after_deletion + The deletion policy for the secret version. Setting ''ABANDON'' + allows the resource to be abandoned rather than deleted. Setting + ''DISABLE'' allows the resource to be disabled rather than deleted. + Default is ''DELETE''. Possible values are: * DELETE * DISABLE * + ABANDON.' + type: string + enabled: + description: Should enable or disable the current SecretVersion. - + Enabled version can be accessed and described. - Disabled version + cannot be accessed, but the secret's contents still exist + type: boolean + isSecretDataBase64: + description: DEPRECATED. You do not need to set this field in direct + reconciler mode. + type: boolean + resourceID: + description: The SecretVersion number. If given, Config Connector + acquires the resource from the Secret Manager service. If not given, + Config Connector adds a new secret version to the GCP service, and + you can find out the version number from `status.observedState.version` + type: string + secretData: + description: The actual secret data. Config Connector supports secret + data stored in Kubernetes secret or plain data (base64) + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - key + - name + type: object + type: object + type: object + secretRef: + description: The resource name of the [Secret][google.cloud.secretmanager.v1.Secret] + to create a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] + for. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed SecretManagerSecret + resource. Should be in the format "projects//locations//secrets/". + type: string + name: + description: The name of a SecretManagerSecret resource. + type: string + namespace: + description: The namespace of a SecretManagerSecret resource. + type: string + type: object + type: object + status: + description: SecretManagerSecretVersionStatus defines the config connector + machine state of SecretManagerSecretVersion + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: 'DEPRECATING NOTE: Please use status.observedState.createTime + instead.' + type: string + destroyTime: + description: 'DEPRECATING NOTE: Please use status.observedState.destroyTime + instead.' + type: string + externalRef: + description: A unique specifier for the SecretManagerSecretVersion + resource in GCP. + type: string + name: + description: 'DEPRECATING NOTE: Please use status.observedState.name + instead.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + clientSpecifiedPayloadChecksum: + description: Output only. True if payload checksum specified in + [SecretPayload][google.cloud.secretmanager.v1.SecretPayload] + object has been received by [SecretManagerService][google.cloud.secretmanager.v1.SecretManagerService] + on [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion]. + type: boolean + createTime: + description: Output only. The time at which the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] + was created. + type: string + customerManagedEncryption: + description: Output only. The customer-managed encryption status + of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + Only populated if customer-managed encryption is used and [Secret][google.cloud.secretmanager.v1.Secret] + is a Regionalised Secret. + properties: + kmsKeyVersionName: + description: 'Required. The resource name of the Cloud KMS + CryptoKeyVersion used to encrypt the secret payload, in + the following format: `projects/*/locations/*/keyRings/*/cryptoKeys/*/versions/*`.' + type: string + type: object + destroyTime: + description: Output only. The time this [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] + was destroyed. Only present if [state][google.cloud.secretmanager.v1.SecretVersion.state] + is [DESTROYED][google.cloud.secretmanager.v1.SecretVersion.State.DESTROYED]. + type: string + name: + description: |- + Output only. The resource name of the + [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] in the + format `projects/*/secrets/*/versions/*`. + + [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] IDs in a + [Secret][google.cloud.secretmanager.v1.Secret] start at 1 and are + incremented for each subsequent version of the secret. + type: string + replicationStatus: + description: The replication status of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + properties: + automatic: + description: |- + Describes the replication status of a + [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] with + automatic replication. + + Only populated if the parent + [Secret][google.cloud.secretmanager.v1.Secret] has an automatic + replication policy. + properties: + customerManagedEncryption: + description: Output only. The customer-managed encryption + status of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + Only populated if customer-managed encryption is used. + properties: + kmsKeyVersionName: + description: 'Required. The resource name of the Cloud + KMS CryptoKeyVersion used to encrypt the secret + payload, in the following format: `projects/*/locations/*/keyRings/*/cryptoKeys/*/versions/*`.' + type: string + type: object + type: object + userManaged: + description: |- + Describes the replication status of a + [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] with + user-managed replication. + + Only populated if the parent + [Secret][google.cloud.secretmanager.v1.Secret] has a user-managed + replication policy. + properties: + replicas: + description: Output only. The list of replica statuses + for the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + items: + properties: + customerManagedEncryption: + description: Output only. The customer-managed encryption + status of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + Only populated if customer-managed encryption + is used. + properties: + kmsKeyVersionName: + description: 'Required. The resource name of + the Cloud KMS CryptoKeyVersion used to encrypt + the secret payload, in the following format: + `projects/*/locations/*/keyRings/*/cryptoKeys/*/versions/*`.' + type: string + type: object + location: + description: 'Output only. The canonical ID of the + replica location. For example: `"us-east1"`.' + type: string + type: object + type: array + type: object + type: object + scheduledDestroyTime: + description: Optional. Output only. Scheduled destroy time for + secret version. This is a part of the Delayed secret version + destroy feature. For a Secret with a valid version destroy TTL, + when a secert version is destroyed, the version is moved to + disabled state and it is scheduled for destruction. The version + is destroyed only after the `scheduled_destroy_time`. + type: string + type: object + version: + description: DEPRECATED. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + name: securesourcemanagerinstances.securesourcemanager.cnrm.cloud.google.com +spec: + group: securesourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SecureSourceManagerInstance + listKind: SecureSourceManagerInstanceList + plural: securesourcemanagerinstances + shortNames: + - gcpsecuresourcemanagerinstance + - gcpsecuresourcemanagerinstances + singular: securesourcemanagerinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: SecureSourceManagerInstance is the Schema for the SecureSourceManagerInstance + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SecureSourceManagerInstanceSpec defines the desired state + of SecureSourceManagerInstance + properties: + kmsKeyRef: + description: Optional. Immutable. Customer-managed encryption key + name. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed KMSCryptoKey. + Should be in the format `projects/[kms_project_id]/locations/[region]/keyRings/[key_ring_id]/cryptoKeys/[key]`. + type: string + name: + description: The `name` of a `KMSCryptoKey` resource. + type: string + namespace: + description: The `namespace` of a `KMSCryptoKey` resource. + type: string + type: object + location: + description: Immutable. Location of the instance. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + description: SecureSourceManagerInstanceStatus defines the config connector + machine state of SecureSourceManagerInstance + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the SecureSourceManagerInstance + resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + hostConfig: + description: Output only. A list of hostnames for this instance. + properties: + api: + description: 'Output only. API hostname. This is the hostname + to use for **Host: Data Plane** endpoints.' + type: string + gitHTTP: + description: Output only. Git HTTP hostname. + type: string + gitSSH: + description: Output only. Git SSH hostname. + type: string + html: + description: Output only. HTML hostname. + type: string + type: object + state: + description: Output only. Current state of the instance. + type: string + stateNote: + description: Output only. An optional field providing information + about the current instance state. + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: securesourcemanagerrepositories.securesourcemanager.cnrm.cloud.google.com +spec: + group: securesourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SecureSourceManagerRepository + listKind: SecureSourceManagerRepositoryList + plural: securesourcemanagerrepositories + shortNames: + - gcpsecuresourcemanagerrepository + - gcpsecuresourcemanagerrepositories + singular: securesourcemanagerrepository + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: SecureSourceManagerRepository is the Schema for the SecureSourceManagerRepository + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SecureSourceManagerRepositorySpec defines the desired state + of SecureSourceManagerRepository + properties: + initialConfig: + description: Input only. Initial configurations for the repository. + properties: + defaultBranch: + description: Default branch name of the repository. + type: string + gitignores: + description: 'List of gitignore template names user can choose + from. Valid values: actionscript, ada, agda, android, anjuta, + ansible, appcelerator-titanium, app-engine, archives, arch-linux-packages, + atmel-studio, autotools, backup, bazaar, bazel, bitrix, bricx-cc, + c, cake-php, calabash, cf-wheels, chef-cookbook, clojure, cloud9, + c-make, code-igniter, code-kit, code-sniffer, common-lisp, composer, + concrete5, coq, cordova, cpp, craft-cms, cuda, cvs, d, dart, + dart-editor, delphi, diff, dm, dreamweaver, dropbox, drupal, + drupal-7, eagle, eclipse, eiffel-studio, elisp, elixir, elm, + emacs, ensime, epi-server, erlang, esp-idf, espresso, exercism, + expression-engine, ext-js, fancy, finale, flex-builder, force-dot-com, + fortran, fuel-php, gcov, git-book, gnome-shell-extension, go, + godot, gpg, gradle, grails, gwt, haskell, hugo, iar-ewarm, idris, + igor-pro, images, infor-cms, java, jboss, jboss-4, jboss-6, + jdeveloper, jekyll, jenkins-home, jenv, jet-brains, jigsaw, + joomla, julia, jupyter-notebooks, kate, kdevelop4, kentico, + ki-cad, kohana, kotlin, lab-view, laravel, lazarus, leiningen, + lemon-stand, libre-office, lilypond, linux, lithium, logtalk, + lua, lyx, mac-os, magento, magento-1, magento-2, matlab, maven, + mercurial, mercury, metals, meta-programming-system, meteor, + microsoft-office, model-sim, momentics, mono-develop, nanoc, + net-beans, nikola, nim, ninja, node, notepad-pp, nwjs, objective--c, + ocaml, octave, opa, open-cart, openssl, oracle-forms, otto, + packer, patch, perl, perl6, phalcon, phoenix, pimcore, play-framework, + plone, prestashop, processing, psoc-creator, puppet, pure-script, + putty, python, qooxdoo, qt, r, racket, rails, raku, red, redcar, + redis, rhodes-rhomobile, ros, ruby, rust, sam, sass, sbt, scala, + scheme, scons, scrivener, sdcc, seam-gen, sketch-up, slick-edit, + smalltalk, snap, splunk, stata, stella, sublime-text, sugar-crm, + svn, swift, symfony, symphony-cms, synopsys-vcs, tags, terraform, + tex, text-mate, textpattern, think-php, tortoise-git, turbo-gears-2, + typo3, umbraco, unity, unreal-engine, vagrant, vim, virtual-env, + virtuoso, visual-studio, visual-studio-code, vue, vvvv, waf, + web-methods, windows, word-press, xcode, xilinx, xilinx-ise, + xojo, yeoman, yii, zend-framework, zephir.' + items: + type: string + type: array + license: + description: 'License template name user can choose from. Valid + values: license-0bsd, license-389-exception, aal, abstyles, + adobe-2006, adobe-glyph, adsl, afl-1-1, afl-1-2, afl-2-0, afl-2-1, + afl-3-0, afmparse, agpl-1-0, agpl-1-0-only, agpl-1-0-or-later, + agpl-3-0-only, agpl-3-0-or-later, aladdin, amdplpa, aml, ampas, + antlr-pd, antlr-pd-fallback, apache-1-0, apache-1-1, apache-2-0, + apafml, apl-1-0, apsl-1-0, apsl-1-1, apsl-1-2, apsl-2-0, artistic-1-0, + artistic-1-0-cl8, artistic-1-0-perl, artistic-2-0, autoconf-exception-2-0, + autoconf-exception-3-0, bahyph, barr, beerware, bison-exception-2-2, + bittorrent-1-0, bittorrent-1-1, blessing, blueoak-1-0-0, bootloader-exception, + borceux, bsd-1-clause, bsd-2-clause, bsd-2-clause-freebsd, bsd-2-clause-netbsd, + bsd-2-clause-patent, bsd-2-clause-views, bsd-3-clause, bsd-3-clause-attribution, + bsd-3-clause-clear, bsd-3-clause-lbnl, bsd-3-clause-modification, + bsd-3-clause-no-nuclear-license, bsd-3-clause-no-nuclear-license-2014, + bsd-3-clause-no-nuclear-warranty, bsd-3-clause-open-mpi, bsd-4-clause, + bsd-4-clause-shortened, bsd-4-clause-uc, bsd-protection, bsd-source-code, + bsl-1-0, busl-1-1, cal-1-0, cal-1-0-combined-work-exception, + caldera, catosl-1-1, cc0-1-0, cc-by-1-0, cc-by-2-0, cc-by-3-0, + cc-by-3-0-at, cc-by-3-0-us, cc-by-4-0, cc-by-nc-1-0, cc-by-nc-2-0, + cc-by-nc-3-0, cc-by-nc-4-0, cc-by-nc-nd-1-0, cc-by-nc-nd-2-0, + cc-by-nc-nd-3-0, cc-by-nc-nd-3-0-igo, cc-by-nc-nd-4-0, cc-by-nc-sa-1-0, + cc-by-nc-sa-2-0, cc-by-nc-sa-3-0, cc-by-nc-sa-4-0, cc-by-nd-1-0, + cc-by-nd-2-0, cc-by-nd-3-0, cc-by-nd-4-0, cc-by-sa-1-0, cc-by-sa-2-0, + cc-by-sa-2-0-uk, cc-by-sa-2-1-jp, cc-by-sa-3-0, cc-by-sa-3-0-at, + cc-by-sa-4-0, cc-pddc, cddl-1-0, cddl-1-1, cdla-permissive-1-0, + cdla-sharing-1-0, cecill-1-0, cecill-1-1, cecill-2-0, cecill-2-1, + cecill-b, cecill-c, cern-ohl-1-1, cern-ohl-1-2, cern-ohl-p-2-0, + cern-ohl-s-2-0, cern-ohl-w-2-0, clartistic, classpath-exception-2-0, + clisp-exception-2-0, cnri-jython, cnri-python, cnri-python-gpl-compatible, + condor-1-1, copyleft-next-0-3-0, copyleft-next-0-3-1, cpal-1-0, + cpl-1-0, cpol-1-02, crossword, crystal-stacker, cua-opl-1-0, + cube, c-uda-1-0, curl, d-fsl-1-0, diffmark, digirule-foss-exception, + doc, dotseqn, drl-1-0, dsdp, dvipdfm, ecl-1-0, ecl-2-0, ecos-exception-2-0, + efl-1-0, efl-2-0, egenix, entessa, epics, epl-1-0, epl-2-0, + erlpl-1-1, etalab-2-0, eu-datagrid, eupl-1-0, eupl-1-1, eupl-1-2, + eurosym, fair, fawkes-runtime-exception, fltk-exception, font-exception-2-0, + frameworx-1-0, freebsd-doc, freeimage, freertos-exception-2-0, + fsfap, fsful, fsfullr, ftl, gcc-exception-2-0, gcc-exception-3-1, + gd, gfdl-1-1-invariants-only, gfdl-1-1-invariants-or-later, + gfdl-1-1-no-invariants-only, gfdl-1-1-no-invariants-or-later, + gfdl-1-1-only, gfdl-1-1-or-later, gfdl-1-2-invariants-only, + gfdl-1-2-invariants-or-later, gfdl-1-2-no-invariants-only, gfdl-1-2-no-invariants-or-later, + gfdl-1-2-only, gfdl-1-2-or-later, gfdl-1-3-invariants-only, + gfdl-1-3-invariants-or-later, gfdl-1-3-no-invariants-only, gfdl-1-3-no-invariants-or-later, + gfdl-1-3-only, gfdl-1-3-or-later, giftware, gl2ps, glide, glulxe, + glwtpl, gnu-javamail-exception, gnuplot, gpl-1-0-only, gpl-1-0-or-later, + gpl-2-0-only, gpl-2-0-or-later, gpl-3-0-linking-exception, gpl-3-0-linking-source-exception, + gpl-3-0-only, gpl-3-0-or-later, gpl-cc-1-0, gsoap-1-3b, haskell-report, + hippocratic-2-1, hpnd, hpnd-sell-variant, htmltidy, i2p-gpl-java-exception, + ibm-pibs, icu, ijg, image-magick, imatix, imlib2, info-zip, + intel, intel-acpi, interbase-1-0, ipa, ipl-1-0, isc, jasper-2-0, + jpnic, json, lal-1-2, lal-1-3, latex2e, leptonica, lgpl-2-0-only, + lgpl-2-0-or-later, lgpl-2-1-only, lgpl-2-1-or-later, lgpl-3-0-linking-exception, + lgpl-3-0-only, lgpl-3-0-or-later, lgpllr, libpng, libpng-2-0, + libselinux-1-0, libtiff, libtool-exception, liliq-p-1-1, liliq-r-1-1, + liliq-rplus-1-1, linux-openib, linux-syscall-note, llvm-exception, + lpl-1-0, lpl-1-02, lppl-1-0, lppl-1-1, lppl-1-2, lppl-1-3a, + lppl-1-3c, lzma-exception, make-index, mif-exception, miros, + mit, mit-0, mit-advertising, mit-cmu, mit-enna, mit-feh, mit-modern-variant, + mitnfa, mit-open-group, motosoto, mpich2, mpl-1-0, mpl-1-1, + mpl-2-0, mpl-2-0-no-copyleft-exception, ms-pl, ms-rl, mtll, + mulanpsl-1-0, mulanpsl-2-0, multics, mup, naist-2003, nasa-1-3, + naumen, nbpl-1-0, ncgl-uk-2-0, ncsa, netcdf, net-snmp, newsletr, + ngpl, nist-pd, nist-pd-fallback, nlod-1-0, nlpl, nokia, nokia-qt-exception-1-1, + nosl, noweb, npl-1-0, npl-1-1, nposl-3-0, nrl, ntp, ntp-0, ocaml-lgpl-linking-exception, + occt-exception-1-0, occt-pl, oclc-2-0, odbl-1-0, odc-by-1-0, + ofl-1-0, ofl-1-0-no-rfn, ofl-1-0-rfn, ofl-1-1, ofl-1-1-no-rfn, + ofl-1-1-rfn, ogc-1-0, ogdl-taiwan-1-0, ogl-canada-2-0, ogl-uk-1-0, + ogl-uk-2-0, ogl-uk-3-0, ogtsl, oldap-1-1, oldap-1-2, oldap-1-3, + oldap-1-4, oldap-2-0, oldap-2-0-1, oldap-2-1, oldap-2-2, oldap-2-2-1, + oldap-2-2-2, oldap-2-3, oldap-2-4, oldap-2-7, oml, openjdk-assembly-exception-1-0, + openssl, openvpn-openssl-exception, opl-1-0, oset-pl-2-1, osl-1-0, + osl-1-1, osl-2-0, osl-2-1, osl-3-0, o-uda-1-0, parity-6-0-0, + parity-7-0-0, pddl-1-0, php-3-0, php-3-01, plexus, polyform-noncommercial-1-0-0, + polyform-small-business-1-0-0, postgresql, psf-2-0, psfrag, + ps-or-pdf-font-exception-20170817, psutils, python-2-0, qhull, + qpl-1-0, qt-gpl-exception-1-0, qt-lgpl-exception-1-1, qwt-exception-1-0, + rdisc, rhecos-1-1, rpl-1-1, rpsl-1-0, rsa-md, rscpl, ruby, saxpath, + sax-pd, scea, sendmail, sendmail-8-23, sgi-b-1-0, sgi-b-1-1, + sgi-b-2-0, shl-0-51, shl-2-0, shl-2-1, simpl-2-0, sissl, sissl-1-2, + sleepycat, smlnj, smppl, snia, spencer-86, spencer-94, spencer-99, + spl-1-0, ssh-openssh, ssh-short, sspl-1-0, sugarcrm-1-1-3, swift-exception, + swl, tapr-ohl-1-0, tcl, tcp-wrappers, tmate, torque-1-1, tosl, + tu-berlin-1-0, tu-berlin-2-0, u-boot-exception-2-0, ucl-1-0, + unicode-dfs-2015, unicode-dfs-2016, unicode-tou, universal-foss-exception-1-0, + unlicense, upl-1-0, vim, vostrom, vsl-1-0, w3c, w3c-19980720, + w3c-20150513, watcom-1-0, wsuipa, wtfpl, wxwindows-exception-3-1, + x11, xerox, xfree86-1-1, xinetd, xnet, xpp, xskat, ypl-1-0, + ypl-1-1, zed, zend-2-0, zimbra-1-3, zimbra-1-4, zlib, zlib-acknowledgement, + zpl-1-1, zpl-2-0, zpl-2-1.' + type: string + readme: + description: 'README template name. Valid template name(s) are: + default.' + type: string + type: object + instanceRef: + description: The name of the instance in which the repository is hosted, + formatted as `projects/{project_number}/locations/{location_id}/instances/{instance_id}` + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed SecureSourceManagerInstance + resource. Should be in the format "projects//locations//instances/". + type: string + name: + description: The name of a SecureSourceManagerInstance resource. + type: string + namespace: + description: The namespace of a SecureSourceManagerInstance resource. + type: string + type: object + location: + description: Immutable. Location of the instance. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: Immutable. The SecureSourceManagerRepository name. If + not given, the metadata.name will be used. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + required: + - instanceRef + - location + - projectRef + type: object + status: + description: SecureSourceManagerRepositoryStatus defines the config connector + machine state of SecureSourceManagerRepository + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the SecureSourceManagerRepository + resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + etag: + description: Output only. This checksum is computed by the server + based on the value of other fields, and may be sent on update + and delete requests to ensure the client has an up-to-date value + before proceeding. + type: string + uid: + description: Output only. Unique identifier of the repository. + type: string + uris: + description: Output only. URIs for the repository. + properties: + api: + description: Output only. API is the URI for API access. + type: string + gitHTTPS: + description: Output only. git_https is the git HTTPS URI for + git operations. + type: string + html: + description: Output only. HTML is the URI for user to view + the repository in a browser. + type: string + type: object + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: securitycenternotificationconfigs.securitycenter.cnrm.cloud.google.com +spec: + group: securitycenter.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SecurityCenterNotificationConfig + plural: securitycenternotificationconfigs + shortNames: + - gcpsecuritycenternotificationconfig + - gcpsecuritycenternotificationconfigs + singular: securitycenternotificationconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + configId: + description: Immutable. This must be unique within the organization. + type: string + description: + description: The description of the notification config (max of 1024 + characters). + type: string + organizationRef: + description: The organization that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + pubsubTopic: + description: |- + The Pub/Sub topic to send notifications to. Its format is + "projects/[project_id]/topics/[topic]". + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + streamingConfig: + description: The config for triggering streaming-based notifications. + properties: + filter: + description: |- + Expression that defines the filter to apply across create/update + events of assets or findings as specified by the event type. The + expression is a list of zero or more restrictions combined via + logical operators AND and OR. Parentheses are supported, and OR + has higher precedence than AND. + + Restrictions have the form and may have + a - character in front of them to indicate negation. The fields + map to those defined in the corresponding resource. + + The supported operators are: + + * = for all value types. + * >, <, >=, <= for integer values. + * :, meaning substring matching, for strings. + + The supported value types are: + + * string literals in quotes. + * integer literals without quotes. + * boolean literals true and false without quotes. + + See + [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + for information on how to write a filter. + type: string + required: + - filter + type: object + required: + - configId + - organizationRef + - pubsubTopic + - streamingConfig + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The resource name of this notification config, in the format + 'organizations/{{organization}}/notificationConfigs/{{config_id}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + serviceAccount: + description: |- + The service account that needs "pubsub.topics.publish" permission to + publish to the Pub/Sub topic. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: securitycentersources.securitycenter.cnrm.cloud.google.com +spec: + group: securitycenter.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SecurityCenterSource + plural: securitycentersources + shortNames: + - gcpsecuritycentersource + - gcpsecuritycentersources + singular: securitycentersource + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the source (max of 1024 characters). + type: string + displayName: + description: |- + The source’s display name. A source’s display name must be unique + amongst its siblings, for example, two sources with the same parent + can't share the same display name. The display name must start and end + with a letter or digit, may contain letters, digits, spaces, hyphens, + and underscores, and can be no longer than 32 characters. + type: string + organizationRef: + description: The organization that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - organizationRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The resource name of this source, in the format + 'organizations/{{organization}}/sources/{{source}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: servicedirectoryendpoints.servicedirectory.cnrm.cloud.google.com +spec: + group: servicedirectory.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ServiceDirectoryEndpoint + plural: servicedirectoryendpoints + shortNames: + - gcpservicedirectoryendpoint + - gcpservicedirectoryendpoints + singular: servicedirectoryendpoint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkRef: + description: |- + Only the `external` field is supported to configure the reference. + + Immutable. The Google Compute Engine network (VPC) of the endpoint in the format + projects//locations/global/networks/*. + + The project must be specified by project number (project id is rejected). Incorrectly formatted networks are + rejected, but no other validation is performed on this field (ex. network or project existence, + reachability, or permissions). + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + port: + description: |- + Port that the endpoint is running on, must be in the + range of [0, 65535]. If unspecified, the default is 0. + type: integer + resourceID: + description: Immutable. Optional. The endpointId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceRef: + description: The ServiceDirectoryService that this endpoint belongs + to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ServiceDirectoryService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - serviceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The resource name for the endpoint in the format + 'projects/*/locations/*/namespaces/*/services/*/endpoints/*'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: servicedirectorynamespaces.servicedirectory.cnrm.cloud.google.com +spec: + group: servicedirectory.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ServiceDirectoryNamespace + plural: servicedirectorynamespaces + shortNames: + - gcpservicedirectorynamespace + - gcpservicedirectorynamespaces + singular: servicedirectorynamespace + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: + description: |- + Immutable. The location for the Namespace. + A full list of valid locations can be found by running + 'gcloud beta service-directory locations list'. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The namespaceId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The resource name for the namespace + in the format 'projects/*/locations/*/namespaces/*'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: servicedirectoryservices.servicedirectory.cnrm.cloud.google.com +spec: + group: servicedirectory.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ServiceDirectoryService + plural: servicedirectoryservices + shortNames: + - gcpservicedirectoryservice + - gcpservicedirectoryservices + singular: servicedirectoryservice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + namespaceRef: + description: The ServiceDirectoryNamespace that this service belongs + to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ServiceDirectoryNamespace` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The serviceId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - namespaceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The resource name for the service in the + format 'projects/*/locations/*/namespaces/*/services/*'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: serviceidentities.serviceusage.cnrm.cloud.google.com +spec: + group: serviceusage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ServiceIdentity + plural: serviceidentities + shortNames: + - gcpserviceidentity + - gcpserviceidentities + singular: serviceidentity + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + email: + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: servicenetworkingconnections.servicenetworking.cnrm.cloud.google.com +spec: + group: servicenetworking.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ServiceNetworkingConnection + plural: servicenetworkingconnections + shortNames: + - gcpservicenetworkingconnection + - gcpservicenetworkingconnections + singular: servicenetworkingconnection + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + reservedPeeringRanges: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + service: + description: Immutable. Provider peering service that is managing + peering connectivity for a service provider organization. For Google + services that support this functionality it is 'servicenetworking.googleapis.com'. + type: string + required: + - networkRef + - reservedPeeringRanges + - service + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + peering: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: services.serviceusage.cnrm.cloud.google.com +spec: + group: serviceusage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: Service + plural: services + shortNames: + - gcpservice + - gcpservices + singular: service + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: serviceusageconsumerquotaoverrides.serviceusage.cnrm.cloud.google.com +spec: + group: serviceusage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ServiceUsageConsumerQuotaOverride + plural: serviceusageconsumerquotaoverrides + shortNames: + - gcpserviceusageconsumerquotaoverride + - gcpserviceusageconsumerquotaoverrides + singular: serviceusageconsumerquotaoverride + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dimensions: + additionalProperties: + type: string + description: Immutable. If this map is nonempty, then this override + applies only to specific values for dimensions defined in the limit + unit. + type: object + force: + description: |- + If the new quota would decrease the existing quota by more than 10%, the request is rejected. + If 'force' is 'true', that safety check is ignored. + type: boolean + limit: + description: |- + Immutable. The limit on the metric, e.g. '/project/region'. + + ~> Make sure that 'limit' is in a format that doesn't start with '1/' or contain curly braces. + E.g. use '/project/user' instead of '1/{project}/{user}'. + type: string + metric: + description: Immutable. The metric that should be limited, e.g. 'compute.googleapis.com/cpus'. + type: string + overrideValue: + description: The overriding quota limit value. Can be any nonnegative + integer, or -1 (unlimited quota). + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + service: + description: Immutable. The service that the metrics belong to, e.g. + 'compute.googleapis.com'. + type: string + required: + - limit + - metric + - overrideValue + - projectRef + - service + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The server-generated name of the quota override. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: sourcereporepositories.sourcerepo.cnrm.cloud.google.com +spec: + group: sourcerepo.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SourceRepoRepository + plural: sourcereporepositories + shortNames: + - gcpsourcereporepository + - gcpsourcereporepositories + singular: sourcereporepository + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + pubsubConfigs: + description: |- + How this repository publishes a change in the repository through Cloud Pub/Sub. + Keyed by the topic names. + items: + properties: + messageFormat: + description: |- + The format of the Cloud Pub/Sub messages. + - PROTOBUF: The message payload is a serialized protocol buffer of SourceRepoEvent. + - JSON: The message payload is a JSON string of SourceRepoEvent. Possible values: ["PROTOBUF", "JSON"]. + type: string + serviceAccountRef: + description: |- + Service account used for publishing Cloud Pub/Sub messages. This + service account needs to be in the same project as the + pubsubConfig. When added, the caller needs to have + iam.serviceAccounts.actAs permission on this service account. If + unspecified, it defaults to the compute engine default service + account. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `PubSubTopic` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - messageFormat + - topicRef + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + size: + description: The disk usage of the repo, in bytes. + type: integer + url: + description: URL to clone the repository from Google Cloud Source + Repositories. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: spannerdatabases.spanner.cnrm.cloud.google.com +spec: + group: spanner.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SpannerDatabase + plural: spannerdatabases + shortNames: + - gcpspannerdatabase + - gcpspannerdatabases + singular: spannerdatabase + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + databaseDialect: + description: |- + Immutable. The dialect of the Cloud Spanner Database. + If it is not provided, "GOOGLE_STANDARD_SQL" will be used. Possible values: ["GOOGLE_STANDARD_SQL", "POSTGRESQL"]. + type: string + ddl: + description: |- + An optional list of DDL statements to run inside the newly created + database. Statements can create tables, indexes, etc. These statements + execute atomically with the creation of the database: if there is an + error in any statement, the database is not created. + items: + type: string + type: array + enableDropProtection: + type: boolean + encryptionConfig: + description: Immutable. Encryption configuration for the database. + properties: + kmsKeyRef: + description: |- + Fully qualified name of the KMS key to use to encrypt this database. This key + must exist in the same location as the Spanner Database. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + instanceRef: + description: The instance to create the database on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SpannerInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + versionRetentionPeriod: + description: |- + The retention period for the database. The retention period must be between 1 hour + and 7 days, and can be specified in days, hours, minutes, or seconds. For example, + the values 1d, 24h, 1440m, and 86400s are equivalent. Default value is 1h. + If this property is used, you must avoid adding new DDL statements to 'ddl' that + update the database's version_retention_period. + type: string + required: + - instanceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: An explanation of the status of the database. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: spannerinstances.spanner.cnrm.cloud.google.com +spec: + group: spanner.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SpannerInstance + listKind: SpannerInstanceList + plural: spannerinstances + shortNames: + - gcpspannerinstance + - gcpspannerinstances + singular: spannerinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: SpannerInstance is the Schema for the SpannerInstance API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SpannerInstanceSpec defines the desired state of SpannerInstance + properties: + config: + description: Immutable. The name of the instance's configuration (similar + but not quite the same as a region) which defines the geographic + placement and replication of your databases in this instance. It + determines where your data is stored. Values are typically of the + form 'regional-europe-west1' , 'us-central' etc. In order to obtain + a valid list please consult the [Configuration section of the docs](https://cloud.google.com/spanner/docs/instances). + type: string + x-kubernetes-validations: + - message: Config field is immutable + rule: self == oldSelf + displayName: + description: The descriptive name for this instance as it appears + in UIs. Must be unique per project and between 4 and 30 characters + in length. + type: string + numNodes: + format: int64 + type: integer + processingUnits: + format: int64 + type: integer + resourceID: + description: Immutable. The SpannerInstance name. If not given, the + metadata.name will be used. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + required: + - config + - displayName + type: object + status: + description: SpannerInstanceStatus defines the config connector machine + state of SpannerInstance + properties: + conditions: + description: Conditions represent the latest available observations + of the SpannerInstance's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the SpannerInstance resource in + GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + state: + description: 'Instance status: ''CREATING'' or ''READY''.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: sqldatabases.sql.cnrm.cloud.google.com +spec: + group: sql.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SQLDatabase + plural: sqldatabases + shortNames: + - gcpsqldatabase + - gcpsqldatabases + singular: sqldatabase + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + charset: + description: |- + The charset value. See MySQL's + [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) + and Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html) + for more details and supported values. Postgres databases only support + a value of 'UTF8' at creation time. + type: string + collation: + description: |- + The collation value. See MySQL's + [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) + and Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html) + for more details and supported values. Postgres databases only support + a value of 'en_US.UTF8' at creation time. + type: string + deletionPolicy: + description: |- + The deletion policy for the database. Setting ABANDON allows the resource + to be abandoned rather than deleted. This is useful for Postgres, where databases cannot be + deleted from the API if there are users other than cloudsqlsuperuser with access. Possible + values are: "ABANDON", "DELETE". Defaults to "DELETE". + type: string + instanceRef: + description: The Cloud SQL instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SQLInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - instanceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: sqlinstances.sql.cnrm.cloud.google.com +spec: + group: sql.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SQLInstance + listKind: SQLInstanceList + plural: sqlinstances + shortNames: + - gcpsqlinstance + - gcpsqlinstances + singular: sqlinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: SQLInstance is the Schema for the sql API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cloneSource: + description: Create this database as a clone of a source instance. + Immutable. + properties: + binLogCoordinates: + description: Binary log coordinates, if specified, identify the + position up to which the source instance is cloned. If not specified, + the source instance is cloned up to the most recent binary log + coordinates. + properties: + binLogFileName: + description: Name of the binary log file for a Cloud SQL instance. + type: string + binLogPosition: + description: Position (offset) within the binary log file. + format: int64 + type: integer + type: object + databaseNames: + description: (SQL Server only) Clone only the specified databases + from the source instance. Clone all databases if empty. + items: + type: string + type: array + pointInTime: + description: Timestamp, if specified, identifies the time to which + the source instance is cloned. + type: string + sqlInstanceRef: + description: The source SQLInstance to clone + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The SQLInstance selfLink, when not managed by + Config Connector. + type: string + name: + description: The `name` field of a `SQLInstance` resource. + type: string + namespace: + description: The `namespace` field of a `SQLInstance` resource. + type: string + type: object + type: object + databaseVersion: + description: The MySQL, PostgreSQL or SQL Server (beta) version to + use. Supported values include MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6, + POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, + POSTGRES_15, SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, + SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB. Database Version Policies + includes an up-to-date reference of supported versions. + type: string + encryptionKMSCryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed KMSCryptoKey. + Should be in the format `projects/[kms_project_id]/locations/[region]/keyRings/[key_ring_id]/cryptoKeys/[key]`. + type: string + name: + description: The `name` of a `KMSCryptoKey` resource. + type: string + namespace: + description: The `namespace` of a `KMSCryptoKey` resource. + type: string + type: object + instanceType: + description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', + 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. + type: string + maintenanceVersion: + description: Maintenance version. + type: string + masterInstanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The SQLInstance selfLink, when not managed by Config + Connector. + type: string + name: + description: The `name` field of a `SQLInstance` resource. + type: string + namespace: + description: The `namespace` field of a `SQLInstance` resource. + type: string + type: object + region: + description: Immutable. The region the instance will sit in. Note, + Cloud SQL is not available in all regions. A valid region must be + provided to use this resource. If a region is not provided in the + resource definition, the provider region will be used instead, but + this will be an apply-time error for instances if the provider region + is not supported with Cloud SQL. If you choose not to provide the + region argument for this resource, make sure you understand this. + type: string + replicaConfiguration: + description: The configuration for replication. + properties: + caCertificate: + description: Immutable. PEM representation of the trusted CA's + x509 certificate. + type: string + clientCertificate: + description: Immutable. PEM representation of the replica's x509 + certificate. + type: string + clientKey: + description: Immutable. PEM representation of the replica's private + key. The corresponding public key in encoded in the client_certificate. + type: string + connectRetryInterval: + description: Immutable. The number of seconds between connect + retries. MySQL's default is 60 seconds. + format: int64 + type: integer + dumpFilePath: + description: Immutable. Path to a SQL file in Google Cloud Storage + from which replica instances are created. Format is gs://bucket/filename. + type: string + failoverTarget: + description: Immutable. Specifies if the replica is the failover + target. If the field is set to true the replica will be designated + as a failover replica. If the master instance fails, the replica + instance will be promoted as the new master instance. Not supported + for Postgres. + type: boolean + masterHeartbeatPeriod: + description: Immutable. Time in ms between replication heartbeats. + format: int64 + type: integer + password: + description: Immutable. Password for the replication connection. + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - key + - name + type: object + type: object + type: object + sslCipher: + description: Immutable. Permissible ciphers for use in SSL encryption. + type: string + username: + description: Immutable. Username for replication connection. + type: string + verifyServerCertificate: + description: Immutable. True if the master's common name value + is checked during the SSL handshake. + type: boolean + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rootPassword: + description: Initial root password. Required for MS SQL Server. + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - key + - name + type: object + type: object + type: object + settings: + description: The settings to use for the database. The configuration + is detailed below. + properties: + activationPolicy: + description: This specifies when the instance should be active. + Can be either ALWAYS, NEVER or ON_DEMAND. + type: string + activeDirectoryConfig: + properties: + domain: + description: Domain name of the Active Directory for SQL Server + (e.g., mydomain.com). + type: string + required: + - domain + type: object + advancedMachineFeatures: + properties: + threadsPerCore: + description: The number of threads per physical core. Can + be 1 or 2. + format: int64 + type: integer + type: object + authorizedGaeApplications: + description: DEPRECATED. This property is only applicable to First + Generation instances, and First Generation instances are now + deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice + for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove + this field from your configuration. + items: + type: string + type: array + availabilityType: + description: The availability type of the Cloud SQL instance, + high availability (REGIONAL) or single zone (ZONAL). For all + instances, ensure that settings.backup_configuration.enabled + is set to true. For MySQL instances, ensure that settings.backup_configuration.binary_log_enabled + is set to true. For Postgres instances, ensure that settings.backup_configuration.point_in_time_recovery_enabled + is set to true. Defaults to ZONAL. + type: string + backupConfiguration: + properties: + backupRetentionSettings: + properties: + retainedBackups: + description: Number of backups to retain. + format: int64 + type: integer + retentionUnit: + description: The unit that 'retainedBackups' represents. + Defaults to COUNT. + type: string + required: + - retainedBackups + type: object + binaryLogEnabled: + description: True if binary logging is enabled. If settings.backup_configuration.enabled + is false, this must be as well. Can only be used with MySQL. + type: boolean + enabled: + description: True if backup configuration is enabled. + type: boolean + location: + description: Location of the backup configuration. + type: string + pointInTimeRecoveryEnabled: + description: True if Point-in-time recovery is enabled. + type: boolean + startTime: + description: HH:MM format time indicating when backup configuration + starts. + type: string + transactionLogRetentionDays: + description: The number of days of transaction logs we retain + for point in time restore, from 1-7. (For PostgreSQL Enterprise + Plus instances, from 1 to 35.). + format: int64 + type: integer + type: object + collation: + description: Immutable. The name of server instance collation. + type: string + connectorEnforcement: + description: Specifies if connections must use Cloud SQL connectors. + type: string + crashSafeReplication: + description: DEPRECATED. This property is only applicable to First + Generation instances, and First Generation instances are now + deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice + for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove + this field from your configuration. + type: boolean + dataCacheConfig: + description: Data cache configurations. + properties: + dataCacheEnabled: + description: Whether data cache is enabled for the instance. + type: boolean + type: object + databaseFlags: + items: + properties: + name: + description: Name of the flag. + type: string + value: + description: Value of the flag. + type: string + required: + - name + - value + type: object + type: array + deletionProtectionEnabled: + description: Configuration to protect against accidental instance + deletion. + type: boolean + denyMaintenancePeriod: + properties: + endDate: + description: End date before which maintenance will not take + place. The date is in format yyyy-mm-dd i.e., 2020-11-01, + or mm-dd, i.e., 11-01. + type: string + startDate: + description: Start date after which maintenance will not take + place. The date is in format yyyy-mm-dd i.e., 2020-11-01, + or mm-dd, i.e., 11-01. + type: string + time: + description: 'Time in UTC when the "deny maintenance period" + starts on start_date and ends on end_date. The time is in + format: HH:mm:SS, i.e., 00:00:00.' + type: string + required: + - endDate + - startDate + - time + type: object + diskAutoresize: + description: Enables auto-resizing of the storage size. Defaults + to true. + type: boolean + diskAutoresizeLimit: + description: The maximum size, in GB, to which storage capacity + can be automatically increased. The default value is 0, which + specifies that there is no limit. + format: int64 + type: integer + diskSize: + description: The size of data disk, in GB. Size of a running instance + cannot be reduced but can be increased. The minimum value is + 10GB. + format: int64 + type: integer + diskType: + description: 'Immutable. The type of data disk: PD_SSD or PD_HDD. + Defaults to PD_SSD.' + type: string + edition: + description: The edition of the instance, can be ENTERPRISE or + ENTERPRISE_PLUS. + type: string + insightsConfig: + description: Configuration of Query Insights. + properties: + queryInsightsEnabled: + description: True if Query Insights feature is enabled. + type: boolean + queryPlansPerMinute: + description: Number of query execution plans captured by Insights + per minute for all queries combined. Between 0 and 20. Default + to 5. + format: int64 + type: integer + queryStringLength: + description: Maximum query length stored in bytes. Between + 256 and 4500. Default to 1024. + format: int64 + type: integer + recordApplicationTags: + description: True if Query Insights will record application + tags from query when enabled. + type: boolean + recordClientAddress: + description: True if Query Insights will record client address + when enabled. + type: boolean + type: object + ipConfiguration: + properties: + allocatedIpRange: + description: 'The name of the allocated ip range for the private + ip CloudSQL instance. For example: "google-managed-services-default". + If set, the instance ip will be created in the allocated + range. The range name must comply with RFC 1035. Specifically, + the name must be 1-63 characters long and match the regular + expression [a-z]([-a-z0-9]*[a-z0-9])?.' + type: string + authorizedNetworks: + items: + properties: + expirationTime: + type: string + name: + type: string + value: + type: string + required: + - value + type: object + type: array + enablePrivatePathForGoogleCloudServices: + description: Whether Google Cloud services such as BigQuery + are allowed to access data in this Cloud SQL instance over + a private IP connection. SQLSERVER database type is not + supported. + type: boolean + ipv4Enabled: + description: Whether this Cloud SQL instance should be assigned + a public IPV4 address. At least ipv4_enabled must be enabled + or a private_network must be configured. + type: boolean + privateNetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed Compute + Network resource. Should be in the format `projects//global/networks/`. + type: string + name: + description: The `name` field of a `ComputeNetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeNetwork` + resource. + type: string + type: object + pscConfig: + description: PSC settings for a Cloud SQL instance. + items: + properties: + allowedConsumerProjects: + description: List of consumer projects that are allow-listed + for PSC connections to this instance. This instance + can be connected to with PSC from any network in these + projects. Each consumer project in this list may be + represented by a project number (numeric) or by a + project id (alphanumeric). + items: + type: string + type: array + pscEnabled: + description: Whether PSC connectivity is enabled for + this instance. + type: boolean + type: object + type: array + requireSsl: + type: boolean + sslMode: + description: Specify how SSL connection should be enforced + in DB connections. This field provides more SSL enforcment + options compared to requireSsl. To change this field, also + set the correspoding value in requireSsl if it has been + set. + type: string + type: object + locationPreference: + properties: + followGaeApplication: + description: A Google App Engine application whose zone to + remain in. Must be in the same region as this instance. + type: string + secondaryZone: + description: The preferred Compute Engine zone for the secondary/failover. + type: string + zone: + description: The preferred compute engine zone. + type: string + type: object + maintenanceWindow: + description: Declares a one-hour maintenance window when an Instance + can automatically restart to apply updates. The maintenance + window is specified in UTC time. + properties: + day: + description: Day of week (1-7), starting on Monday. + format: int64 + type: integer + hour: + description: Hour of day (0-23), ignored if day not set. + format: int64 + type: integer + updateTrack: + description: Receive updates earlier (canary) or later (stable). + type: string + type: object + passwordValidationPolicy: + properties: + complexity: + description: Password complexity. + type: string + disallowUsernameSubstring: + description: Disallow username as a part of the password. + type: boolean + enablePasswordPolicy: + description: Whether the password policy is enabled or not. + type: boolean + minLength: + description: Minimum number of characters allowed. + format: int64 + type: integer + passwordChangeInterval: + description: Minimum interval after which the password can + be changed. This flag is only supported for PostgresSQL. + type: string + reuseInterval: + description: Number of previous passwords that cannot be reused. + format: int64 + type: integer + required: + - enablePasswordPolicy + type: object + pricingPlan: + description: Pricing plan for this instance, can only be PER_USE. + type: string + replicationType: + description: DEPRECATED. This property is only applicable to First + Generation instances, and First Generation instances are now + deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice + for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove + this field from your configuration. + type: string + sqlServerAuditConfig: + properties: + bucketRef: + description: The name of the destination bucket (e.g., gs://mybucket). + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The StorageBucket selfLink, when not managed + by Config Connector. + type: string + name: + description: The `name` field of a `StorageBucket` resource. + type: string + namespace: + description: The `namespace` field of a `StorageBucket` + resource. + type: string + type: object + retentionInterval: + description: 'How long to keep generated audit files. A duration + in seconds with up to nine fractional digits, terminated + by ''s''. Example: "3.5s"..' + type: string + uploadInterval: + description: 'How often to upload generated audit files. A + duration in seconds with up to nine fractional digits, terminated + by ''s''. Example: "3.5s".' + type: string + type: object + tier: + description: The machine type to use. See tiers for more details + and supported versions. Postgres supports only shared-core machine + types, and custom machine types such as db-custom-2-13312. See + the Custom Machine Type Documentation to learn about specifying + custom machine types. + type: string + timeZone: + description: Immutable. The time_zone to be used by the database + engine (supported only for SQL Server), in SQL Server timezone + format. + type: string + required: + - tier + type: object + required: + - settings + type: object + status: + properties: + availableMaintenanceVersions: + description: Available Maintenance versions. + items: + type: string + type: array + conditions: + description: Conditions represent the latest available observations + of the SQLInstance's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + connectionName: + description: The connection name of the instance to be used in connection + strings. For example, when connecting with Cloud SQL Proxy. + type: string + dnsName: + description: The dns name of the instance. + type: string + firstIpAddress: + type: string + instanceType: + description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', + 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. + type: string + ipAddress: + items: + properties: + ipAddress: + type: string + timeToRetire: + type: string + type: + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + privateIpAddress: + type: string + pscServiceAttachmentLink: + description: The link to service attachment of PSC instance. + type: string + publicIpAddress: + type: string + selfLink: + description: The URI of the created resource. + type: string + serverCaCert: + properties: + cert: + description: The CA Certificate used to connect to the SQL Instance + via SSL. + type: string + commonName: + description: The CN valid for the CA Cert. + type: string + createTime: + description: Creation time of the CA Cert. + type: string + expirationTime: + description: Expiration time of the CA Cert. + type: string + sha1Fingerprint: + description: SHA Fingerprint of the CA Cert. + type: string + type: object + serviceAccountEmailAddress: + description: The service account email address assigned to the instance. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: sqlsslcerts.sql.cnrm.cloud.google.com +spec: + group: sql.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SQLSSLCert + plural: sqlsslcerts + shortNames: + - gcpsqlsslcert + - gcpsqlsslcerts + singular: sqlsslcert + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + commonName: + description: Immutable. The common name to be used in the certificate + to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this + forces a new resource to be created. + type: string + instanceRef: + description: The Cloud SQL instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SQLInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated sha1Fingerprint + of the resource. Used for acquisition only. Leave unset to create + a new resource. + type: string + required: + - commonName + - instanceRef + type: object + status: + properties: + cert: + description: The actual certificate data for this client certificate. + type: string + certSerialNumber: + description: The serial number extracted from the certificate data. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the certificate was created in RFC 3339 + format, for example 2012-11-15T16:19:00.094Z. + type: string + expirationTime: + description: The time when the certificate expires in RFC 3339 format, + for example 2012-11-15T16:19:00.094Z. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + privateKey: + description: The private key associated with the client certificate. + type: string + serverCaCert: + description: The CA cert of the server this client cert was generated + from. + type: string + sha1Fingerprint: + description: The SHA1 Fingerprint of the certificate. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: sqlusers.sql.cnrm.cloud.google.com +spec: + group: sql.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SQLUser + plural: sqlusers + shortNames: + - gcpsqluser + - gcpsqlusers + singular: sqluser + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + host: + description: Immutable. The host the user can connect from. This is + only supported for MySQL instances. Don't set this field for PostgreSQL + instances. Can be an IP address. Changing this forces a new resource + to be created. + type: string + instanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SQLInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + password: + description: |- + The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to + either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + passwordPolicy: + properties: + allowedFailedAttempts: + description: Number of failed attempts allowed before the user + get locked. + type: integer + enableFailedAttemptsCheck: + description: If true, the check that will lock user after too + many failed login attempts will be enabled. + type: boolean + enablePasswordVerification: + description: If true, the user must specify the current password + before changing the password. This flag is supported only for + MySQL. + type: boolean + passwordExpirationDuration: + description: Password expiration duration with one week grace + period. + type: string + status: + items: + properties: + locked: + description: If true, user does not have login privileges. + type: boolean + passwordExpirationTime: + description: Password expiration duration with one week + grace period. + type: string + type: object + type: array + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The user type. It determines the method to authenticate the user during login. + The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", or "CLOUD_IAM_SERVICE_ACCOUNT". + type: string + required: + - instanceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + sqlServerUserDetails: + items: + properties: + disabled: + description: If the user has been disabled. + type: boolean + serverRoles: + description: The server roles for this user in the database. + items: + type: string + type: array + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: storagebucketaccesscontrols.storage.cnrm.cloud.google.com +spec: + group: storage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: StorageBucketAccessControl + plural: storagebucketaccesscontrols + shortNames: + - gcpstoragebucketaccesscontrol + - gcpstoragebucketaccesscontrols + singular: storagebucketaccesscontrol + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bucketRef: + description: Reference to the bucket. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + entity: + description: |- + Immutable. The entity holding the permission, in one of the following forms: + user-userId + user-email + group-groupId + group-email + domain-domain + project-team-projectId + allUsers + allAuthenticatedUsers + Examples: + The user liz@example.com would be user-liz@example.com. + The group example@googlegroups.com would be + group-example@googlegroups.com. + To refer to all members of the Google Apps for Business domain + example.com, the entity would be domain-example.com. + type: string + role: + description: 'The access permission for the entity. Possible values: + ["OWNER", "READER", "WRITER"].' + type: string + required: + - bucketRef + - entity + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + domain: + description: The domain associated with the entity. + type: string + email: + description: The email address associated with the entity. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: storagebuckets.storage.cnrm.cloud.google.com +spec: + group: storage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: StorageBucket + plural: storagebuckets + shortNames: + - gcpstoragebucket + - gcpstoragebuckets + singular: storagebucket + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoclass: + description: The bucket's autoclass configuration. + properties: + enabled: + description: While set to true, autoclass automatically transitions + objects in your bucket to appropriate storage classes based + on each object's access pattern. + type: boolean + required: + - enabled + type: object + bucketPolicyOnly: + description: |- + DEPRECATED. Please use the `uniformBucketLevelAccess` field as this field has been renamed by Google. The `uniformBucketLevelAccess` field will supersede this field. + Enables Bucket PolicyOnly access to a bucket. + type: boolean + cors: + description: The bucket's Cross-Origin Resource Sharing (CORS) configuration. + items: + properties: + maxAgeSeconds: + description: The value, in seconds, to return in the Access-Control-Max-Age + header used in preflight responses. + type: integer + method: + description: 'The list of HTTP methods on which to include CORS + response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted + in the list of methods, and means "any method".' + items: + type: string + type: array + origin: + description: 'The list of Origins eligible to receive CORS response + headers. Note: "*" is permitted in the list of origins, and + means "any Origin".' + items: + type: string + type: array + responseHeader: + description: The list of HTTP headers other than the simple + response headers to give permission for the user-agent to + share across domains. + items: + type: string + type: array + type: object + type: array + customPlacementConfig: + description: The bucket's custom location configuration, which specifies + the individual regions that comprise a dual-region bucket. If the + bucket is designated a single or multi-region, the parameters are + empty. + properties: + dataLocations: + description: 'Immutable. The list of individual regions that comprise + a dual-region bucket. See the docs for a list of acceptable + regions. Note: If any of the data_locations changes, it will + recreate the bucket.' + items: + type: string + type: array + required: + - dataLocations + type: object + defaultEventBasedHold: + description: Whether or not to automatically apply an eventBasedHold + to new objects added to the bucket. + type: boolean + encryption: + description: The bucket's encryption configuration. + properties: + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + lifecycleRule: + description: The bucket's Lifecycle Rules configuration. + items: + properties: + action: + description: The Lifecycle Rule's action configuration. A single + block of this type is supported. + properties: + storageClass: + description: 'The target Storage Class of objects affected + by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, + REGIONAL, NEARLINE, COLDLINE, ARCHIVE.' + type: string + type: + description: 'The type of the action of this Lifecycle Rule. + Supported values include: Delete, SetStorageClass and + AbortIncompleteMultipartUpload.' + type: string + required: + - type + type: object + condition: + description: The Lifecycle Rule's condition configuration. + properties: + age: + description: Minimum age of an object in days to satisfy + this condition. + type: integer + createdBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + customTimeBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + daysSinceCustomTime: + description: Number of days elapsed since the user-specified + timestamp set on an object. + type: integer + daysSinceNoncurrentTime: + description: "Number of days elapsed since the noncurrent + timestamp of an object. This\n\t\t\t\t\t\t\t\t\t\tcondition + is relevant only for versioned objects." + type: integer + matchesPrefix: + description: One or more matching name prefixes to satisfy + this condition. + items: + type: string + type: array + matchesStorageClass: + description: 'Storage Class of objects to satisfy this condition. + Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, + COLDLINE, ARCHIVE, STANDARD, DURABLE_REDUCED_AVAILABILITY.' + items: + type: string + type: array + matchesSuffix: + description: One or more matching name suffixes to satisfy + this condition. + items: + type: string + type: array + noncurrentTimeBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + numNewerVersions: + description: Relevant only for versioned objects. The number + of newer versions of an object to satisfy this condition. + type: integer + withState: + description: 'Match to live and/or archived objects. Unversioned + buckets have only live objects. Supported values include: + "LIVE", "ARCHIVED", "ANY".' + type: string + type: object + required: + - action + - condition + type: object + type: array + location: + default: US + description: Immutable. The Google Cloud Storage location. + type: string + logging: + description: The bucket's Access & Storage Logs configuration. + properties: + logBucket: + description: The bucket that will receive log objects. + type: string + logObjectPrefix: + description: The object prefix for log objects. If it's not provided, + by default Google Cloud Storage sets this to this bucket's name. + type: string + required: + - logBucket + type: object + publicAccessPrevention: + description: Prevents public access to a bucket. + type: string + requesterPays: + description: Enables Requester Pays on a storage bucket. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retentionPolicy: + description: Configuration of the bucket's data retention policy for + how long objects in the bucket should be retained. + properties: + isLocked: + description: 'If set to true, the bucket will be locked and permanently + restrict edits to the bucket''s retention policy. Caution: + Locking a bucket is an irreversible action.' + type: boolean + retentionPeriod: + description: The period of time, in seconds, that objects in the + bucket must be retained and cannot be deleted, overwritten, + or archived. The value must be less than 3,155,760,000 seconds. + type: integer + required: + - retentionPeriod + type: object + softDeletePolicy: + description: The bucket's soft delete policy, which defines the period + of time that soft-deleted objects will be retained, and cannot be + permanently deleted. If it is not provided, by default Google Cloud + Storage sets this to default soft delete policy. + properties: + retentionDurationSeconds: + description: The duration in seconds that soft-deleted objects + in the bucket will be retained and cannot be permanently deleted. + Default value is 604800. + type: integer + type: object + storageClass: + description: 'The Storage Class of the new bucket. Supported values + include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, + ARCHIVE.' + type: string + uniformBucketLevelAccess: + description: Enables uniform bucket-level access on a bucket. + type: boolean + versioning: + description: The bucket's Versioning configuration. + properties: + enabled: + description: While set to true, versioning is fully enabled for + this bucket. + type: boolean + required: + - enabled + type: object + website: + description: Configuration if the bucket acts as a website. + properties: + mainPageSuffix: + description: Behaves as the bucket's directory index where missing + objects are treated as potential directories. + type: string + notFoundPage: + description: The custom object to return when a requested resource + is not found. + type: string + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + softDeletePolicy: + description: The bucket's soft delete policy, which defines the + period of time that soft-deleted objects will be retained, and + cannot be permanently deleted. If it is not provided, by default + Google Cloud Storage sets this to default soft delete policy. + properties: + effectiveTime: + description: Server-determined value that indicates the time + from which the policy, or one with a greater retention, + was effective. This value is in RFC 3339 format. + type: string + retentionDurationSeconds: + description: The duration in seconds that soft-deleted objects + in the bucket will be retained and cannot be permanently + deleted. Default value is 604800. + type: integer + type: object + type: object + selfLink: + description: The URI of the created resource. + type: string + url: + description: The base URL of the bucket, in the format gs://. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: storagedefaultobjectaccesscontrols.storage.cnrm.cloud.google.com +spec: + group: storage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: StorageDefaultObjectAccessControl + plural: storagedefaultobjectaccesscontrols + shortNames: + - gcpstoragedefaultobjectaccesscontrol + - gcpstoragedefaultobjectaccesscontrols + singular: storagedefaultobjectaccesscontrol + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bucketRef: + description: Reference to the bucket. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + entity: + description: |- + The entity holding the permission, in one of the following forms: + * user-{{userId}} + * user-{{email}} (such as "user-liz@example.com") + * group-{{groupId}} + * group-{{email}} (such as "group-example@googlegroups.com") + * domain-{{domain}} (such as "domain-example.com") + * project-team-{{projectId}} + * allUsers + * allAuthenticatedUsers. + type: string + object: + description: The name of the object, if applied to an object. + type: string + role: + description: 'The access permission for the entity. Possible values: + ["OWNER", "READER"].' + type: string + required: + - bucketRef + - entity + - role + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + domain: + description: The domain associated with the entity. + type: string + email: + description: The email address associated with the entity. + type: string + entityId: + description: The ID for the entity. + type: string + generation: + description: The content generation of the object, if applied to an + object. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + projectTeam: + description: The project team associated with the entity. + properties: + projectNumber: + description: The project team associated with the entity. + type: string + team: + description: 'The team. Possible values: ["editors", "owners", + "viewers"].' + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: storagehmackeys.storage.cnrm.cloud.google.com +spec: + group: storage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: StorageHMACKey + plural: storagehmackeys + shortNames: + - gcpstoragehmackey + - gcpstoragehmackeys + singular: storagehmackey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated accessId of + the resource. Used for acquisition only. Leave unset to create a + new resource. + type: string + serviceAccountEmail: + description: Immutable. The email address of the key's associated + service account. + type: string + state: + description: 'The state of the key. Can be set to one of ACTIVE, INACTIVE. + Default value: "ACTIVE" Possible values: ["ACTIVE", "INACTIVE"].' + type: string + required: + - projectRef + - serviceAccountEmail + type: object + status: + properties: + accessId: + description: The access ID of the HMAC Key. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + secret: + description: HMAC secret key material. + type: string + timeCreated: + description: '''The creation time of the HMAC key in RFC 3339 format. + ''.' + type: string + updated: + description: '''The last modification time of the HMAC key metadata + in RFC 3339 format.''.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: storagenotifications.storage.cnrm.cloud.google.com +spec: + group: storage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: StorageNotification + plural: storagenotifications + shortNames: + - gcpstoragenotification + - gcpstoragenotifications + singular: storagenotification + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + customAttributes: + additionalProperties: + type: string + description: Immutable. A set of key/value attribute pairs to attach + to each Cloud Pub/Sub message published for this notification subscription. + type: object + eventTypes: + description: 'Immutable. List of event type filters for this notification + config. If not specified, Cloud Storage will send notifications + for all event types. The valid types are: "OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE", + "OBJECT_DELETE", "OBJECT_ARCHIVE".' + items: + type: string + type: array + objectNamePrefix: + description: Immutable. Specifies a prefix path filter for this notification + config. Cloud Storage will only send notifications for objects in + this bucket whose names begin with the specified prefix. + type: string + payloadFormat: + description: Immutable. The desired content of the Payload. One of + "JSON_API_V1" or "NONE". + type: string + resourceID: + description: Immutable. Optional. The service-generated notificationId + of the resource. Used for acquisition only. Leave unset to create + a new resource. + type: string + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - bucketRef + - payloadFormat + - topicRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + notificationId: + description: The ID of the created notification. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: storagetransferagentpools.storagetransfer.cnrm.cloud.google.com +spec: + group: storagetransfer.cnrm.cloud.google.com + names: + categories: + - gcp + kind: StorageTransferAgentPool + plural: storagetransferagentpools + shortNames: + - gcpstoragetransferagentpool + - gcpstoragetransferagentpools + singular: storagetransferagentpool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bandwidthLimit: + description: Specifies the bandwidth limit details. If this field + is unspecified, the default value is set as 'No Limit'. + properties: + limitMbps: + description: Bandwidth rate in megabytes per second, distributed + across all the agents in the pool. + type: string + required: + - limitMbps + type: object + displayName: + description: Specifies the client-specified AgentPool description. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: Specifies the state of the AgentPool. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: storagetransferjobs.storagetransfer.cnrm.cloud.google.com +spec: + group: storagetransfer.cnrm.cloud.google.com + names: + categories: + - gcp + kind: StorageTransferJob + plural: storagetransferjobs + shortNames: + - gcpstoragetransferjob + - gcpstoragetransferjobs + singular: storagetransferjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Unique description to identify the Transfer Job. + type: string + notificationConfig: + description: Notification configuration. + properties: + eventTypes: + description: Event types for which a notification is desired. + If empty, send notifications for all event types. The valid + types are "TRANSFER_OPERATION_SUCCESS", "TRANSFER_OPERATION_FAILED", + "TRANSFER_OPERATION_ABORTED". + items: + type: string + type: array + payloadFormat: + description: The desired format of the notification message payloads. + One of "NONE" or "JSON". + type: string + topicRef: + description: The PubSubTopic to which to publish notifications. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - payloadFormat + - topicRef + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + schedule: + description: Schedule specification defining when the Transfer Job + should be scheduled to start, end and what time to run. + properties: + repeatInterval: + description: 'Interval between the start of each scheduled transfer. + If unspecified, the default value is 24 hours. This value may + not be less than 1 hour. A duration in seconds with up to nine + fractional digits, terminated by ''s''. Example: "3.5s".' + type: string + scheduleEndDate: + description: The last day the recurring transfer will be run. + If schedule_end_date is the same as schedule_start_date, the + transfer will be executed only once. + properties: + day: + description: Day of month. Must be from 1 to 31 and valid + for the year and month. + type: integer + month: + description: Month of year. Must be from 1 to 12. + type: integer + year: + description: Year of date. Must be from 1 to 9999. + type: integer + required: + - day + - month + - year + type: object + scheduleStartDate: + description: The first day the recurring transfer is scheduled + to run. If schedule_start_date is in the past, the transfer + will run for the first time on the following day. + properties: + day: + description: Day of month. Must be from 1 to 31 and valid + for the year and month. + type: integer + month: + description: Month of year. Must be from 1 to 12. + type: integer + year: + description: Year of date. Must be from 1 to 9999. + type: integer + required: + - day + - month + - year + type: object + startTimeOfDay: + description: The time in UTC at which the transfer will be scheduled + to start in a day. Transfers may start later than this time. + If not specified, recurring and one-time transfers that are + scheduled to run today will run immediately; recurring transfers + that are scheduled to run on a future date will start at approximately + midnight UTC on that date. Note that when configuring a transfer + with the Cloud Platform Console, the transfer's start time in + a day is specified in your local timezone. + properties: + hours: + description: Hours of day in 24 hour format. Should be from + 0 to 23. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must be + from 0 to 999,999,999. + type: integer + seconds: + description: Seconds of minutes of the time. Must normally + be from 0 to 59. + type: integer + required: + - hours + - minutes + - nanos + - seconds + type: object + required: + - scheduleStartDate + type: object + status: + description: 'Status of the job. Default: ENABLED. NOTE: The effect + of the new job status takes place during a subsequent job run. For + example, if you change the job status from ENABLED to DISABLED, + and an operation spawned by the transfer is running, the status + change would not affect the current operation.' + type: string + transferSpec: + description: Transfer specification. + properties: + awsS3DataSource: + description: An AWS S3 data source. + properties: + awsAccessKey: + description: AWS credentials block. + properties: + accessKeyId: + description: AWS Key ID. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + secretAccessKey: + description: AWS Secret Access Key. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - accessKeyId + - secretAccessKey + type: object + bucketName: + description: S3 Bucket name. + type: string + path: + description: S3 Bucket path in bucket to transfer. + type: string + roleArn: + description: The Amazon Resource Name (ARN) of the role to + support temporary credentials via 'AssumeRoleWithWebIdentity'. + For more information about ARNs, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns). + When a role ARN is provided, Transfer Service fetches temporary + credentials for the session using a 'AssumeRoleWithWebIdentity' + call for the provided role using the [GoogleServiceAccount][] + for this project. + type: string + required: + - bucketName + type: object + azureBlobStorageDataSource: + description: An Azure Blob Storage data source. + properties: + azureCredentials: + description: ' Credentials used to authenticate API requests + to Azure.' + properties: + sasToken: + description: Azure shared access signature. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - sasToken + type: object + container: + description: The container to transfer from the Azure Storage + account. + type: string + path: + description: Root path to transfer objects. Must be an empty + string or full path name that ends with a '/'. This field + is treated as an object prefix. As such, it should generally + not begin with a '/'. + type: string + storageAccount: + description: The name of the Azure Storage account. + type: string + required: + - azureCredentials + - container + - storageAccount + type: object + gcsDataSink: + description: A Google Cloud Storage data sink. + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + path: + description: Google Cloud Storage path in bucket to transfer. + type: string + required: + - bucketRef + type: object + gcsDataSource: + description: A Google Cloud Storage data source. + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + path: + description: Google Cloud Storage path in bucket to transfer. + type: string + required: + - bucketRef + type: object + httpDataSource: + description: A HTTP URL data source. + properties: + listUrl: + description: The URL that points to the file that stores the + object list entries. This file must allow public access. + Currently, only URLs with HTTP and HTTPS schemes are supported. + type: string + required: + - listUrl + type: object + objectConditions: + description: Only objects that satisfy these object conditions + are included in the set of data source and data sink objects. + Object conditions based on objects' last_modification_time do + not exclude objects in a data sink. + properties: + excludePrefixes: + description: exclude_prefixes must follow the requirements + described for include_prefixes. + items: + type: string + type: array + includePrefixes: + description: If include_refixes is specified, objects that + satisfy the object conditions must have names that start + with one of the include_prefixes and that do not start with + any of the exclude_prefixes. If include_prefixes is not + specified, all objects except those that have names starting + with one of the exclude_prefixes must satisfy the object + conditions. + items: + type: string + type: array + lastModifiedBefore: + description: 'If specified, only objects with a "last modification + time" before this timestamp and objects that don''t have + a "last modification time" are transferred. A timestamp + in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" + and "2014-10-02T15:01:23.045123456Z".' + type: string + lastModifiedSince: + description: 'If specified, only objects with a "last modification + time" on or after this timestamp and objects that don''t + have a "last modification time" are transferred. A timestamp + in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" + and "2014-10-02T15:01:23.045123456Z".' + type: string + maxTimeElapsedSinceLastModification: + description: 'A duration in seconds with up to nine fractional + digits, terminated by ''s''. Example: "3.5s".' + type: string + minTimeElapsedSinceLastModification: + description: 'A duration in seconds with up to nine fractional + digits, terminated by ''s''. Example: "3.5s".' + type: string + type: object + posixDataSink: + description: A POSIX filesystem data sink. + properties: + rootDirectory: + description: Root directory path to the filesystem. + type: string + required: + - rootDirectory + type: object + posixDataSource: + description: A POSIX filesystem data source. + properties: + rootDirectory: + description: Root directory path to the filesystem. + type: string + required: + - rootDirectory + type: object + sinkAgentPoolName: + description: Immutable. Specifies the agent pool name associated + with the posix data source. When unspecified, the default name + is used. + type: string + sourceAgentPoolName: + description: Immutable. Specifies the agent pool name associated + with the posix data source. When unspecified, the default name + is used. + type: string + transferOptions: + description: Characteristics of how to treat files from datasource + and sink during job. If the option delete_objects_unique_in_sink + is true, object conditions based on objects' last_modification_time + are ignored and do not exclude objects in a data source or a + data sink. + properties: + deleteObjectsFromSourceAfterTransfer: + description: Whether objects should be deleted from the source + after they are transferred to the sink. Note that this option + and delete_objects_unique_in_sink are mutually exclusive. + type: boolean + deleteObjectsUniqueInSink: + description: Whether objects that exist only in the sink should + be deleted. Note that this option and delete_objects_from_source_after_transfer + are mutually exclusive. + type: boolean + overwriteObjectsAlreadyExistingInSink: + description: Whether overwriting objects that already exist + in the sink is allowed. + type: boolean + overwriteWhen: + description: When to overwrite objects that already exist + in the sink. If not set, overwrite behavior is determined + by overwriteObjectsAlreadyExistingInSink. + type: string + type: object + type: object + required: + - description + - transferSpec + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTime: + description: When the Transfer Job was created. + type: string + deletionTime: + description: When the Transfer Job was deleted. + type: string + lastModificationTime: + description: When the Transfer Job was last modified. + type: string + name: + description: The name of the Transfer Job. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: tagslocationtagbindings.tags.cnrm.cloud.google.com +spec: + group: tags.cnrm.cloud.google.com + names: + categories: + - gcp + kind: TagsLocationTagBinding + plural: tagslocationtagbindings + shortNames: + - gcptagslocationtagbinding + - gcptagslocationtagbindings + singular: tagslocationtagbinding + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: + description: |- + Immutable. The geographic location where the transfer config should reside. + Examples: US, EU, asia-northeast1. The default value is US. + type: string + parentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `//cloudresourcemanager.googleapis.com/projects/{{value}}`, + where {{value}} is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + tagValueRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `tagValues/{{value}}`, + where {{value}} is the `name` field of a `TagsTagValue` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - parentRef + - tagValueRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The generated id for the TagBinding. This is a string + of the form: ''tagBindings/{full-resource-name}/{tag-value-name}''.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: tagstagbindings.tags.cnrm.cloud.google.com +spec: + group: tags.cnrm.cloud.google.com + names: + categories: + - gcp + kind: TagsTagBinding + plural: tagstagbindings + shortNames: + - gcptagstagbinding + - gcptagstagbindings + singular: tagstagbinding + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + parentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `//cloudresourcemanager.googleapis.com/projects/{{value}}`, + where {{value}} is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + tagValueRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `tagValues/{{value}}`, + where {{value}} is the `name` field of a `TagsTagValue` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - parentRef + - tagValueRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The generated id for the TagBinding. This is a string + of the form: ''tagBindings/{full-resource-name}/{tag-value-name}''.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: tagstagkeys.tags.cnrm.cloud.google.com +spec: + group: tags.cnrm.cloud.google.com + names: + categories: + - gcp + kind: TagsTagKey + plural: tagstagkeys + shortNames: + - gcptagstagkey + - gcptagstagkeys + singular: tagstagkey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: User-assigned description of the TagKey. Must not exceed + 256 characters. + type: string + parent: + description: Immutable. Input only. The resource name of the new TagKey's + parent. Must be of the form organizations/{org_id} or projects/{project_id_or_number}. + type: string + purpose: + description: |- + Immutable. Optional. A purpose cannot be changed once set. + + A purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. Possible values: ["GCE_FIREWALL"]. + type: string + purposeData: + additionalProperties: + type: string + description: |- + Immutable. Optional. Purpose data cannot be changed once set. + + Purpose data corresponds to the policy system that the tag is intended for. For example, the GCE_FIREWALL purpose expects data in the following format: 'network = "/"'. + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + shortName: + description: |- + Immutable. Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. + + The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + type: string + required: + - parent + - shortName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Output only. Creation time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + name: + description: The generated numeric id for the TagKey. + type: string + namespacedName: + description: Output only. Namespaced name of the TagKey. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + Output only. Update time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: tagstagvalues.tags.cnrm.cloud.google.com +spec: + group: tags.cnrm.cloud.google.com + names: + categories: + - gcp + kind: TagsTagValue + plural: tagstagvalues + shortNames: + - gcptagstagvalue + - gcptagstagvalues + singular: tagstagvalue + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: User-assigned description of the TagValue. Must not exceed + 256 characters. + type: string + parentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `tagKeys/{{value}}`, + where {{value}} is the `name` field of a `TagsTagKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + shortName: + description: |- + Immutable. Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. + + The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + type: string + required: + - parentRef + - shortName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Output only. Creation time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + name: + description: The generated numeric id for the TagValue. + type: string + namespacedName: + description: Output only. Namespaced name of the TagValue. Will be + in the format {parentNamespace}/{tagKeyShortName}/{shortName}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + Output only. Update time. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: tpunodes.tpu.cnrm.cloud.google.com +spec: + group: tpu.cnrm.cloud.google.com + names: + categories: + - gcp + kind: TPUNode + plural: tpunodes + shortNames: + - gcptpunode + - gcptpunodes + singular: tpunode + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + acceleratorType: + description: Immutable. The type of hardware accelerators associated + with this node. + type: string + cidrBlock: + description: |- + Immutable. The CIDR block that the TPU node will use when selecting an IP + address. This CIDR block must be a /29 block; the Compute Engine + networks API forbids a smaller block, and using a larger block would + be wasteful (a node can only consume one IP address). + + Errors will occur if the CIDR block has already been used for a + currently existing TPU node, the CIDR block conflicts with any + subnetworks in the user's provided network, or the provided network + is peered with another network that is using that CIDR block. + type: string + description: + description: Immutable. The user-supplied description of the TPU. + Maximum of 512 characters. + type: string + network: + description: |- + Immutable. The name of a network to peer the TPU node to. It must be a + preexisting Compute Engine network inside of the project on which + this API has been activated. If none is provided, "default" will be + used. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + schedulingConfig: + description: Immutable. Sets the scheduling options for this TPU instance. + properties: + preemptible: + description: Immutable. Defines whether the TPU instance is preemptible. + type: boolean + required: + - preemptible + type: object + tensorflowVersion: + description: The version of Tensorflow running in the Node. + type: string + useServiceNetworking: + description: |- + Immutable. Whether the VPC peering for the node is set up through Service Networking API. + The VPC Peering should be set up before provisioning the node. If this field is set, + cidr_block field should not be specified. If the network that you want to peer the + TPU Node to is a Shared VPC network, the node must be created with this this field enabled. + type: boolean + zone: + description: Immutable. The GCP location for the TPU. If it is not + provided, the provider zone is used. + type: string + required: + - acceleratorType + - projectRef + - tensorflowVersion + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + networkEndpoints: + description: |- + The network endpoints where TPU workers can be accessed and sent work. + It is recommended that Tensorflow clients of the node first reach out + to the first (index 0) entry. + items: + properties: + ipAddress: + description: The IP address of this network endpoint. + type: string + port: + description: The port of this network endpoint. + type: integer + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + serviceAccount: + description: |- + The service account used to run the tensor flow services within the + node. To share resources, including Google Cloud Storage data, with + the Tensorflow job running in the Node, this account must have + permissions to that data. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaidatasets.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIDataset + plural: vertexaidatasets + shortNames: + - gcpvertexaidataset + - gcpvertexaidatasets + singular: vertexaidataset + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The user-defined name of the Dataset. The name can be + up to 128 characters long and can be consist of any UTF-8 characters. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for a + Dataset. If set, this Dataset and all sub-resources of this Dataset + will be secured by this key. + properties: + kmsKeyNameRef: + description: |- + Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. + The key needs to be in the same region as where the compute resource is created. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + metadataSchemaUri: + description: Immutable. Points to a YAML file stored on Google Cloud + Storage describing additional information about the Dataset. The + schema is defined as an OpenAPI 3.0.2 Schema Object. The schema + files that can be used here are found in gs://google-cloud-aiplatform/schema/dataset/metadata/. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the dataset. eg us-central1. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - metadataSchemaUri + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + createTime: + description: The timestamp of when the dataset was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + type: string + name: + description: The resource name of the Dataset. This value is set + by Google. + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The user-defined name of the Dataset. The name can be + up to 128 characters long and can be consist of any UTF-8 characters. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for a + Dataset. If set, this Dataset and all sub-resources of this Dataset + will be secured by this key. + properties: + kmsKeyNameRef: + description: |- + Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. + The key needs to be in the same region as where the compute resource is created. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + metadataSchemaUri: + description: Immutable. Points to a YAML file stored on Google Cloud + Storage describing additional information about the Dataset. The + schema is defined as an OpenAPI 3.0.2 Schema Object. The schema + files that can be used here are found in gs://google-cloud-aiplatform/schema/dataset/metadata/. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the dataset. eg us-central1. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - metadataSchemaUri + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + createTime: + description: The timestamp of when the dataset was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + type: string + name: + description: The resource name of the Dataset. This value is set + by Google. + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaiendpoints.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIEndpoint + plural: vertexaiendpoints + shortNames: + - gcpvertexaiendpoint + - gcpvertexaiendpoints + singular: vertexaiendpoint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the Endpoint. + type: string + displayName: + description: Required. The display name of the Endpoint. The name + can be up to 128 characters long and can consist of any UTF-8 characters. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for an + Endpoint. If set, this Endpoint and all sub-resources of this Endpoint + will be secured by this key. + properties: + kmsKeyNameRef: + description: |- + Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. + The key needs to be in the same region as where the compute resource is created. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyNameRef + type: object + networkRef: + description: |- + Optional. The full name of the Google Compute Engine network to which the Endpoint should be peered. + Private services access must already be configured for the network. If left unspecified, the Endpoint is not peered with any network. + Only one of the fields, network or enablePrivateServiceConnect, can be set. + Format: projects/{project_id}/global/networks/{network_name}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/global/networks/{{value}}`, + where {{value}} is the `name` field of a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region for the resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - displayName + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + createTime: + description: Output only. Timestamp when this Endpoint was created. + type: string + modelDeploymentMonitoringJob: + description: 'Output only. Resource name of the Model Monitoring + job associated with this Endpoint if monitoring is enabled by + CreateModelDeploymentMonitoringJob. Format: ''projects/{project}/locations/{location}/modelDeploymentMonitoringJobs/{model_deployment_monitoring_job}''.' + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the Endpoint. + type: string + displayName: + description: Required. The display name of the Endpoint. The name + can be up to 128 characters long and can consist of any UTF-8 characters. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for an + Endpoint. If set, this Endpoint and all sub-resources of this Endpoint + will be secured by this key. + properties: + kmsKeyNameRef: + description: |- + Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. + The key needs to be in the same region as where the compute resource is created. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyNameRef + type: object + networkRef: + description: |- + Optional. The full name of the Google Compute Engine network to which the Endpoint should be peered. + Private services access must already be configured for the network. If left unspecified, the Endpoint is not peered with any network. + Only one of the fields, network or enablePrivateServiceConnect, can be set. + Format: projects/{project_id}/global/networks/{network_name}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/global/networks/{{value}}`, + where {{value}} is the `name` field of a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region for the resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - displayName + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + createTime: + description: Output only. Timestamp when this Endpoint was created. + type: string + modelDeploymentMonitoringJob: + description: 'Output only. Resource name of the Model Monitoring + job associated with this Endpoint if monitoring is enabled by + CreateModelDeploymentMonitoringJob. Format: ''projects/{project}/locations/{location}/modelDeploymentMonitoringJobs/{model_deployment_monitoring_job}''.' + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaifeaturestoreentitytypefeatures.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIFeaturestoreEntityTypeFeature + plural: vertexaifeaturestoreentitytypefeatures + shortNames: + - gcpvertexaifeaturestoreentitytypefeature + - gcpvertexaifeaturestoreentitytypefeatures + singular: vertexaifeaturestoreentitytypefeature + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Description of the feature. + type: string + entitytype: + description: Immutable. The name of the Featurestore to use, in the + format projects/{project}/locations/{location}/featurestores/{featurestore}/entityTypes/{entitytype}. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + valueType: + description: Immutable. Type of Feature value. Immutable. https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featurestores.entityTypes.features#ValueType. + type: string + required: + - entitytype + - valueType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the entity type was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + etag: + description: Used to perform consistent read-modify-write updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: The region of the feature. + type: string + updateTime: + description: The timestamp when the entity type was most recently + updated in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaifeaturestoreentitytypes.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIFeaturestoreEntityType + plural: vertexaifeaturestoreentitytypes + shortNames: + - gcpvertexaifeaturestoreentitytype + - gcpvertexaifeaturestoreentitytypes + singular: vertexaifeaturestoreentitytype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. Description of the EntityType. + type: string + featurestore: + description: Immutable. The name of the Featurestore to use, in the + format projects/{project}/locations/{location}/featurestores/{featurestore}. + type: string + monitoringConfig: + description: |- + The default monitoring configuration for all Features under this EntityType. + + If this is populated with [FeaturestoreMonitoringConfig.monitoring_interval] specified, snapshot analysis monitoring is enabled. Otherwise, snapshot analysis monitoring is disabled. + properties: + categoricalThresholdConfig: + description: Threshold for categorical features of anomaly detection. + This is shared by all types of Featurestore Monitoring for categorical + features (i.e. Features with type (Feature.ValueType) BOOL or + STRING). + properties: + value: + description: Specify a threshold value that can trigger the + alert. For categorical feature, the distribution distance + is calculated by L-inifinity norm. Each feature must have + a non-zero threshold if they need to be monitored. Otherwise + no alert will be triggered for that feature. The default + value is 0.3. + type: number + required: + - value + type: object + importFeaturesAnalysis: + description: The config for ImportFeatures Analysis Based Feature + Monitoring. + properties: + anomalyDetectionBaseline: + description: |- + Defines the baseline to do anomaly detection for feature values imported by each [entityTypes.importFeatureValues][] operation. The value must be one of the values below: + * LATEST_STATS: Choose the later one statistics generated by either most recent snapshot analysis or previous import features analysis. If non of them exists, skip anomaly detection and only generate a statistics. + * MOST_RECENT_SNAPSHOT_STATS: Use the statistics generated by the most recent snapshot analysis if exists. + * PREVIOUS_IMPORT_FEATURES_STATS: Use the statistics generated by the previous import features analysis if exists. + type: string + state: + description: |- + Whether to enable / disable / inherite default hebavior for import features analysis. The value must be one of the values below: + * DEFAULT: The default behavior of whether to enable the monitoring. EntityType-level config: disabled. + * ENABLED: Explicitly enables import features analysis. EntityType-level config: by default enables import features analysis for all Features under it. + * DISABLED: Explicitly disables import features analysis. EntityType-level config: by default disables import features analysis for all Features under it. + type: string + type: object + numericalThresholdConfig: + description: Threshold for numerical features of anomaly detection. + This is shared by all objectives of Featurestore Monitoring + for numerical features (i.e. Features with type (Feature.ValueType) + DOUBLE or INT64). + properties: + value: + description: Specify a threshold value that can trigger the + alert. For numerical feature, the distribution distance + is calculated by Jensen–Shannon divergence. Each feature + must have a non-zero threshold if they need to be monitored. + Otherwise no alert will be triggered for that feature. The + default value is 0.3. + type: number + required: + - value + type: object + snapshotAnalysis: + description: The config for Snapshot Analysis Based Feature Monitoring. + properties: + disabled: + description: 'The monitoring schedule for snapshot analysis. + For EntityType-level config: unset / disabled = true indicates + disabled by default for Features under it; otherwise by + default enable snapshot analysis monitoring with monitoringInterval + for Features under it.' + type: boolean + monitoringInterval: + description: |- + DEPRECATED. `monitoring_interval` is deprecated and will be removed in a future release. Configuration of the snapshot analysis based monitoring pipeline running interval. The value is rolled up to full day. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + monitoringIntervalDays: + description: |- + Configuration of the snapshot analysis based monitoring pipeline running interval. The value indicates number of days. The default value is 1. + If both FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days and [FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval][] are set when creating/updating EntityTypes/Features, FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days will be used. + type: integer + stalenessDays: + description: Customized export features time window for snapshot + analysis. Unit is one day. The default value is 21 days. + Minimum value is 1 day. Maximum value is 4000 days. + type: integer + type: object + type: object + offlineStorageTtlDays: + description: Config for data retention policy in offline storage. + TTL in days for feature values that will be stored in offline storage. + The Feature Store offline storage periodically removes obsolete + feature values older than offlineStorageTtlDays since the feature + generation time. If unset (or explicitly set to 0), default to 4000 + days TTL. + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - featurestore + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the featurestore was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + etag: + description: Used to perform consistent read-modify-write updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: The region of the EntityType. + type: string + updateTime: + description: The timestamp of when the featurestore was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaifeaturestores.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIFeaturestore + plural: vertexaifeaturestores + shortNames: + - gcpvertexaifeaturestore + - gcpvertexaifeaturestores + singular: vertexaifeaturestore + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + encryptionSpec: + description: If set, both of the online and offline data storage will + be secured by this key. + properties: + kmsKeyName: + description: 'The Cloud KMS resource identifier of the customer + managed encryption key used to protect a resource. Has the form: + projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. + The key needs to be in the same region as where the compute + resource is created.' + type: string + required: + - kmsKeyName + type: object + forceDestroy: + description: If set to true, any EntityTypes and Features for this + Featurestore will also be deleted. + type: boolean + onlineServingConfig: + description: Config for online serving resources. + properties: + fixedNodeCount: + description: The number of nodes for each cluster. The number + of nodes will not scale automatically but can be scaled manually + by providing different values when updating. + type: integer + scaling: + description: Online serving scaling configuration. Only one of + fixedNodeCount and scaling can be set. Setting one will reset + the other. + properties: + maxNodeCount: + description: The maximum number of nodes to scale up to. Must + be greater than minNodeCount, and less than or equal to + 10 times of 'minNodeCount'. + type: integer + minNodeCount: + description: The minimum number of nodes to scale down to. + Must be greater than or equal to 1. + type: integer + required: + - maxNodeCount + - minNodeCount + type: object + type: object + onlineStorageTtlDays: + description: TTL in days for feature values that will be stored in + online serving storage. The Feature Store online storage periodically + removes obsolete feature values older than onlineStorageTtlDays + since the feature generation time. Note that onlineStorageTtlDays + should be less than or equal to offlineStorageTtlDays for each EntityType + under a featurestore. If not set, default to 4000 days. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the dataset. eg us-central1. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the featurestore was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + etag: + description: Used to perform consistent read-modify-write updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: The timestamp of when the featurestore was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaiindexendpoints.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIIndexEndpoint + plural: vertexaiindexendpoints + shortNames: + - gcpvertexaiindexendpoint + - gcpvertexaiindexendpoints + singular: vertexaiindexendpoint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the Index. + type: string + displayName: + description: The display name of the Index. The name can be up to + 128 characters long and can consist of any UTF-8 characters. + type: string + network: + description: |- + Immutable. The full name of the Google Compute Engine [network](https://cloud.google.com//compute/docs/networks-and-firewalls#networks) to which the index endpoint should be peered. + Private services access must already be configured for the network. If left unspecified, the index endpoint is not peered with any network. + [Format](https://cloud.google.com/compute/docs/reference/rest/v1/networks/insert): 'projects/{project}/global/networks/{network}'. + Where '{project}' is a project number, as in '12345', and '{network}' is network name. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + publicEndpointEnabled: + description: Immutable. If true, the deployed index will be accessible + through public endpoint. + type: boolean + region: + description: Immutable. The region of the index endpoint. eg us-central1. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the Index was created in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. + type: string + etag: + description: Used to perform consistent read-modify-write updates. + type: string + name: + description: The resource name of the Index. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + publicEndpointDomainName: + description: If publicEndpointEnabled is true, this field will be + populated with the domain name to use for this index endpoint. + type: string + updateTime: + description: The timestamp of when the Index was last updated in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaiindexes.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIIndex + plural: vertexaiindexes + shortNames: + - gcpvertexaiindex + - gcpvertexaiindexes + singular: vertexaiindex + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the Index. + type: string + displayName: + description: The display name of the Index. The name can be up to + 128 characters long and can consist of any UTF-8 characters. + type: string + indexUpdateMethod: + description: |- + Immutable. The update method to use with this Index. The value must be the followings. If not set, BATCH_UPDATE will be used by default. + * BATCH_UPDATE: user can call indexes.patch with files on Cloud Storage of datapoints to update. + * STREAM_UPDATE: user can call indexes.upsertDatapoints/DeleteDatapoints to update the Index and the updates will be applied in corresponding DeployedIndexes in nearly real-time. + type: string + metadata: + description: An additional information about the Index. + properties: + config: + description: Immutable. The configuration of the Matching Engine + Index. + properties: + algorithmConfig: + description: The configuration with regard to the algorithms + used for efficient search. + properties: + bruteForceConfig: + description: |- + Configuration options for using brute force search, which simply implements the + standard linear search in the database for each query. + type: object + x-kubernetes-preserve-unknown-fields: true + treeAhConfig: + description: |- + Configuration options for using the tree-AH algorithm (Shallow tree + Asymmetric Hashing). + Please refer to this paper for more details: https://arxiv.org/abs/1908.10396. + properties: + leafNodeEmbeddingCount: + description: Number of embeddings on each leaf node. + The default value is 1000 if not set. + type: integer + leafNodesToSearchPercent: + description: |- + The default percentage of leaf nodes that any query may be searched. Must be in + range 1-100, inclusive. The default value is 10 (means 10%) if not set. + type: integer + type: object + type: object + approximateNeighborsCount: + description: |- + The default number of neighbors to find via approximate search before exact reordering is + performed. Exact reordering is a procedure where results returned by an + approximate search algorithm are reordered via a more expensive distance computation. + Required if tree-AH algorithm is used. + type: integer + dimensions: + description: The number of dimensions of the input vectors. + type: integer + distanceMeasureType: + description: |- + The distance measure used in nearest neighbor search. The value must be one of the followings: + * SQUARED_L2_DISTANCE: Euclidean (L_2) Distance + * L1_DISTANCE: Manhattan (L_1) Distance + * COSINE_DISTANCE: Cosine Distance. Defined as 1 - cosine similarity. + * DOT_PRODUCT_DISTANCE: Dot Product Distance. Defined as a negative of the dot product. + type: string + featureNormType: + description: |- + Type of normalization to be carried out on each vector. The value must be one of the followings: + * UNIT_L2_NORM: Unit L2 normalization type + * NONE: No normalization type is specified. + type: string + shardSize: + description: |- + Immutable. Index data is split into equal parts to be processed. These are called "shards". + The shard size must be specified when creating an index. The value must be one of the followings: + * SHARD_SIZE_SMALL: Small (2GB) + * SHARD_SIZE_MEDIUM: Medium (20GB) + * SHARD_SIZE_LARGE: Large (50GB). + type: string + required: + - dimensions + type: object + contentsDeltaUri: + description: |- + Allows creating or replacing the contents of the Matching Engine Index. + When being updated, the existing content of the Index will be replaced by the data + from the latest contentsDeltaUri. + The string must be a valid Cloud Storage directory path. If this + field is set when calling IndexService.UpdateIndex, then no other + Index field can be also updated as part of the same call. + The expected structure and format of the files this URI points to is + described at https://cloud.google.com/vertex-ai/docs/matching-engine/using-matching-engine#input-data-format. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the index. eg us-central1. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + createTime: + description: The timestamp of when the Index was created in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. + type: string + indexStats: + description: Stats of the index resource. + items: + properties: + shardsCount: + description: The number of shards in the Index. + type: integer + vectorsCount: + description: The number of vectors in the Index. + type: string + type: object + type: array + metadataSchemaUri: + description: Points to a YAML file stored on Google Cloud Storage + describing additional information about the Index, that is specific + to it. Unset if the Index does not have any additional information. + type: string + name: + description: The resource name of the Index. + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the Index. + type: string + displayName: + description: The display name of the Index. The name can be up to + 128 characters long and can consist of any UTF-8 characters. + type: string + indexUpdateMethod: + description: |- + Immutable. The update method to use with this Index. The value must be the followings. If not set, BATCH_UPDATE will be used by default. + * BATCH_UPDATE: user can call indexes.patch with files on Cloud Storage of datapoints to update. + * STREAM_UPDATE: user can call indexes.upsertDatapoints/DeleteDatapoints to update the Index and the updates will be applied in corresponding DeployedIndexes in nearly real-time. + type: string + metadata: + description: An additional information about the Index. + properties: + config: + description: Immutable. The configuration of the Matching Engine + Index. + properties: + algorithmConfig: + description: The configuration with regard to the algorithms + used for efficient search. + properties: + bruteForceConfig: + description: |- + Configuration options for using brute force search, which simply implements the + standard linear search in the database for each query. + type: object + treeAhConfig: + description: |- + Configuration options for using the tree-AH algorithm (Shallow tree + Asymmetric Hashing). + Please refer to this paper for more details: https://arxiv.org/abs/1908.10396. + properties: + leafNodeEmbeddingCount: + description: Number of embeddings on each leaf node. + The default value is 1000 if not set. + type: integer + leafNodesToSearchPercent: + description: |- + The default percentage of leaf nodes that any query may be searched. Must be in + range 1-100, inclusive. The default value is 10 (means 10%) if not set. + type: integer + type: object + type: object + approximateNeighborsCount: + description: |- + The default number of neighbors to find via approximate search before exact reordering is + performed. Exact reordering is a procedure where results returned by an + approximate search algorithm are reordered via a more expensive distance computation. + Required if tree-AH algorithm is used. + type: integer + dimensions: + description: The number of dimensions of the input vectors. + type: integer + distanceMeasureType: + description: |- + The distance measure used in nearest neighbor search. The value must be one of the followings: + * SQUARED_L2_DISTANCE: Euclidean (L_2) Distance + * L1_DISTANCE: Manhattan (L_1) Distance + * COSINE_DISTANCE: Cosine Distance. Defined as 1 - cosine similarity. + * DOT_PRODUCT_DISTANCE: Dot Product Distance. Defined as a negative of the dot product. + type: string + featureNormType: + description: |- + Type of normalization to be carried out on each vector. The value must be one of the followings: + * UNIT_L2_NORM: Unit L2 normalization type + * NONE: No normalization type is specified. + type: string + shardSize: + description: |- + Immutable. Index data is split into equal parts to be processed. These are called "shards". + The shard size must be specified when creating an index. The value must be one of the followings: + * SHARD_SIZE_SMALL: Small (2GB) + * SHARD_SIZE_MEDIUM: Medium (20GB) + * SHARD_SIZE_LARGE: Large (50GB). + type: string + required: + - dimensions + type: object + contentsDeltaUri: + description: |- + Allows creating or replacing the contents of the Matching Engine Index. + When being updated, the existing content of the Index will be replaced by the data + from the latest contentsDeltaUri. + The string must be a valid Cloud Storage directory path. If this + field is set when calling IndexService.UpdateIndex, then no other + Index field can be also updated as part of the same call. + The expected structure and format of the files this URI points to is + described at https://cloud.google.com/vertex-ai/docs/matching-engine/using-matching-engine#input-data-format. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the index. eg us-central1. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + createTime: + description: The timestamp of when the Index was created in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. + type: string + indexStats: + description: Stats of the index resource. + items: + properties: + shardsCount: + description: The number of shards in the Index. + type: integer + vectorsCount: + description: The number of vectors in the Index. + type: string + type: object + type: array + metadataSchemaUri: + description: Points to a YAML file stored on Google Cloud Storage + describing additional information about the Index, that is specific + to it. Unset if the Index does not have any additional information. + type: string + name: + description: The resource name of the Index. + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaimetadatastores.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIMetadataStore + plural: vertexaimetadatastores + shortNames: + - gcpvertexaimetadatastore + - gcpvertexaimetadatastores + singular: vertexaimetadatastore + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. Description of the MetadataStore. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for a + MetadataStore. If set, this MetadataStore and all sub-resources + of this MetadataStore will be secured by this key. + properties: + kmsKeyName: + description: |- + Immutable. Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the Metadata Store. eg us-central1. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the MetadataStore was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: State information of the MetadataStore. + items: + properties: + diskUtilizationBytes: + description: The disk utilization of the MetadataStore in bytes. + type: string + type: object + type: array + updateTime: + description: The timestamp of when the MetadataStore was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaitensorboards.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAITensorboard + plural: vertexaitensorboards + shortNames: + - gcpvertexaitensorboard + - gcpvertexaitensorboards + singular: vertexaitensorboard + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Description of this Tensorboard. + type: string + displayName: + description: User provided name of this Tensorboard. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for a + Tensorboard. If set, this Tensorboard and all sub-resources of this + Tensorboard will be secured by this key. + properties: + kmsKeyName: + description: |- + Immutable. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. + type: string + required: + - kmsKeyName + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the tensorboard. eg us-central1. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - projectRef + - region + type: object + status: + properties: + blobStoragePathPrefix: + description: Consumer project Cloud Storage path prefix used to store + blob data, which can either be a bucket or directory. Does not end + with a '/'. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the Tensorboard was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + name: + description: Name of the Tensorboard. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + runCount: + description: The number of Runs stored in this Tensorboard. + type: string + updateTime: + description: The timestamp of when the Tensorboard was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vpcaccessconnectors.vpcaccess.cnrm.cloud.google.com +spec: + group: vpcaccess.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VPCAccessConnector + plural: vpcaccessconnectors + shortNames: + - gcpvpcaccessconnector + - gcpvpcaccessconnectors + singular: vpcaccessconnector + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + ipCidrRange: + description: 'Immutable. The range of internal addresses that follows + RFC 4632 notation. Example: ''10.132.0.0/28''.' + type: string + location: + description: 'Location represents the geographical location of the + VPCAccessConnector. Specify a region name. Reference: GCP definition + of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + machineType: + description: Immutable. Machine type of VM Instance underlying connector. + Default is e2-micro. + type: string + maxInstances: + description: Immutable. Maximum value of instances in autoscaling + group underlying the connector. + type: integer + maxThroughput: + description: Immutable. Maximum throughput of the connector in Mbps, + must be greater than 'min_throughput'. Default is 300. + type: integer + minInstances: + description: Immutable. Minimum value of instances in autoscaling + group underlying the connector. + type: integer + minThroughput: + description: Immutable. Minimum throughput of the connector in Mbps. + Default and min is 200. + type: integer + networkRef: + description: Immutable. Name or self_link of the VPC network. Required + if 'ip_cidr_range' is set. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnet: + description: Immutable. The subnet in which to house the connector. + properties: + nameRef: + description: |- + Immutable. Subnet name (relative, not fully qualified). E.g. if the full subnet selfLink is + https://compute.googleapis.com/compute/v1/projects/{project}/regions/{region}/subnetworks/{subnetName} the correct input for this field would be {subnetName}" + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. Project in which the subnet exists. If + not set, this project is assumed to be the project for which + the connector create request was issued. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + connectedProjects: + description: List of projects using the connector. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The fully qualified name of this VPC connector. + type: string + state: + description: State of the VPC access connector. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: workflowsworkflows.workflows.cnrm.cloud.google.com +spec: + group: workflows.cnrm.cloud.google.com + names: + categories: + - gcp + kind: WorkflowsWorkflow + plural: workflowsworkflows + shortNames: + - gcpworkflowsworkflow + - gcpworkflowsworkflows + singular: workflowsworkflow + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cryptoKeyName: + description: |- + The KMS key used to encrypt workflow and execution data. + + Format: projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey}. + type: string + description: + description: Description of the workflow provided by the user. Must + be at most 1000 unicode characters long. + type: string + namePrefix: + description: Immutable. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the workflow. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccount: + description: |- + Name of the service account associated with the latest workflow version. This service + account represents the identity of the workflow and determines what permissions the workflow has. + Format: projects/{project}/serviceAccounts/{account} or {account}. + Using - as a wildcard for the {project} or not providing one at all will infer the project from the account. + The {account} value can be the email address or the unique_id of the service account. + If not provided, workflow will use the project's default service account. + Modifying this field for an existing workflow results in a new workflow revision. + type: string + sourceContents: + description: Workflow code to be executed. The size limit is 32KB. + type: string + required: + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the workflow was created in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + revisionId: + description: The revision of the workflow. A new one is generated + if the service account or source contents is changed. + type: string + state: + description: State of the workflow deployment. + type: string + updateTime: + description: The timestamp of when the workflow was last updated in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: workstationclusters.workstations.cnrm.cloud.google.com +spec: + group: workstations.cnrm.cloud.google.com + names: + categories: + - gcp + kind: WorkstationCluster + listKind: WorkstationClusterList + plural: workstationclusters + singular: workstationcluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: WorkstationCluster is the Schema for the WorkstationCluster API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: WorkstationClusterSpec defines the desired state of WorkstationCluster + properties: + annotations: + description: Optional. Client-specified annotations. + items: + properties: + key: + description: Key for the annotation. + type: string + value: + description: Value for the annotation. + type: string + type: object + type: array + displayName: + description: Optional. Human-readable name for this workstation cluster. + type: string + labels: + description: Optional. [Labels](https://cloud.google.com/workstations/docs/label-resources) + that are applied to the workstation cluster and that are also propagated + to the underlying Compute Engine resources. + items: + properties: + key: + description: Key for the label. + type: string + value: + description: Value for the label. + type: string + type: object + type: array + location: + description: The location of the cluster. + type: string + networkRef: + description: Immutable. Reference to the Compute Engine network in + which instances associated with this workstation cluster will be + created. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed Compute Network + resource. Should be in the format `projects//global/networks/`. + type: string + name: + description: The `name` field of a `ComputeNetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeNetwork` resource. + type: string + type: object + privateClusterConfig: + description: Optional. Configuration for private workstation cluster. + properties: + allowedProjects: + description: Optional. Additional projects that are allowed to + attach to the workstation cluster's service attachment. By default, + the workstation cluster's project and the VPC host project (if + different) are allowed. + items: + description: The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: The `projectID` field of a project, when not + managed by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional + but must be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + type: array + enablePrivateEndpoint: + description: Immutable. Whether Workstations endpoint is private. + type: boolean + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + resourceID: + description: Immutable. The WorkstationCluster name. If not given, + the metadata.name will be used. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + subnetworkRef: + description: Immutable. Reference to the Compute Engine subnetwork + in which instances associated with this workstation cluster will + be created. Must be part of the subnetwork specified for this workstation + cluster. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The ComputeSubnetwork selflink of form "projects/{{project}}/regions/{{region}}/subnetworks/{{name}}", + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `ComputeSubnetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeSubnetwork` resource. + type: string + type: object + required: + - networkRef + - projectRef + - subnetworkRef + type: object + status: + description: WorkstationClusterStatus defines the config connector machine + state of WorkstationCluster + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the WorkstationCluster resource + in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + clusterHostname: + description: Output only. Hostname for the workstation cluster. + This field will be populated only when private endpoint is enabled. + To access workstations in the workstation cluster, create a + new DNS zone mapping this domain name to an internal IP address + and a forwarding rule mapping that address to the service attachment. + type: string + controlPlaneIP: + description: Output only. The private IP address of the control + plane for this workstation cluster. Workstation VMs need access + to this IP address to work with the service, so make sure that + your firewall rules allow egress from the workstation VMs to + this address. + type: string + createTime: + description: Output only. Time when this workstation cluster was + created. + type: string + degraded: + description: Output only. Whether this workstation cluster is + in degraded mode, in which case it may require user action to + restore full functionality. Details can be found in [conditions][google.cloud.workstations.v1.WorkstationCluster.conditions]. + type: boolean + deleteTime: + description: Output only. Time when this workstation cluster was + soft-deleted. + type: string + etag: + description: Optional. Checksum computed by the server. May be + sent on update and delete requests to make sure that the client + has an up-to-date value before proceeding. + type: string + gcpConditions: + description: Output only. Status conditions describing the workstation + cluster's current state. + items: + properties: + code: + description: The status code, which should be an enum value + of [google.rpc.Code][google.rpc.Code]. + format: int32 + type: integer + message: + description: A developer-facing error message, which should + be in English. Any user-facing error message should be + localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] + field, or localized by the client. + type: string + type: object + type: array + reconciling: + description: Output only. Indicates whether this workstation cluster + is currently being updated to match its intended state. + type: boolean + serviceAttachmentUri: + description: Output only. Service attachment URI for the workstation + cluster. The service attachment is created when private endpoint + is enabled. To access workstations in the workstation cluster, + configure access to the managed service using [Private Service + Connect](https://cloud.google.com/vpc/docs/configure-private-service-connect-services). + type: string + uid: + description: Output only. A system-assigned unique identifier + for this workstation cluster. + type: string + updateTime: + description: Output only. Time when this workstation cluster was + most recently updated. + type: string + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: WorkstationCluster is the Schema for the WorkstationCluster API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: WorkstationClusterSpec defines the desired state of WorkstationCluster + properties: + annotations: + description: Optional. Client-specified annotations. + items: + properties: + key: + description: Key for the annotation. + type: string + value: + description: Value for the annotation. + type: string + type: object + type: array + displayName: + description: Optional. Human-readable name for this workstation cluster. + type: string + labels: + description: Optional. [Labels](https://cloud.google.com/workstations/docs/label-resources) + that are applied to the workstation cluster and that are also propagated + to the underlying Compute Engine resources. + items: + properties: + key: + description: Key for the label. + type: string + value: + description: Value for the label. + type: string + type: object + type: array + location: + description: The location of the cluster. + type: string + networkRef: + description: Immutable. Reference to the Compute Engine network in + which instances associated with this workstation cluster will be + created. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed Compute Network + resource. Should be in the format `projects//global/networks/`. + type: string + name: + description: The `name` field of a `ComputeNetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeNetwork` resource. + type: string + type: object + privateClusterConfig: + description: Optional. Configuration for private workstation cluster. + properties: + allowedProjects: + description: Optional. Additional projects that are allowed to + attach to the workstation cluster's service attachment. By default, + the workstation cluster's project and the VPC host project (if + different) are allowed. + items: + description: The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: The `projectID` field of a project, when not + managed by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional + but must be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + type: array + enablePrivateEndpoint: + description: Immutable. Whether Workstations endpoint is private. + type: boolean + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + resourceID: + description: Immutable. The WorkstationCluster name. If not given, + the metadata.name will be used. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + subnetworkRef: + description: Immutable. Reference to the Compute Engine subnetwork + in which instances associated with this workstation cluster will + be created. Must be part of the subnetwork specified for this workstation + cluster. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The ComputeSubnetwork selflink of form "projects/{{project}}/regions/{{region}}/subnetworks/{{name}}", + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `ComputeSubnetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeSubnetwork` resource. + type: string + type: object + required: + - networkRef + - projectRef + - subnetworkRef + type: object + status: + description: WorkstationClusterStatus defines the config connector machine + state of WorkstationCluster + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the WorkstationCluster resource + in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + clusterHostname: + description: Output only. Hostname for the workstation cluster. + This field will be populated only when private endpoint is enabled. + To access workstations in the workstation cluster, create a + new DNS zone mapping this domain name to an internal IP address + and a forwarding rule mapping that address to the service attachment. + type: string + controlPlaneIP: + description: Output only. The private IP address of the control + plane for this workstation cluster. Workstation VMs need access + to this IP address to work with the service, so make sure that + your firewall rules allow egress from the workstation VMs to + this address. + type: string + createTime: + description: Output only. Time when this workstation cluster was + created. + type: string + degraded: + description: Output only. Whether this workstation cluster is + in degraded mode, in which case it may require user action to + restore full functionality. Details can be found in [conditions][google.cloud.workstations.v1.WorkstationCluster.conditions]. + type: boolean + deleteTime: + description: Output only. Time when this workstation cluster was + soft-deleted. + type: string + etag: + description: Optional. Checksum computed by the server. May be + sent on update and delete requests to make sure that the client + has an up-to-date value before proceeding. + type: string + gcpConditions: + description: Output only. Status conditions describing the workstation + cluster's current state. + items: + properties: + code: + description: The status code, which should be an enum value + of [google.rpc.Code][google.rpc.Code]. + format: int32 + type: integer + message: + description: A developer-facing error message, which should + be in English. Any user-facing error message should be + localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] + field, or localized by the client. + type: string + type: object + type: array + reconciling: + description: Output only. Indicates whether this workstation cluster + is currently being updated to match its intended state. + type: boolean + serviceAttachmentUri: + description: Output only. Service attachment URI for the workstation + cluster. The service attachment is created when private endpoint + is enabled. To access workstations in the workstation cluster, + configure access to the managed service using [Private Service + Connect](https://cloud.google.com/vpc/docs/configure-private-service-connect-services). + type: string + uid: + description: Output only. A system-assigned unique identifier + for this workstation cluster. + type: string + updateTime: + description: Output only. Time when this workstation cluster was + most recently updated. + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: workstationconfigs.workstations.cnrm.cloud.google.com +spec: + group: workstations.cnrm.cloud.google.com + names: + categories: + - gcp + kind: WorkstationConfig + listKind: WorkstationConfigList + plural: workstationconfigs + shortNames: + - gcpworkstationconfig + - gcpworkstationconfigs + singular: workstationconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: WorkstationConfig is the Schema for the WorkstationConfig API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: WorkstationConfigSpec defines the desired state of WorkstationConfig + properties: + annotations: + description: Optional. Client-specified annotations. + items: + properties: + key: + description: Key for the annotation. + type: string + value: + description: Value for the annotation. + type: string + type: object + type: array + container: + description: Optional. Container that runs upon startup for each workstation + using this workstation configuration. + properties: + args: + description: Optional. Arguments passed to the entrypoint. + items: + type: string + type: array + command: + description: Optional. If set, overrides the default ENTRYPOINT + specified by the image. + items: + type: string + type: array + env: + description: Optional. Environment variables passed to the container's + entrypoint. + items: + properties: + name: + description: Name is the name of the environment variable. + type: string + value: + description: Value is the value of the environment variable. + type: string + type: object + type: array + image: + description: |- + Optional. A Docker container image that defines a custom environment. + + Cloud Workstations provides a number of + [preconfigured + images](https://cloud.google.com/workstations/docs/preconfigured-base-images), + but you can create your own + [custom container + images](https://cloud.google.com/workstations/docs/custom-container-images). + If using a private image, the `host.gceInstance.serviceAccount` field + must be specified in the workstation configuration and must have + permission to pull the specified image. Otherwise, the image must be + publicly accessible. + type: string + runAsUser: + description: Optional. If set, overrides the USER specified in + the image with the given uid. + format: int32 + type: integer + workingDir: + description: Optional. If set, overrides the default DIR specified + by the image. + type: string + type: object + displayName: + description: Optional. Human-readable name for this workstation configuration. + type: string + encryptionKey: + description: |- + Immutable. Encrypts resources of this workstation configuration using a + customer-managed encryption key (CMEK). + + If specified, the boot disk of the Compute Engine instance and the + persistent disk are encrypted using this encryption key. If + this field is not set, the disks are encrypted using a generated + key. Customer-managed encryption keys do not protect disk metadata. + + If the customer-managed encryption key is rotated, when the workstation + instance is stopped, the system attempts to recreate the + persistent disk with the new version of the key. Be sure to keep + older versions of the key until the persistent disk is recreated. + Otherwise, data on the persistent disk might be lost. + + If the encryption key is revoked, the workstation session automatically + stops within 7 hours. + + Immutable after the workstation configuration is created. + properties: + kmsCryptoKeyRef: + description: Immutable. A reference to the Google Cloud KMS encryption + key. For example, `"projects/PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY_NAME"`. + The key must be in the same region as the workstation configuration. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed KMSCryptoKey. + Should be in the format `projects/[kms_project_id]/locations/[region]/keyRings/[key_ring_id]/cryptoKeys/[key]`. + type: string + name: + description: The `name` of a `KMSCryptoKey` resource. + type: string + namespace: + description: The `namespace` of a `KMSCryptoKey` resource. + type: string + type: object + serviceAccountRef: + description: Immutable. A reference to a service account to use + with the specified KMS key. We recommend that you use a separate + service account and follow KMS best practices. For more information, + see [Separation of duties](https://cloud.google.com/kms/docs/separation-of-duties) + and `gcloud kms keys add-iam-policy-binding` [`--member`](https://cloud.google.com/sdk/gcloud/reference/kms/keys/add-iam-policy-binding#--member). + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + host: + description: Optional. Runtime host for the workstation. + properties: + gceInstance: + description: Specifies a Compute Engine instance as the host. + properties: + bootDiskSizeGB: + description: Optional. The size of the boot disk for the VM + in gigabytes (GB). The minimum boot disk size is `30` GB. + Defaults to `50` GB. + format: int32 + type: integer + confidentialInstanceConfig: + description: Optional. A set of Compute Engine Confidential + VM instance options. + properties: + enableConfidentialCompute: + description: Optional. Whether the instance has confidential + compute enabled. + type: boolean + type: object + disablePublicIPAddresses: + description: Optional. When set to true, disables public IP + addresses for VMs. If you disable public IP addresses, you + must set up Private Google Access or Cloud NAT on your network. + If you use Private Google Access and you use `private.googleapis.com` + or `restricted.googleapis.com` for Container Registry and + Artifact Registry, make sure that you set up DNS records + for domains `*.gcr.io` and `*.pkg.dev`. Defaults to false + (VMs have public IP addresses). + type: boolean + enableNestedVirtualization: + description: |- + Optional. Whether to enable nested virtualization on Cloud Workstations + VMs created under this workstation configuration. + + Nested virtualization lets you run virtual machine (VM) instances + inside your workstation. Before enabling nested virtualization, + consider the following important considerations. Cloud Workstations + instances are subject to the [same restrictions as Compute Engine + instances](https://cloud.google.com/compute/docs/instances/nested-virtualization/overview#restrictions): + + * **Organization policy**: projects, folders, or + organizations may be restricted from creating nested VMs if the + **Disable VM nested virtualization** constraint is enforced in + the organization policy. For more information, see the + Compute Engine section, + [Checking whether nested virtualization is + allowed](https://cloud.google.com/compute/docs/instances/nested-virtualization/managing-constraint#checking_whether_nested_virtualization_is_allowed). + * **Performance**: nested VMs might experience a 10% or greater + decrease in performance for workloads that are CPU-bound and + possibly greater than a 10% decrease for workloads that are + input/output bound. + * **Machine Type**: nested virtualization can only be enabled on + workstation configurations that specify a + [machine_type][google.cloud.workstations.v1.WorkstationConfig.Host.GceInstance.machine_type] + in the N1 or N2 machine series. + * **GPUs**: nested virtualization may not be enabled on workstation + configurations with accelerators. + * **Operating System**: Because + [Container-Optimized + OS](https://cloud.google.com/compute/docs/images/os-details#container-optimized_os_cos) + does not support nested virtualization, when nested virtualization is + enabled, the underlying Compute Engine VM instances boot from an + [Ubuntu + LTS](https://cloud.google.com/compute/docs/images/os-details#ubuntu_lts) + image. + type: boolean + machineType: + description: Optional. The type of machine to use for VM instances—for + example, `"e2-standard-4"`. For more information about machine + types that Cloud Workstations supports, see the list of + [available machine types](https://cloud.google.com/workstations/docs/available-machine-types). + type: string + poolSize: + description: Optional. The number of VMs that the system should + keep idle so that new workstations can be started quickly + for new users. Defaults to `0` in the API. + format: int32 + type: integer + serviceAccountRef: + description: |- + Optional. A reference to the service account for Cloud + Workstations VMs created with this configuration. When specified, be + sure that the service account has `logginglogEntries.create` permission + on the project so it can write logs out to Cloud Logging. If using a + custom container image, the service account must have permissions to + pull the specified image. + + If you as the administrator want to be able to `ssh` into the + underlying VM, you need to set this value to a service account + for which you have the `iam.serviceAccounts.actAs` permission. + Conversely, if you don't want anyone to be able to `ssh` into the + underlying VM, use a service account where no one has that + permission. + + If not set, VMs run with a service account provided by the + Cloud Workstations service, and the image must be publicly + accessible. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `email` field of an `IAMServiceAccount` + resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + serviceAccountScopes: + description: Optional. Scopes to grant to the [service_account][google.cloud.workstations.v1.WorkstationConfig.Host.GceInstance.service_account]. + Various scopes are automatically added based on feature + usage. When specified, users of workstations under this + configuration must have `iam.serviceAccounts.actAs` on the + service account. + items: + type: string + type: array + shieldedInstanceConfig: + description: Optional. A set of Compute Engine Shielded instance + options. + properties: + enableIntegrityMonitoring: + description: Optional. Whether the instance has integrity + monitoring enabled. + type: boolean + enableSecureBoot: + description: Optional. Whether the instance has Secure + Boot enabled. + type: boolean + enableVTPM: + description: Optional. Whether the instance has the vTPM + enabled. + type: boolean + type: object + tags: + description: Optional. Network tags to add to the Compute + Engine VMs backing the workstations. This option applies + [network tags](https://cloud.google.com/vpc/docs/add-remove-network-tags) + to VMs created with this configuration. These network tags + enable the creation of [firewall rules](https://cloud.google.com/workstations/docs/configure-firewall-rules). + items: + type: string + type: array + type: object + type: object + idleTimeout: + description: |- + Optional. Number of seconds to wait before automatically stopping a + workstation after it last received user traffic. + + A value of `"0s"` indicates that Cloud Workstations VMs created with this + configuration should never time out due to idleness. + Provide + [duration](https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration) + terminated by `s` for seconds—for example, `"7200s"` (2 hours). + The default is `"1200s"` (20 minutes). + type: string + labels: + description: Optional. [Labels](https://cloud.google.com/workstations/docs/label-resources) + that are applied to the workstation configuration and that are also + propagated to the underlying Compute Engine resources. + items: + properties: + key: + description: Key for the label. + type: string + value: + description: Value for the label. + type: string + type: object + type: array + location: + description: The location of the WorkstationConfig. + type: string + parentRef: + description: Parent is a reference to the parent WorkstationCluster + for this WorkstationConfig. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed WorkstationCluster + resource. Should be in the format "projects//locations//workstationClusters/". + type: string + name: + description: The name of a WorkstationCluster resource. + type: string + namespace: + description: The namespace of a WorkstationCluster resource. + type: string + type: object + persistentDirectories: + description: Optional. Directories to persist across workstation sessions. + items: + properties: + gcePD: + description: A PersistentDirectory backed by a Compute Engine + persistent disk. + properties: + diskType: + description: Optional. The [type of the persistent disk](https://cloud.google.com/compute/docs/disks#disk-types) + for the home directory. Defaults to `"pd-standard"`. + type: string + fsType: + description: Optional. Type of file system that the disk + should be formatted with. The workstation image must support + this file system type. Must be empty if [source_snapshot][google.cloud.workstations.v1.WorkstationConfig.PersistentDirectory.GceRegionalPersistentDisk.source_snapshot] + is set. Defaults to `"ext4"`. + type: string + reclaimPolicy: + description: Optional. Whether the persistent disk should + be deleted when the workstation is deleted. Valid values + are `DELETE` and `RETAIN`. Defaults to `DELETE`. + type: string + sizeGB: + description: |- + Optional. The GB capacity of a persistent home directory for each + workstation created with this configuration. Must be empty if + [source_snapshot][google.cloud.workstations.v1.WorkstationConfig.PersistentDirectory.GceRegionalPersistentDisk.source_snapshot] + is set. + + Valid values are `10`, `50`, `100`, `200`, `500`, or `1000`. + Defaults to `200`. If less than `200` GB, the + [disk_type][google.cloud.workstations.v1.WorkstationConfig.PersistentDirectory.GceRegionalPersistentDisk.disk_type] + must be + `"pd-balanced"` or `"pd-ssd"`. + format: int32 + type: integer + sourceSnapshot: + description: Optional. Name of the snapshot to use as the + source for the disk. If set, [size_gb][google.cloud.workstations.v1.WorkstationConfig.PersistentDirectory.GceRegionalPersistentDisk.size_gb] + and [fs_type][google.cloud.workstations.v1.WorkstationConfig.PersistentDirectory.GceRegionalPersistentDisk.fs_type] + must be empty. + type: string + type: object + mountPath: + description: Optional. Location of this directory in the running + workstation. + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + readinessChecks: + description: Optional. Readiness checks to perform when starting a + workstation using this workstation configuration. Mark a workstation + as running only after all specified readiness checks return 200 + status codes. + items: + properties: + path: + description: Optional. Path to which the request should be sent. + type: string + port: + description: Optional. Port to which the request should be sent. + format: int32 + type: integer + type: object + type: array + replicaZones: + description: |- + Optional. Immutable. Specifies the zones used to replicate the VM and disk + resources within the region. If set, exactly two zones within the + workstation cluster's region must be specified—for example, + `['us-central1-a', 'us-central1-f']`. If this field is empty, two default + zones within the region are used. + + Immutable after the workstation configuration is created. + items: + type: string + type: array + resourceID: + description: Immutable. The WorkstationConfig name. If not given, + the metadata.name will be used. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + runningTimeout: + description: |- + Optional. Number of seconds that a workstation can run until it is + automatically shut down. We recommend that workstations be shut down daily + to reduce costs and so that security updates can be applied upon restart. + The + [idle_timeout][google.cloud.workstations.v1.WorkstationConfig.idle_timeout] + and + [running_timeout][google.cloud.workstations.v1.WorkstationConfig.running_timeout] + fields are independent of each other. Note that the + [running_timeout][google.cloud.workstations.v1.WorkstationConfig.running_timeout] + field shuts down VMs after the specified time, regardless of whether or not + the VMs are idle. + + Provide duration terminated by `s` for seconds—for example, `"54000s"` + (15 hours). Defaults to `"43200s"` (12 hours). A value of `"0s"` indicates + that workstations using this configuration should never time out. If + [encryption_key][google.cloud.workstations.v1.WorkstationConfig.encryption_key] + is set, it must be greater than `"0s"` and less than + `"86400s"` (24 hours). + + Warning: A value of `"0s"` indicates that Cloud Workstations VMs created + with this configuration have no maximum running time. This is strongly + discouraged because you incur costs and will not pick up security updates. + type: string + required: + - parentRef + - projectRef + type: object + status: + description: WorkstationConfigStatus defines the config connector machine + state of WorkstationConfig + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the WorkstationConfig resource + in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + createTime: + description: Output only. Time when this workstation configuration + was created. + type: string + degraded: + description: Output only. Whether this resource is degraded, in + which case it may require user action to restore full functionality. + See also the [conditions][google.cloud.workstations.v1.WorkstationConfig.conditions] + field. + type: boolean + deleteTime: + description: Output only. Time when this workstation configuration + was soft-deleted. + type: string + etag: + description: Optional. Checksum computed by the server. May be + sent on update and delete requests to make sure that the client + has an up-to-date value before proceeding. + type: string + gcpConditions: + description: Output only. Status conditions describing the current + resource state. + items: + properties: + code: + description: The status code, which should be an enum value + of [google.rpc.Code][google.rpc.Code]. + format: int32 + type: integer + message: + description: A developer-facing error message, which should + be in English. Any user-facing error message should be + localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] + field, or localized by the client. + type: string + type: object + type: array + pooledInstances: + description: Output only. Number of instances currently available + in the pool for faster workstation startup. + format: int32 + type: integer + uid: + description: Output only. A system-assigned unique identifier + for this workstation configuration. + type: string + updateTime: + description: Output only. Time when this workstation configuration + was most recently updated. + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operator/autopilot-channels/packages/configconnector/1.126.0-rc.1/namespaced/0-cnrm-system.yaml b/operator/autopilot-channels/packages/configconnector/1.126.0-rc.1/namespaced/0-cnrm-system.yaml new file mode 100644 index 0000000000..40fd25935c --- /dev/null +++ b/operator/autopilot-channels/packages/configconnector/1.126.0-rc.1/namespaced/0-cnrm-system.yaml @@ -0,0 +1,2807 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-resource-stats-recorder + namespace: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-unmanaged-detector + namespace: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-manager + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-cnrm-system-role + namespace: cnrm-system +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-cnrm-system-role + namespace: cnrm-system +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/system: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + name: cnrm-admin +rules: +- apiGroups: + - accesscontextmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - alloydb.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apigateway.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apigee.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apikeys.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - appengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - artifactregistry.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - beyondcorp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigquery.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigqueryanalyticshub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigqueryconnection.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigquerydatapolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigquerydatatransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigqueryreservation.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigtable.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - billingbudgets.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - binaryauthorization.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - certificatemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudasset.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudbuild.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudfunctions.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudfunctions2.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudidentity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudids.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudiot.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudscheduler.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudtasks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - compute.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - configcontroller.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - container.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - containeranalysis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - containerattached.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - datacatalog.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dataflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dataform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - datafusion.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dataproc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - datastore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - datastream.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - deploymentmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dialogflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dialogflowcx.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - discoveryengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dlp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dns.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - documentai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - edgecontainer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - edgenetwork.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - essentialcontacts.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - eventarc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - filestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firebase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firebasedatabase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firebasehosting.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firebasestorage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - gkebackup.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - gkehub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - healthcare.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - iam.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - iap.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - identityplatform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - kms.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - logging.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - memcache.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - memorystore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - mlengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - monitoring.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networkconnectivity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networkmanagement.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networksecurity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networkservices.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - notebooks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - orgpolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - osconfig.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - oslogin.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - privateca.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - privilegedaccessmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - pubsub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - pubsublite.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - recaptchaenterprise.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - redis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - resourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - run.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - secretmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - securesourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - securitycenter.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - servicedirectory.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - servicenetworking.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - serviceusage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - sourcerepo.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - spanner.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - sql.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - storage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - storagetransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tags.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tpu.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - vertexai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - vpcaccess.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - workflows.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - workstations.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-cluster-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - servicemappings + verbs: + - get + - list + - watch +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-ns-role +rules: +- apiGroups: + - "" + resources: + - events + - configmaps + - secrets + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-recorder-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-unmanaged-detector-cluster-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - list +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/system: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: cnrm-viewer +rules: +- apiGroups: + - accesscontextmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - alloydb.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apigateway.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apigee.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apikeys.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - appengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - artifactregistry.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - beyondcorp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquery.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryanalyticshub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryconnection.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquerydatapolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquerydatatransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryreservation.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigtable.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - billingbudgets.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - binaryauthorization.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - certificatemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudasset.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudbuild.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudfunctions.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudfunctions2.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudidentity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudids.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudiot.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudscheduler.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudtasks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - compute.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - configcontroller.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - container.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - containeranalysis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - containerattached.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datacatalog.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dataflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dataform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datafusion.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dataproc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datastore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datastream.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - deploymentmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dialogflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dialogflowcx.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - discoveryengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dlp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dns.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - documentai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - edgecontainer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - edgenetwork.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - essentialcontacts.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - eventarc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - filestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasedatabase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasehosting.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasestorage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - gkebackup.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - gkehub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - healthcare.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - iam.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - iap.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - identityplatform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - kms.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - logging.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - memcache.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - memorystore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - mlengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - monitoring.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networkconnectivity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networkmanagement.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networksecurity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networkservices.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - notebooks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - orgpolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - osconfig.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - oslogin.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - privateca.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - privilegedaccessmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - pubsub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - pubsublite.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - recaptchaenterprise.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - redis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - resourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - run.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - secretmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - securesourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - securitycenter.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - servicedirectory.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - servicenetworking.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - serviceusage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - sourcerepo.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - spanner.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - sql.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - storage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - storagetransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - tags.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - tpu.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - vertexai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - vpcaccess.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - workflows.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - workstations.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-role +rules: +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - servicemappings + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-role-binding + namespace: cnrm-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cnrm-deletiondefender-cnrm-system-role +subjects: +- kind: ServiceAccount + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-role-binding + namespace: cnrm-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cnrm-webhook-cnrm-system-role +subjects: +- kind: ServiceAccount + name: cnrm-webhook-manager + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-admin-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-admin +subjects: +- kind: ServiceAccount + name: cnrm-unmanaged-detector + namespace: cnrm-system +- kind: ServiceAccount + name: cnrm-resource-stats-recorder + namespace: cnrm-system +- kind: ServiceAccount + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-deletiondefender-role +subjects: +- kind: ServiceAccount + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-recorder-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-recorder-role +subjects: +- kind: ServiceAccount + name: cnrm-resource-stats-recorder + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-unmanaged-detector-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-unmanaged-detector-cluster-role +subjects: +- kind: ServiceAccount + name: cnrm-unmanaged-detector + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-webhook-role +subjects: +- kind: ServiceAccount + name: cnrm-webhook-manager + namespace: cnrm-system +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender + namespace: cnrm-system +spec: + ports: + - name: deletiondefender + port: 443 + selector: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + prometheus.io/port: "48797" + prometheus.io/scrape: "true" + labels: + cnrm.cloud.google.com/monitored: "true" + cnrm.cloud.google.com/system: "true" + name: cnrm-resource-stats-recorder-service + namespace: cnrm-system +spec: + ports: + - name: metrics + port: 8888 + targetPort: 48797 + selector: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" + name: cnrm-resource-stats-recorder + namespace: cnrm-system +spec: + replicas: 1 + revisionHistoryLimit: 1 + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" + strategy: + type: Recreate + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" + spec: + containers: + - args: + - --prometheus-scrape-endpoint=:48797 + - --metric-interval=60 + command: + - /configconnector/recorder + env: + - name: CONFIG_CONNECTOR_VERSION + value: 1.126.0-rc.1 + image: gcr.io/gke-release/cnrm/recorder:1.126.0-rc.1 + imagePullPolicy: Always + name: recorder + ports: + - containerPort: 48797 + protocol: TCP + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 64Mi + requests: + cpu: 20m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + hostNetwork: false + serviceAccountName: cnrm-resource-stats-recorder + terminationGracePeriodSeconds: 10 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-webhook-manager + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-manager + namespace: cnrm-system +spec: + revisionHistoryLimit: 1 + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-webhook-manager + cnrm.cloud.google.com/system: "true" + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-webhook-manager + cnrm.cloud.google.com/system: "true" + spec: + containers: + - command: + - /configconnector/webhook + env: + - name: GOMEMLIMIT + value: 110MiB + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/gke-release/cnrm/webhook:1.126.0-rc.1 + imagePullPolicy: Always + name: webhook + ports: + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 128Mi + requests: + cpu: 250m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + serviceAccountName: cnrm-webhook-manager + terminationGracePeriodSeconds: 10 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender + namespace: cnrm-system +spec: + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" + serviceName: cnrm-deletiondefender + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" + spec: + containers: + - command: + - /configconnector/deletiondefender + image: gcr.io/gke-release/cnrm/deletiondefender:1.126.0-rc.1 + imagePullPolicy: Always + name: deletiondefender + ports: + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 1Gi + requests: + cpu: 250m + memory: 1Gi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + serviceAccountName: cnrm-deletiondefender + terminationGracePeriodSeconds: 10 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-unmanaged-detector + cnrm.cloud.google.com/system: "true" + name: cnrm-unmanaged-detector + namespace: cnrm-system +spec: + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-unmanaged-detector + cnrm.cloud.google.com/system: "true" + serviceName: unmanaged-detector + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-unmanaged-detector + cnrm.cloud.google.com/system: "true" + spec: + containers: + - command: + - /configconnector/unmanageddetector + image: gcr.io/gke-release/cnrm/unmanageddetector:1.126.0-rc.1 + imagePullPolicy: Always + name: unmanageddetector + ports: + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 1Gi + requests: + cpu: 250m + memory: 512Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + serviceAccountName: cnrm-unmanaged-detector + terminationGracePeriodSeconds: 10 +--- +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + annotations: + autoscaling.alpha.kubernetes.io/metrics: '[{"type":"Resource","resource":{"name":"memory","targetAverageUtilization":70}}]' + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook + namespace: cnrm-system +spec: + maxReplicas: 20 + minReplicas: 2 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: cnrm-webhook-manager + targetCPUUtilizationPercentage: 70 diff --git a/operator/autopilot-channels/packages/configconnector/1.126.0-rc.1/namespaced/per-namespace-components.yaml b/operator/autopilot-channels/packages/configconnector/1.126.0-rc.1/namespaced/per-namespace-components.yaml new file mode 100644 index 0000000000..2d90dd11a2 --- /dev/null +++ b/operator/autopilot-channels/packages/configconnector/1.126.0-rc.1/namespaced/per-namespace-components.yaml @@ -0,0 +1,173 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + iam.gke.io/gcp-service-account: cnrm-system-${NAMESPACE?}@${PROJECT_ID?}.iam.gserviceaccount.com + labels: + cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} + cnrm.cloud.google.com/system: "true" + name: cnrm-controller-manager-${NAMESPACE?} + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + finalizers: + - configconnector.cnrm.cloud.google.com/finalizer + labels: + cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} + cnrm.cloud.google.com/system: "true" + name: cnrm-admin-binding-${NAMESPACE?} + namespace: ${NAMESPACE?} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-admin +subjects: +- kind: ServiceAccount + name: cnrm-controller-manager-${NAMESPACE?} + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + finalizers: + - configconnector.cnrm.cloud.google.com/finalizer + labels: + cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-ns-binding-${NAMESPACE?} + namespace: ${NAMESPACE?} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-manager-ns-role +subjects: +- kind: ServiceAccount + name: cnrm-controller-manager-${NAMESPACE?} + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-ns-binding-${NAMESPACE?} + namespace: cnrm-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-manager-ns-role +subjects: +- kind: ServiceAccount + name: cnrm-controller-manager-${NAMESPACE?} + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-cluster-binding-${NAMESPACE?} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-manager-cluster-role +subjects: +- kind: ServiceAccount + name: cnrm-controller-manager-${NAMESPACE?} + namespace: cnrm-system +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + prometheus.io/port: "8888" + prometheus.io/scrape: "true" + labels: + cnrm.cloud.google.com/monitored: "true" + cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-${NAMESPACE?} + namespace: cnrm-system +spec: + ports: + - name: controller-manager + port: 443 + - name: metrics + port: 8888 + selector: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} + cnrm.cloud.google.com/system: "true" +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} + cnrm.cloud.google.com/system: "true" + name: cnrm-controller-manager-${NAMESPACE?} + namespace: cnrm-system +spec: + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} + cnrm.cloud.google.com/system: "true" + serviceName: cnrm-manager-${NAMESPACE?} + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} + cnrm.cloud.google.com/system: "true" + spec: + containers: + - args: + - --scoped-namespace=${NAMESPACE?} + - --prometheus-scrape-endpoint=:8888 + command: + - /configconnector/manager + image: gcr.io/gke-release/cnrm/controller:1.126.0-rc.1 + imagePullPolicy: Always + name: manager + ports: + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + serviceAccountName: cnrm-controller-manager-${NAMESPACE?} + terminationGracePeriodSeconds: 10 diff --git a/operator/autopilot-channels/stable b/operator/autopilot-channels/stable index 950eec8b2a..b5e6dcbe65 100644 --- a/operator/autopilot-channels/stable +++ b/operator/autopilot-channels/stable @@ -1,2 +1,2 @@ manifests: - - version: 1.125.0 + - version: 1.126.0-rc.1 diff --git a/operator/channels/packages/configconnector/1.126.0-rc.1/cluster/gcp-identity/0-cnrm-system.yaml b/operator/channels/packages/configconnector/1.126.0-rc.1/cluster/gcp-identity/0-cnrm-system.yaml new file mode 100644 index 0000000000..2b0979edc3 --- /dev/null +++ b/operator/channels/packages/configconnector/1.126.0-rc.1/cluster/gcp-identity/0-cnrm-system.yaml @@ -0,0 +1,2828 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-controller-manager + namespace: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-resource-stats-recorder + namespace: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-manager + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-cnrm-system-role + namespace: cnrm-system +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-cnrm-system-role + namespace: cnrm-system +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/system: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + name: cnrm-admin +rules: +- apiGroups: + - accesscontextmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - alloydb.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apigateway.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apigee.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apikeys.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - appengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - artifactregistry.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - beyondcorp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigquery.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigqueryanalyticshub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigqueryconnection.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigquerydatapolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigquerydatatransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigqueryreservation.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigtable.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - billingbudgets.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - binaryauthorization.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - certificatemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudasset.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudbuild.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudfunctions.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudfunctions2.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudidentity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudids.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudiot.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudscheduler.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudtasks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - compute.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - configcontroller.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - container.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - containeranalysis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - containerattached.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - datacatalog.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dataflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dataform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - datafusion.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dataproc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - datastore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - datastream.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - deploymentmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dialogflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dialogflowcx.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - discoveryengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dlp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dns.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - documentai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - edgecontainer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - edgenetwork.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - essentialcontacts.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - eventarc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - filestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firebase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firebasedatabase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firebasehosting.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firebasestorage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - gkebackup.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - gkehub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - healthcare.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - iam.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - iap.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - identityplatform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - kms.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - logging.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - memcache.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - memorystore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - mlengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - monitoring.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networkconnectivity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networkmanagement.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networksecurity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networkservices.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - notebooks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - orgpolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - osconfig.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - oslogin.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - privateca.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - privilegedaccessmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - pubsub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - pubsublite.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - recaptchaenterprise.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - redis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - resourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - run.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - secretmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - securesourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - securitycenter.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - servicedirectory.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - servicenetworking.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - serviceusage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - sourcerepo.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - spanner.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - sql.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - storage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - storagetransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tags.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tpu.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - vertexai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - vpcaccess.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - workflows.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - workstations.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-cluster-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - servicemappings + verbs: + - get + - list + - watch +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-ns-role +rules: +- apiGroups: + - "" + resources: + - events + - configmaps + - secrets + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-recorder-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/system: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: cnrm-viewer +rules: +- apiGroups: + - accesscontextmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - alloydb.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apigateway.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apigee.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apikeys.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - appengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - artifactregistry.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - beyondcorp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquery.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryanalyticshub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryconnection.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquerydatapolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquerydatatransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryreservation.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigtable.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - billingbudgets.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - binaryauthorization.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - certificatemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudasset.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudbuild.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudfunctions.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudfunctions2.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudidentity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudids.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudiot.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudscheduler.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudtasks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - compute.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - configcontroller.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - container.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - containeranalysis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - containerattached.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datacatalog.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dataflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dataform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datafusion.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dataproc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datastore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datastream.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - deploymentmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dialogflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dialogflowcx.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - discoveryengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dlp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dns.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - documentai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - edgecontainer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - edgenetwork.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - essentialcontacts.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - eventarc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - filestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasedatabase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasehosting.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasestorage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - gkebackup.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - gkehub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - healthcare.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - iam.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - iap.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - identityplatform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - kms.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - logging.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - memcache.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - memorystore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - mlengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - monitoring.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networkconnectivity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networkmanagement.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networksecurity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networkservices.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - notebooks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - orgpolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - osconfig.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - oslogin.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - privateca.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - privilegedaccessmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - pubsub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - pubsublite.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - recaptchaenterprise.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - redis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - resourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - run.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - secretmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - securesourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - securitycenter.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - servicedirectory.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - servicenetworking.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - serviceusage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - sourcerepo.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - spanner.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - sql.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - storage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - storagetransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - tags.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - tpu.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - vertexai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - vpcaccess.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - workflows.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - workstations.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-role +rules: +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - servicemappings + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-role-binding + namespace: cnrm-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cnrm-deletiondefender-cnrm-system-role +subjects: +- kind: ServiceAccount + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-role-binding + namespace: cnrm-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cnrm-webhook-cnrm-system-role +subjects: +- kind: ServiceAccount + name: cnrm-webhook-manager + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-admin-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-admin +subjects: +- kind: ServiceAccount + name: cnrm-controller-manager + namespace: cnrm-system +- kind: ServiceAccount + name: cnrm-resource-stats-recorder + namespace: cnrm-system +- kind: ServiceAccount + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-deletiondefender-role +subjects: +- kind: ServiceAccount + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-manager-cluster-role +subjects: +- kind: ServiceAccount + name: cnrm-controller-manager + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-watcher-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-manager-ns-role +subjects: +- kind: ServiceAccount + name: cnrm-controller-manager + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-recorder-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-recorder-role +subjects: +- kind: ServiceAccount + name: cnrm-resource-stats-recorder + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-webhook-role +subjects: +- kind: ServiceAccount + name: cnrm-webhook-manager + namespace: cnrm-system +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender + namespace: cnrm-system +spec: + ports: + - name: deletiondefender + port: 443 + selector: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + prometheus.io/port: "8888" + prometheus.io/scrape: "true" + labels: + cnrm.cloud.google.com/monitored: "true" + cnrm.cloud.google.com/system: "true" + name: cnrm-manager + namespace: cnrm-system +spec: + ports: + - name: controller-manager + port: 443 + - name: metrics + port: 8888 + selector: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/system: "true" +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + prometheus.io/port: "48797" + prometheus.io/scrape: "true" + labels: + cnrm.cloud.google.com/monitored: "true" + cnrm.cloud.google.com/system: "true" + name: cnrm-resource-stats-recorder-service + namespace: cnrm-system +spec: + ports: + - name: metrics + port: 8888 + targetPort: 48797 + selector: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" + name: cnrm-resource-stats-recorder + namespace: cnrm-system +spec: + replicas: 1 + revisionHistoryLimit: 1 + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" + strategy: + type: Recreate + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" + spec: + containers: + - args: + - --prometheus-scrape-endpoint=:48797 + - --metric-interval=60 + command: + - /configconnector/recorder + env: + - name: CONFIG_CONNECTOR_VERSION + value: 1.126.0-rc.1 + image: gcr.io/gke-release/cnrm/recorder:1.126.0-rc.1 + imagePullPolicy: Always + name: recorder + ports: + - containerPort: 48797 + hostPort: 48797 + protocol: TCP + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 64Mi + requests: + cpu: 20m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + hostNetwork: true + serviceAccountName: cnrm-resource-stats-recorder + terminationGracePeriodSeconds: 10 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-webhook-manager + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-manager + namespace: cnrm-system +spec: + revisionHistoryLimit: 1 + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-webhook-manager + cnrm.cloud.google.com/system: "true" + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-webhook-manager + cnrm.cloud.google.com/system: "true" + spec: + containers: + - command: + - /configconnector/webhook + env: + - name: GOMEMLIMIT + value: 110MiB + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/gke-release/cnrm/webhook:1.126.0-rc.1 + imagePullPolicy: Always + name: webhook + ports: + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 128Mi + requests: + cpu: 250m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + serviceAccountName: cnrm-webhook-manager + terminationGracePeriodSeconds: 10 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/system: "true" + name: cnrm-controller-manager + namespace: cnrm-system +spec: + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/system: "true" + serviceName: cnrm-manager + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/system: "true" + spec: + containers: + - args: + - --prometheus-scrape-endpoint=:8888 + command: + - /configconnector/manager + env: + - name: GOOGLE_APPLICATION_CREDENTIALS + value: /var/secrets/google/key.json + image: gcr.io/gke-release/cnrm/controller:1.126.0-rc.1 + imagePullPolicy: Always + name: manager + ports: + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /var/secrets/google + name: gcp-service-account + enableServiceLinks: false + serviceAccountName: cnrm-controller-manager + terminationGracePeriodSeconds: 10 + volumes: + - name: gcp-service-account + secret: + secretName: gcp-key +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender + namespace: cnrm-system +spec: + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" + serviceName: cnrm-deletiondefender + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" + spec: + containers: + - command: + - /configconnector/deletiondefender + image: gcr.io/gke-release/cnrm/deletiondefender:1.126.0-rc.1 + imagePullPolicy: Always + name: deletiondefender + ports: + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 1Gi + requests: + cpu: 250m + memory: 1Gi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + serviceAccountName: cnrm-deletiondefender + terminationGracePeriodSeconds: 10 +--- +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + annotations: + autoscaling.alpha.kubernetes.io/metrics: '[{"type":"Resource","resource":{"name":"memory","targetAverageUtilization":70}}]' + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook + namespace: cnrm-system +spec: + maxReplicas: 20 + minReplicas: 2 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: cnrm-webhook-manager + targetCPUUtilizationPercentage: 70 diff --git a/operator/channels/packages/configconnector/1.126.0-rc.1/cluster/workload-identity/0-cnrm-system.yaml b/operator/channels/packages/configconnector/1.126.0-rc.1/cluster/workload-identity/0-cnrm-system.yaml new file mode 100644 index 0000000000..39f5440e3a --- /dev/null +++ b/operator/channels/packages/configconnector/1.126.0-rc.1/cluster/workload-identity/0-cnrm-system.yaml @@ -0,0 +1,2855 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + iam.gke.io/gcp-service-account: cnrm-system@${PROJECT_ID?}.iam.gserviceaccount.com + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-controller-manager + namespace: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-resource-stats-recorder + namespace: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-manager + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-cnrm-system-role + namespace: cnrm-system +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-cnrm-system-role + namespace: cnrm-system +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/system: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + name: cnrm-admin +rules: +- apiGroups: + - accesscontextmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - alloydb.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apigateway.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apigee.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apikeys.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - appengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - artifactregistry.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - beyondcorp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigquery.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigqueryanalyticshub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigqueryconnection.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigquerydatapolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigquerydatatransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigqueryreservation.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigtable.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - billingbudgets.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - binaryauthorization.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - certificatemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudasset.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudbuild.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudfunctions.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudfunctions2.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudidentity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudids.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudiot.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudscheduler.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudtasks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - compute.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - configcontroller.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - container.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - containeranalysis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - containerattached.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - datacatalog.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dataflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dataform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - datafusion.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dataproc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - datastore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - datastream.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - deploymentmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dialogflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dialogflowcx.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - discoveryengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dlp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dns.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - documentai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - edgecontainer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - edgenetwork.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - essentialcontacts.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - eventarc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - filestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firebase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firebasedatabase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firebasehosting.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firebasestorage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - gkebackup.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - gkehub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - healthcare.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - iam.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - iap.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - identityplatform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - kms.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - logging.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - memcache.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - memorystore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - mlengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - monitoring.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networkconnectivity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networkmanagement.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networksecurity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networkservices.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - notebooks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - orgpolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - osconfig.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - oslogin.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - privateca.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - privilegedaccessmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - pubsub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - pubsublite.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - recaptchaenterprise.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - redis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - resourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - run.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - secretmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - securesourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - securitycenter.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - servicedirectory.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - servicenetworking.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - serviceusage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - sourcerepo.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - spanner.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - sql.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - storage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - storagetransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tags.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tpu.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - vertexai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - vpcaccess.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - workflows.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - workstations.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-cluster-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - servicemappings + verbs: + - get + - list + - watch +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-ns-role +rules: +- apiGroups: + - "" + resources: + - events + - configmaps + - secrets + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-recorder-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/system: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: cnrm-viewer +rules: +- apiGroups: + - accesscontextmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - alloydb.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apigateway.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apigee.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apikeys.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - appengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - artifactregistry.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - beyondcorp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquery.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryanalyticshub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryconnection.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquerydatapolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquerydatatransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryreservation.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigtable.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - billingbudgets.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - binaryauthorization.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - certificatemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudasset.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudbuild.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudfunctions.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudfunctions2.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudidentity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudids.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudiot.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudscheduler.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudtasks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - compute.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - configcontroller.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - container.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - containeranalysis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - containerattached.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datacatalog.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dataflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dataform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datafusion.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dataproc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datastore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datastream.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - deploymentmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dialogflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dialogflowcx.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - discoveryengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dlp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dns.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - documentai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - edgecontainer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - edgenetwork.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - essentialcontacts.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - eventarc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - filestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasedatabase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasehosting.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasestorage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - gkebackup.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - gkehub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - healthcare.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - iam.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - iap.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - identityplatform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - kms.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - logging.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - memcache.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - memorystore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - mlengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - monitoring.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networkconnectivity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networkmanagement.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networksecurity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networkservices.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - notebooks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - orgpolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - osconfig.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - oslogin.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - privateca.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - privilegedaccessmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - pubsub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - pubsublite.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - recaptchaenterprise.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - redis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - resourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - run.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - secretmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - securesourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - securitycenter.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - servicedirectory.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - servicenetworking.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - serviceusage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - sourcerepo.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - spanner.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - sql.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - storage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - storagetransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - tags.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - tpu.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - vertexai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - vpcaccess.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - workflows.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - workstations.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-role +rules: +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - servicemappings + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-role-binding + namespace: cnrm-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cnrm-deletiondefender-cnrm-system-role +subjects: +- kind: ServiceAccount + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-role-binding + namespace: cnrm-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cnrm-webhook-cnrm-system-role +subjects: +- kind: ServiceAccount + name: cnrm-webhook-manager + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-admin-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-admin +subjects: +- kind: ServiceAccount + name: cnrm-controller-manager + namespace: cnrm-system +- kind: ServiceAccount + name: cnrm-resource-stats-recorder + namespace: cnrm-system +- kind: ServiceAccount + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-deletiondefender-role +subjects: +- kind: ServiceAccount + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-manager-cluster-role +subjects: +- kind: ServiceAccount + name: cnrm-controller-manager + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-watcher-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-manager-ns-role +subjects: +- kind: ServiceAccount + name: cnrm-controller-manager + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-recorder-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-recorder-role +subjects: +- kind: ServiceAccount + name: cnrm-resource-stats-recorder + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-webhook-role +subjects: +- kind: ServiceAccount + name: cnrm-webhook-manager + namespace: cnrm-system +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender + namespace: cnrm-system +spec: + ports: + - name: deletiondefender + port: 443 + selector: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + prometheus.io/port: "8888" + prometheus.io/scrape: "true" + labels: + cnrm.cloud.google.com/monitored: "true" + cnrm.cloud.google.com/system: "true" + name: cnrm-manager + namespace: cnrm-system +spec: + ports: + - name: controller-manager + port: 443 + - name: metrics + port: 8888 + selector: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/system: "true" +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + prometheus.io/port: "48797" + prometheus.io/scrape: "true" + labels: + cnrm.cloud.google.com/monitored: "true" + cnrm.cloud.google.com/system: "true" + name: cnrm-resource-stats-recorder-service + namespace: cnrm-system +spec: + ports: + - name: metrics + port: 8888 + targetPort: 48797 + selector: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" + name: cnrm-resource-stats-recorder + namespace: cnrm-system +spec: + replicas: 1 + revisionHistoryLimit: 1 + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" + strategy: + type: Recreate + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" + spec: + containers: + - args: + - --prometheus-scrape-endpoint=:48797 + - --metric-interval=60 + command: + - /configconnector/recorder + env: + - name: CONFIG_CONNECTOR_VERSION + value: 1.126.0-rc.1 + image: gcr.io/gke-release/cnrm/recorder:1.126.0-rc.1 + imagePullPolicy: Always + name: recorder + ports: + - containerPort: 48797 + hostPort: 48797 + protocol: TCP + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 64Mi + requests: + cpu: 20m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + - command: + - /monitor + - --source=configconnector:http://localhost:48797?whitelisted=applied_resources_total&customResourceType=k8s_container&customLabels[container_name]&customLabels[project_id]&customLabels[location]&customLabels[cluster_name]&customLabels[namespace_name]=$(POD_NAMESPACE)&customLabels[pod_name]=$(POD_NAME) + - --stackdriver-prefix=kubernetes.io/internal/addons + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/gke-release/prometheus-to-sd:v0.11.12-gke.11 + name: prom-to-sd + securityContext: + allowPrivilegeEscalation: false + runAsNonRoot: true + enableServiceLinks: false + hostNetwork: true + serviceAccountName: cnrm-resource-stats-recorder + terminationGracePeriodSeconds: 10 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-webhook-manager + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-manager + namespace: cnrm-system +spec: + revisionHistoryLimit: 1 + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-webhook-manager + cnrm.cloud.google.com/system: "true" + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-webhook-manager + cnrm.cloud.google.com/system: "true" + spec: + containers: + - command: + - /configconnector/webhook + env: + - name: GOMEMLIMIT + value: 110MiB + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/gke-release/cnrm/webhook:1.126.0-rc.1 + imagePullPolicy: Always + name: webhook + ports: + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 128Mi + requests: + cpu: 250m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + serviceAccountName: cnrm-webhook-manager + terminationGracePeriodSeconds: 10 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/system: "true" + name: cnrm-controller-manager + namespace: cnrm-system +spec: + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/system: "true" + serviceName: cnrm-manager + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/system: "true" + spec: + containers: + - args: + - --prometheus-scrape-endpoint=:8888 + command: + - /configconnector/manager + image: gcr.io/gke-release/cnrm/controller:1.126.0-rc.1 + imagePullPolicy: Always + name: manager + ports: + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + - command: + - /monitor + - --source=configconnector:http://localhost:8888?whitelisted=reconcile_requests_total,reconcile_request_duration_seconds,reconcile_workers_total,reconcile_occupied_workers_total,internal_errors_total&customResourceType=k8s_container&customLabels[container_name]&customLabels[project_id]&customLabels[location]&customLabels[cluster_name]&customLabels[namespace_name]=$(POD_NAMESPACE)&customLabels[pod_name]=$(POD_NAME) + - --stackdriver-prefix=kubernetes.io/internal/addons + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/gke-release/prometheus-to-sd:v0.11.12-gke.11 + name: prom-to-sd + securityContext: + allowPrivilegeEscalation: false + runAsNonRoot: true + enableServiceLinks: false + serviceAccountName: cnrm-controller-manager + terminationGracePeriodSeconds: 10 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender + namespace: cnrm-system +spec: + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" + serviceName: cnrm-deletiondefender + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" + spec: + containers: + - command: + - /configconnector/deletiondefender + image: gcr.io/gke-release/cnrm/deletiondefender:1.126.0-rc.1 + imagePullPolicy: Always + name: deletiondefender + ports: + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 1Gi + requests: + cpu: 250m + memory: 1Gi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + serviceAccountName: cnrm-deletiondefender + terminationGracePeriodSeconds: 10 +--- +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + annotations: + autoscaling.alpha.kubernetes.io/metrics: '[{"type":"Resource","resource":{"name":"memory","targetAverageUtilization":70}}]' + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook + namespace: cnrm-system +spec: + maxReplicas: 20 + minReplicas: 2 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: cnrm-webhook-manager + targetCPUUtilizationPercentage: 70 diff --git a/operator/channels/packages/configconnector/1.126.0-rc.1/crds.yaml b/operator/channels/packages/configconnector/1.126.0-rc.1/crds.yaml new file mode 100644 index 0000000000..5bfadc9ac1 --- /dev/null +++ b/operator/channels/packages/configconnector/1.126.0-rc.1/crds.yaml @@ -0,0 +1,134485 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanageraccesslevelconditions.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerAccessLevelCondition + plural: accesscontextmanageraccesslevelconditions + shortNames: + - gcpaccesscontextmanageraccesslevelcondition + - gcpaccesscontextmanageraccesslevelconditions + singular: accesscontextmanageraccesslevelcondition + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + accessLevelRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AccessContextManagerAccessLevel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + devicePolicy: + description: |- + Immutable. Device specific restrictions, all restrictions must hold for + the Condition to be true. If not specified, all devices are + allowed. + properties: + allowedDeviceManagementLevels: + description: |- + Immutable. A list of allowed device management levels. + An empty list allows all management levels. Possible values: ["MANAGEMENT_UNSPECIFIED", "NONE", "BASIC", "COMPLETE"]. + items: + type: string + type: array + allowedEncryptionStatuses: + description: |- + Immutable. A list of allowed encryptions statuses. + An empty list allows all statuses. Possible values: ["ENCRYPTION_UNSPECIFIED", "ENCRYPTION_UNSUPPORTED", "UNENCRYPTED", "ENCRYPTED"]. + items: + type: string + type: array + osConstraints: + description: |- + Immutable. A list of allowed OS versions. + An empty list allows all types and all versions. + items: + properties: + minimumVersion: + description: |- + Immutable. The minimum allowed OS version. If not set, any version + of this OS satisfies the constraint. + Format: "major.minor.patch" such as "10.5.301", "9.2.1". + type: string + osType: + description: 'Immutable. The operating system type of the + device. Possible values: ["OS_UNSPECIFIED", "DESKTOP_MAC", + "DESKTOP_WINDOWS", "DESKTOP_LINUX", "DESKTOP_CHROME_OS", + "ANDROID", "IOS"].' + type: string + required: + - osType + type: object + type: array + requireAdminApproval: + description: Immutable. Whether the device needs to be approved + by the customer admin. + type: boolean + requireCorpOwned: + description: Immutable. Whether the device needs to be corp owned. + type: boolean + requireScreenLock: + description: |- + Immutable. Whether or not screenlock is required for the DevicePolicy + to be true. Defaults to false. + type: boolean + type: object + ipSubnetworks: + description: |- + Immutable. A list of CIDR block IP subnetwork specification. May be IPv4 + or IPv6. + Note that for a CIDR IP address block, the specified IP address + portion must be properly truncated (i.e. all the host bits must + be zero) or the input is considered malformed. For example, + "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, + for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" + is not. The originating IP of a request must be in one of the + listed subnets in order for this Condition to be true. + If empty, all IP addresses are allowed. + items: + type: string + type: array + members: + description: |- + Immutable. An allowed list of members (users, service accounts). + Using groups is not supported yet. + + The signed-in user originating the request must be a part of one + of the provided members. If not specified, a request may come + from any user (logged in/not logged in, not present in any + groups, etc.). + Formats: 'user:{emailid}', 'serviceAccount:{emailid}'. + items: + type: string + type: array + negate: + description: |- + Immutable. Whether to negate the Condition. If true, the Condition becomes + a NAND over its non-empty fields, each field must be false for + the Condition overall to be satisfied. Defaults to false. + type: boolean + regions: + description: |- + Immutable. The request must originate from one of the provided + countries/regions. + Format: A valid ISO 3166-1 alpha-2 code. + items: + type: string + type: array + requiredAccessLevels: + description: |- + Immutable. A list of other access levels defined in the same Policy, + referenced by resource name. Referencing an AccessLevel which + does not exist is an error. All access levels listed must be + granted for the Condition to be true. + Format: accessPolicies/{policy_id}/accessLevels/{short_name}. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The accessLevel of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanageraccesslevels.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerAccessLevel + plural: accesscontextmanageraccesslevels + shortNames: + - gcpaccesscontextmanageraccesslevel + - gcpaccesscontextmanageraccesslevels + singular: accesscontextmanageraccesslevel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + accessPolicyRef: + description: |- + The AccessContextManagerAccessPolicy this + AccessContextManagerAccessLevel lives in. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `accessPolicies/{{value}}`, + where {{value}} is the `name` field of an `AccessContextManagerAccessPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + basic: + description: A set of predefined conditions for the access level and + a combining function. + properties: + combiningFunction: + description: |- + How the conditions list should be combined to determine if a request + is granted this AccessLevel. If AND is used, each Condition in + conditions must be satisfied for the AccessLevel to be applied. If + OR is used, at least one Condition in conditions must be satisfied + for the AccessLevel to be applied. Default value: "AND" Possible values: ["AND", "OR"]. + type: string + conditions: + description: A set of requirements for the AccessLevel to be granted. + items: + properties: + devicePolicy: + description: |- + Device specific restrictions, all restrictions must hold for + the Condition to be true. If not specified, all devices are + allowed. + properties: + allowedDeviceManagementLevels: + description: |- + A list of allowed device management levels. + An empty list allows all management levels. Possible values: ["MANAGEMENT_UNSPECIFIED", "NONE", "BASIC", "COMPLETE"]. + items: + type: string + type: array + allowedEncryptionStatuses: + description: |- + A list of allowed encryptions statuses. + An empty list allows all statuses. Possible values: ["ENCRYPTION_UNSPECIFIED", "ENCRYPTION_UNSUPPORTED", "UNENCRYPTED", "ENCRYPTED"]. + items: + type: string + type: array + osConstraints: + description: |- + A list of allowed OS versions. + An empty list allows all types and all versions. + items: + properties: + minimumVersion: + description: |- + The minimum allowed OS version. If not set, any version + of this OS satisfies the constraint. + Format: "major.minor.patch" such as "10.5.301", "9.2.1". + type: string + osType: + description: 'The operating system type of the + device. Possible values: ["OS_UNSPECIFIED", + "DESKTOP_MAC", "DESKTOP_WINDOWS", "DESKTOP_LINUX", + "DESKTOP_CHROME_OS", "ANDROID", "IOS"].' + type: string + requireVerifiedChromeOs: + description: If you specify DESKTOP_CHROME_OS + for osType, you can optionally include requireVerifiedChromeOs + to require Chrome Verified Access. + type: boolean + required: + - osType + type: object + type: array + requireAdminApproval: + description: Whether the device needs to be approved + by the customer admin. + type: boolean + requireCorpOwned: + description: Whether the device needs to be corp owned. + type: boolean + requireScreenLock: + description: |- + Whether or not screenlock is required for the DevicePolicy + to be true. Defaults to false. + type: boolean + type: object + ipSubnetworks: + description: |- + A list of CIDR block IP subnetwork specification. May be IPv4 + or IPv6. + Note that for a CIDR IP address block, the specified IP address + portion must be properly truncated (i.e. all the host bits must + be zero) or the input is considered malformed. For example, + "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, + for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" + is not. The originating IP of a request must be in one of the + listed subnets in order for this Condition to be true. + If empty, all IP addresses are allowed. + items: + type: string + type: array + members: + items: + description: |- + An allowed list of members (users, service accounts). + Using groups is not supported. + + The signed-in user originating the request must be a part of one + of the provided members. If not specified, a request may come + from any user (logged in/not logged in, not present in any + groups, etc.). + oneOf: + - required: + - serviceAccountRef + - required: + - user + properties: + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format + `serviceAccount:{{value}}`, where {{value}} + is the `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + user: + type: string + type: object + type: array + negate: + description: |- + Whether to negate the Condition. If true, the Condition becomes + a NAND over its non-empty fields, each field must be false for + the Condition overall to be satisfied. Defaults to false. + type: boolean + regions: + description: |- + The request must originate from one of the provided + countries/regions. + Format: A valid ISO 3166-1 alpha-2 code. + items: + type: string + type: array + requiredAccessLevels: + items: + description: |- + A list of other access levels defined in the same policy. + Referencing an AccessContextManagerAccessLevel which does not exist + is an error. All access levels listed must be granted for the + condition to be true. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an + `AccessContextManagerAccessLevel` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + type: array + required: + - conditions + type: object + custom: + description: |- + Custom access level conditions are set using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request. + See CEL spec at: https://github.com/google/cel-spec. + properties: + expr: + description: |- + Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. + This page details the objects and attributes that are used to the build the CEL expressions for + custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. + properties: + description: + description: Description of the expression. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: String indicating the location of the expression + for error reporting, e.g. a file name and a position in + the file. + type: string + title: + description: Title for the expression, i.e. a short string + describing its purpose. + type: string + required: + - expression + type: object + required: + - expr + type: object + description: + description: Description of the AccessLevel and its use. Does not + affect behavior. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + title: + description: Human readable title. Must be unique within the Policy. + type: string + required: + - accessPolicyRef + - title + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanageraccesspolicies.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerAccessPolicy + plural: accesscontextmanageraccesspolicies + shortNames: + - gcpaccesscontextmanageraccesspolicy + - gcpaccesscontextmanageraccesspolicies + singular: accesscontextmanageraccesspolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + title: + description: Human readable title. Does not affect behavior. + type: string + required: + - title + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time the AccessPolicy was created in UTC. + type: string + name: + description: 'Resource name of the AccessPolicy. Format: {policy_id}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Time the AccessPolicy was updated in UTC. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanagergcpuseraccessbindings.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerGCPUserAccessBinding + plural: accesscontextmanagergcpuseraccessbindings + shortNames: + - gcpaccesscontextmanagergcpuseraccessbinding + - gcpaccesscontextmanagergcpuseraccessbindings + singular: accesscontextmanagergcpuseraccessbinding + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + accessLevels: + description: 'Required. Access level that a user must have to be granted + access. Only one access level is supported, not multiple. This repeated + field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted".' + items: + type: string + type: array + groupKey: + description: 'Immutable. Required. Immutable. Google Group id whose + members are subject to this binding''s restrictions. See "id" in + the G Suite Directory API''s Groups resource. If a group''s email + address/alias is changed, this resource will continue to point at + the changed group. This field does not accept group email addresses + or aliases. Example: "01d520gv4vjcrht".' + type: string + organizationRef: + description: The organization that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - accessLevels + - groupKey + - organizationRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'Immutable. Assigned by the server during creation. The + last segment has an arbitrary length and has only URI unreserved + characters (as defined by RFC 3986 Section 2.3). Should not be specified + by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N".' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanagerserviceperimeterresources.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerServicePerimeterResource + plural: accesscontextmanagerserviceperimeterresources + shortNames: + - gcpaccesscontextmanagerserviceperimeterresource + - gcpaccesscontextmanagerserviceperimeterresources + singular: accesscontextmanagerserviceperimeterresource + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + perimeterNameRef: + description: "Only the `external` field is supported to configure + the reference.\n\nThe name of the Service Perimeter to add this + resource to. \nReferencing a resource name leads to recursive reference + and Config Connector does not support the feature for now." + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AccessContextManagerServicePerimeter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceRef: + description: A GCP resource that is inside of the service perimeter. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{value}}`, + where {{value}} is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - perimeterNameRef + - resourceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + perimeterNameRef: + description: "Only the `external` field is supported to configure + the reference.\n\nThe name of the Service Perimeter to add this + resource to. \nReferencing a resource name leads to recursive reference + and Config Connector does not support the feature for now." + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AccessContextManagerServicePerimeter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceRef: + description: A GCP resource that is inside of the service perimeter. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{value}}`, + where {{value}} is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - perimeterNameRef + - resourceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanagerserviceperimeters.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerServicePerimeter + plural: accesscontextmanagerserviceperimeters + shortNames: + - gcpaccesscontextmanagerserviceperimeter + - gcpaccesscontextmanagerserviceperimeters + singular: accesscontextmanagerserviceperimeter + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + accessPolicyRef: + description: |- + The AccessContextManagerAccessPolicy this + AccessContextManagerServicePerimeter lives in. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `accessPolicies/{{value}}`, + where {{value}} is the `name` field of an `AccessContextManagerAccessPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: |- + Description of the ServicePerimeter and its use. Does not affect + behavior. + type: string + perimeterType: + description: |- + Immutable. Specifies the type of the Perimeter. There are two types: regular and + bridge. Regular Service Perimeter contains resources, access levels, + and restricted services. Every resource can be in at most + ONE regular Service Perimeter. + + In addition to being in a regular service perimeter, a resource can also + be in zero or more perimeter bridges. A perimeter bridge only contains + resources. Cross project operations are permitted if all effected + resources share some perimeter (whether bridge or regular). Perimeter + Bridge does not contain access levels or services: those are governed + entirely by the regular perimeter that resource is in. + + Perimeter Bridges are typically useful when building more complex + topologies with many independent perimeters that need to share some data + with a common perimeter, but should not be able to share data among + themselves. Default value: "PERIMETER_TYPE_REGULAR" Possible values: ["PERIMETER_TYPE_REGULAR", "PERIMETER_TYPE_BRIDGE"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + spec: + description: |- + Proposed (or dry run) ServicePerimeter configuration. + This configuration allows to specify and test ServicePerimeter configuration + without enforcing actual access restrictions. Only allowed to be set when + the 'useExplicitDryRunSpec' flag is set. + properties: + accessLevels: + items: + description: |- + (Optional) A list of AccessLevel resource names that allow resources within + the ServicePerimeter to be accessed from the internet. AccessLevels listed + must be in the same policy as this ServicePerimeter. + Referencing a nonexistent AccessLevel is a syntax error. If no + AccessLevel names are listed, resources within the perimeter can + only be accessed via GCP calls with request origins within the + perimeter. For Service Perimeter Bridge, must be empty. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `{{parent}}/accessLevels/{{value}}`, + where {{value}} is the `name` field of an `AccessContextManagerAccessLevel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + egressPolicies: + description: |- + List of EgressPolicies to apply to the perimeter. A perimeter may + have multiple EgressPolicies, each of which is evaluated separately. + Access is granted if any EgressPolicy grants it. Must be empty for + a perimeter bridge. + items: + properties: + egressFrom: + description: Defines conditions on the source of a request + causing this 'EgressPolicy' to apply. + properties: + identities: + items: + description: |- + (Optional) A list of identities that are allowed access through this + EgressPolicy. Should be in the format of email address. The email + address should represent individual user or service account only. + oneOf: + - required: + - serviceAccountRef + - required: + - user + properties: + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `serviceAccount:{{value}}`, where + {{value}} is the `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + user: + type: string + type: object + type: array + identityType: + description: |- + Specifies the type of identities that are allowed access to outside the + perimeter. If left unspecified, then members of 'identities' field will + be allowed access. Possible values: ["IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT"]. + type: string + type: object + egressTo: + description: |- + Defines the conditions on the 'ApiOperation' and destination resources that + cause this 'EgressPolicy' to apply. + properties: + externalResources: + description: |- + A list of external resources that are allowed to be accessed. A request + matches if it contains an external resource in this list (Example: + s3://bucket/path). Currently '*' is not allowed. + items: + type: string + type: array + operations: + description: |- + A list of 'ApiOperations' that this egress rule applies to. A request matches + if it contains an operation/service in this list. + items: + properties: + methodSelectors: + description: |- + API methods or permissions to allow. Method or permission must belong + to the service specified by 'serviceName' field. A single MethodSelector + entry with '*' specified for the 'method' field will allow all methods + AND permissions for the service specified in 'serviceName'. + items: + properties: + method: + description: |- + Value for 'method' should be a valid method name for the corresponding + 'serviceName' in 'ApiOperation'. If '*' used as value for method, + then ALL methods and permissions are allowed. + type: string + permission: + description: |- + Value for permission should be a valid Cloud IAM permission for the + corresponding 'serviceName' in 'ApiOperation'. + type: string + type: object + type: array + serviceName: + description: |- + The name of the API whose methods or permissions the 'IngressPolicy' or + 'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName + field set to '*' will allow all methods AND permissions for all services. + type: string + type: object + type: array + resources: + items: + description: |- + (Optional) A list of resources, currently only projects in the form + "projects/{project_number}". A request + matches if it contains a resource in this list. + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `projects/{{value}}`, where {{value}} + is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + type: object + type: array + ingressPolicies: + description: |- + List of 'IngressPolicies' to apply to the perimeter. A perimeter may + have multiple 'IngressPolicies', each of which is evaluated + separately. Access is granted if any 'Ingress Policy' grants it. + Must be empty for a perimeter bridge. + items: + properties: + ingressFrom: + description: |- + Defines the conditions on the source of a request causing this 'IngressPolicy' + to apply. + properties: + identities: + items: + description: |- + (Optional) A list of identities that are allowed access through this + ingress policy. Should be in the format of email address. The email + address should represent individual user or service account only. + oneOf: + - required: + - serviceAccountRef + - required: + - user + properties: + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `serviceAccount:{{value}}`, where + {{value}} is the `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + user: + type: string + type: object + type: array + identityType: + description: |- + Specifies the type of identities that are allowed access from outside the + perimeter. If left unspecified, then members of 'identities' field will be + allowed access. Possible values: ["IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT"]. + type: string + sources: + description: Sources that this 'IngressPolicy' authorizes + access from. + items: + properties: + accessLevelRef: + description: |- + An AccessLevel resource name that allow resources within the + ServicePerimeters to be accessed from the internet. AccessLevels + listed must be in the same policy as this ServicePerimeter. + Referencing a nonexistent AccessLevel will cause an error. If no + AccessLevel names are listed, resources within the perimeter can + only be accessed via Google Cloud calls with request origins within + the perimeter. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `{{parent}}/accessLevels/{{value}}`, + where {{value}} is the `name` field of an + `AccessContextManagerAccessLevel` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: |- + (Optional) A Google Cloud resource that is allowed to ingress the + perimeter. Requests from these resources will be allowed to access + perimeter data. Currently only projects are allowed. Format + "projects/{project_number}" The project may be in any Google Cloud + organization, not just the organization that the perimeter is defined in. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `projects/{{value}}`, where {{value}} + is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + ingressTo: + description: |- + Defines the conditions on the 'ApiOperation' and request destination that cause + this 'IngressPolicy' to apply. + properties: + operations: + description: |- + A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom' + are allowed to perform in this 'ServicePerimeter'. + items: + properties: + methodSelectors: + description: |- + API methods or permissions to allow. Method or permission must belong to + the service specified by serviceName field. A single 'MethodSelector' entry + with '*' specified for the method field will allow all methods AND + permissions for the service specified in 'serviceName'. + items: + properties: + method: + description: |- + Value for method should be a valid method name for the corresponding + serviceName in 'ApiOperation'. If '*' used as value for 'method', then + ALL methods and permissions are allowed. + type: string + permission: + description: |- + Value for permission should be a valid Cloud IAM permission for the + corresponding 'serviceName' in 'ApiOperation'. + type: string + type: object + type: array + serviceName: + description: |- + The name of the API whose methods or permissions the 'IngressPolicy' or + 'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName' + field set to '*' will allow all methods AND permissions for all services. + type: string + type: object + type: array + resources: + items: + description: |- + A list of resources, currently only projects in the form + "projects/{project_number}", protected by this ServicePerimeter + that are allowed to be accessed by sources defined in the + corresponding IngressFrom. A request matches if it contains a + resource in this list. + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `projects/{{value}}`, where {{value}} + is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + type: object + type: array + resources: + items: + description: |- + (Optional) A list of GCP resources that are inside of the service perimeter. + Currently only projects are allowed. + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{value}}`, + where {{value}} is the `number` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + restrictedServices: + description: |- + GCP services that are subject to the Service Perimeter + restrictions. Must contain a list of services. For example, if + 'storage.googleapis.com' is specified, access to the storage + buckets inside the perimeter must meet the perimeter's access + restrictions. + items: + type: string + type: array + vpcAccessibleServices: + description: |- + Specifies how APIs are allowed to communicate within the Service + Perimeter. + properties: + allowedServices: + description: |- + The list of APIs usable within the Service Perimeter. + Must be empty unless 'enableRestriction' is True. + items: + type: string + type: array + enableRestriction: + description: |- + Whether to restrict API calls within the Service Perimeter to the + list of APIs specified in 'allowedServices'. + type: boolean + type: object + type: object + status: + description: |- + ServicePerimeter configuration. Specifies sets of resources, + restricted services and access levels that determine + perimeter content and boundaries. + properties: + accessLevels: + items: + description: |- + (Optional) A list of AccessLevel resource names that allow resources within + the ServicePerimeter to be accessed from the internet. AccessLevels listed + must be in the same policy as this ServicePerimeter. + Referencing a nonexistent AccessLevel is a syntax error. If no + AccessLevel names are listed, resources within the perimeter can + only be accessed via GCP calls with request origins within the + perimeter. For Service Perimeter Bridge, must be empty. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `{{parent}}/accessLevels/{{value}}`, + where {{value}} is the `name` field of an `AccessContextManagerAccessLevel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + egressPolicies: + description: |- + List of EgressPolicies to apply to the perimeter. A perimeter may + have multiple EgressPolicies, each of which is evaluated separately. + Access is granted if any EgressPolicy grants it. Must be empty for + a perimeter bridge. + items: + properties: + egressFrom: + description: Defines conditions on the source of a request + causing this 'EgressPolicy' to apply. + properties: + identities: + items: + description: |- + (Optional) A list of identities that are allowed access through this + EgressPolicy. Should be in the format of email address. The email + address should represent individual user or service account only. + oneOf: + - required: + - serviceAccountRef + - required: + - user + properties: + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `serviceAccount:{{value}}`, where + {{value}} is the `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + user: + type: string + type: object + type: array + identityType: + description: |- + Specifies the type of identities that are allowed access to outside the + perimeter. If left unspecified, then members of 'identities' field will + be allowed access. Possible values: ["IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT"]. + type: string + type: object + egressTo: + description: |- + Defines the conditions on the 'ApiOperation' and destination resources that + cause this 'EgressPolicy' to apply. + properties: + externalResources: + description: |- + A list of external resources that are allowed to be accessed. A request + matches if it contains an external resource in this list (Example: + s3://bucket/path). Currently '*' is not allowed. + items: + type: string + type: array + operations: + description: |- + A list of 'ApiOperations' that this egress rule applies to. A request matches + if it contains an operation/service in this list. + items: + properties: + methodSelectors: + description: |- + API methods or permissions to allow. Method or permission must belong + to the service specified by 'serviceName' field. A single MethodSelector + entry with '*' specified for the 'method' field will allow all methods + AND permissions for the service specified in 'serviceName'. + items: + properties: + method: + description: |- + Value for 'method' should be a valid method name for the corresponding + 'serviceName' in 'ApiOperation'. If '*' used as value for method, + then ALL methods and permissions are allowed. + type: string + permission: + description: |- + Value for permission should be a valid Cloud IAM permission for the + corresponding 'serviceName' in 'ApiOperation'. + type: string + type: object + type: array + serviceName: + description: |- + The name of the API whose methods or permissions the 'IngressPolicy' or + 'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName + field set to '*' will allow all methods AND permissions for all services. + type: string + type: object + type: array + resources: + items: + description: |- + (Optional) A list of resources, currently only projects in the form + "projects/{project_number}". A request + matches if it contains a resource in this list. + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `projects/{{value}}`, where {{value}} + is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + type: object + type: array + ingressPolicies: + description: |- + List of 'IngressPolicies' to apply to the perimeter. A perimeter may + have multiple 'IngressPolicies', each of which is evaluated + separately. Access is granted if any 'Ingress Policy' grants it. + Must be empty for a perimeter bridge. + items: + properties: + ingressFrom: + description: |- + Defines the conditions on the source of a request causing this 'IngressPolicy' + to apply. + properties: + identities: + items: + description: |- + (Optional) A list of identities that are allowed access through this + EgressPolicy. Should be in the format of email address. The email + address should represent individual user or service account only. + oneOf: + - required: + - serviceAccountRef + - required: + - user + properties: + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `serviceAccount:{{value}}`, where + {{value}} is the `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + user: + type: string + type: object + type: array + identityType: + description: |- + Specifies the type of identities that are allowed access from outside the + perimeter. If left unspecified, then members of 'identities' field will be + allowed access. Possible values: ["IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY", "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT"]. + type: string + sources: + description: Sources that this 'IngressPolicy' authorizes + access from. + items: + properties: + accessLevelRef: + description: |- + An AccessLevel resource name that allow resources within the + ServicePerimeters to be accessed from the internet. AccessLevels + listed must be in the same policy as this ServicePerimeter. + Referencing a nonexistent AccessLevel will cause an error. If no + AccessLevel names are listed, resources within the perimeter can + only be accessed via Google Cloud calls with request origins within + the perimeter. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `{{parent}}/accessLevels/{{value}}`, + where {{value}} is the `name` field of an + `AccessContextManagerAccessLevel` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: |- + (Optional) A Google Cloud resource that is allowed to ingress the + perimeter. Requests from these resources will be allowed to access + perimeter data. Currently only projects are allowed. Format + "projects/{project_number}" The project may be in any Google Cloud + organization, not just the organization that the perimeter is defined in. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `projects/{{value}}`, where {{value}} + is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + ingressTo: + description: |- + Defines the conditions on the 'ApiOperation' and request destination that cause + this 'IngressPolicy' to apply. + properties: + operations: + description: |- + A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom' + are allowed to perform in this 'ServicePerimeter'. + items: + properties: + methodSelectors: + description: |- + API methods or permissions to allow. Method or permission must belong to + the service specified by serviceName field. A single 'MethodSelector' entry + with '*' specified for the method field will allow all methods AND + permissions for the service specified in 'serviceName'. + items: + properties: + method: + description: |- + Value for method should be a valid method name for the corresponding + serviceName in 'ApiOperation'. If '*' used as value for 'method', then + ALL methods and permissions are allowed. + type: string + permission: + description: |- + Value for permission should be a valid Cloud IAM permission for the + corresponding 'serviceName' in 'ApiOperation'. + type: string + type: object + type: array + serviceName: + description: |- + The name of the API whose methods or permissions the 'IngressPolicy' or + 'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName' + field set to '*' will allow all methods AND permissions for all services. + type: string + type: object + type: array + resources: + items: + description: |- + A list of resources, currently only projects in the form + "projects/{project_number}", protected by this ServicePerimeter + that are allowed to be accessed by sources defined in the + corresponding IngressFrom. A request matches if it contains a + resource in this list. + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the + format `projects/{{value}}`, where {{value}} + is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + type: object + type: array + resources: + items: + description: |- + (Optional) A list of GCP resources that are inside of the service perimeter. + Currently only projects are allowed. + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{value}}`, + where {{value}} is the `number` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + restrictedServices: + description: |- + GCP services that are subject to the Service Perimeter + restrictions. Must contain a list of services. For example, if + 'storage.googleapis.com' is specified, access to the storage + buckets inside the perimeter must meet the perimeter's access + restrictions. + items: + type: string + type: array + vpcAccessibleServices: + description: |- + Specifies how APIs are allowed to communicate within the Service + Perimeter. + properties: + allowedServices: + description: |- + The list of APIs usable within the Service Perimeter. + Must be empty unless 'enableRestriction' is True. + items: + type: string + type: array + enableRestriction: + description: |- + Whether to restrict API calls within the Service Perimeter to the + list of APIs specified in 'allowedServices'. + type: boolean + type: object + type: object + title: + description: Human readable title. Must be unique within the Policy. + type: string + useExplicitDryRunSpec: + description: |- + Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists + for all Service Perimeters, and that spec is identical to the status for those + Service Perimeters. When this flag is set, it inhibits the generation of the + implicit spec, thereby allowing the user to explicitly provide a + configuration ("spec") to use in a dry-run version of the Service Perimeter. + This allows the user to test changes to the enforced config ("status") without + actually enforcing them. This testing is done through analyzing the differences + between currently enforced and suggested restrictions. useExplicitDryRunSpec must + bet set to True if any of the fields in the spec are set to non-default values. + type: boolean + required: + - accessPolicyRef + - title + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time the AccessPolicy was created in UTC. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Time the AccessPolicy was updated in UTC. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: alloydbbackups.alloydb.cnrm.cloud.google.com +spec: + group: alloydb.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AlloyDBBackup + plural: alloydbbackups + shortNames: + - gcpalloydbbackup + - gcpalloydbbackups + singular: alloydbbackup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clusterNameRef: + description: The full resource name of the backup source cluster (e.g., + projects/{project}/locations/{location}/clusters/{clusterId}). + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AlloyDBCluster` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. User-provided description of the backup. + type: string + encryptionConfig: + description: EncryptionConfig describes the encryption config of a + cluster or a backup that is encrypted with a CMEK (customer-managed + encryption key). + properties: + kmsKeyName: + description: 'Immutable. The fully-qualified resource name of + the KMS key. Each Cloud KMS key is regionalized and has the + following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].' + type: string + type: object + location: + description: Immutable. The location where the alloydb backup should + reside. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The backupId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - clusterNameRef + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time the Backup was created in UTC. + type: string + encryptionInfo: + description: EncryptionInfo describes the encryption information of + a cluster or a backup. + items: + properties: + encryptionType: + description: Output only. Type of encryption. + type: string + kmsKeyVersions: + description: Output only. Cloud KMS key versions that are being + used to protect the database or the backup. + items: + type: string + type: array + type: object + type: array + etag: + description: A hash of the resource. + type: string + name: + description: 'Output only. The name of the backup resource with the + format: * projects/{project}/locations/{region}/backups/{backupId}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + reconciling: + description: If true, indicates that the service is actively updating + the resource. This can happen due to user-triggered updates or system + actions like failover or maintenance. + type: boolean + state: + description: The current state of the backup. + type: string + uid: + description: Output only. The system-generated UID of the resource. + The UID is assigned when the resource is created, and it is retained + until it is deleted. + type: string + updateTime: + description: Time the Backup was updated in UTC. + type: string + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clusterNameRef: + description: The full resource name of the backup source cluster (e.g., + projects/{project}/locations/{location}/clusters/{clusterId}). + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AlloyDBCluster` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. User-provided description of the backup. + type: string + encryptionConfig: + description: EncryptionConfig describes the encryption config of a + cluster or a backup that is encrypted with a CMEK (customer-managed + encryption key). + properties: + kmsKeyName: + description: 'Immutable. The fully-qualified resource name of + the KMS key. Each Cloud KMS key is regionalized and has the + following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].' + type: string + type: object + location: + description: Immutable. The location where the alloydb backup should + reside. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The backupId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - clusterNameRef + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time the Backup was created in UTC. + type: string + encryptionInfo: + description: EncryptionInfo describes the encryption information of + a cluster or a backup. + items: + properties: + encryptionType: + description: Output only. Type of encryption. + type: string + kmsKeyVersions: + description: Output only. Cloud KMS key versions that are being + used to protect the database or the backup. + items: + type: string + type: array + type: object + type: array + etag: + description: A hash of the resource. + type: string + name: + description: 'Output only. The name of the backup resource with the + format: * projects/{project}/locations/{region}/backups/{backupId}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + reconciling: + description: If true, indicates that the service is actively updating + the resource. This can happen due to user-triggered updates or system + actions like failover or maintenance. + type: boolean + state: + description: The current state of the backup. + type: string + uid: + description: Output only. The system-generated UID of the resource. + The UID is assigned when the resource is created, and it is retained + until it is deleted. + type: string + updateTime: + description: Time the Backup was updated in UTC. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: alloydbclusters.alloydb.cnrm.cloud.google.com +spec: + group: alloydb.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AlloyDBCluster + plural: alloydbclusters + shortNames: + - gcpalloydbcluster + - gcpalloydbclusters + singular: alloydbcluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + automatedBackupPolicy: + description: The automated backup policy for this cluster. AutomatedBackupPolicy + is disabled by default. + properties: + backupWindow: + description: |- + The length of the time window during which a backup can be taken. If a backup does not succeed within this time window, it will be canceled and considered failed. + + The backup window must be at least 5 minutes long. There is no upper bound on the window. If not set, it will default to 1 hour. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + enabled: + description: Whether automated backups are enabled. + type: boolean + encryptionConfig: + description: EncryptionConfig describes the encryption config + of a cluster or a backup that is encrypted with a CMEK (customer-managed + encryption key). + properties: + kmsKeyNameRef: + description: '(Optional) The fully-qualified resource name + of the KMS key. Each Cloud KMS key is regionalized and has + the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + labels: + additionalProperties: + type: string + description: Labels to apply to backups created using this configuration. + type: object + location: + description: The location where the backup will be stored. Currently, + the only supported option is to store the backup in the same + region as the cluster. + type: string + quantityBasedRetention: + description: Quantity-based Backup retention policy to retain + recent backups. Conflicts with 'time_based_retention', both + can't be set together. + properties: + count: + description: The number of backups to retain. + type: integer + type: object + timeBasedRetention: + description: Time-based Backup retention policy. Conflicts with + 'quantity_based_retention', both can't be set together. + properties: + retentionPeriod: + description: |- + The retention period. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + type: object + weeklySchedule: + description: Weekly schedule for the Backup. + properties: + daysOfWeek: + description: 'The days of the week to perform a backup. At + least one day of the week must be provided. Possible values: + ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", + "SATURDAY", "SUNDAY"].' + items: + type: string + type: array + startTimes: + description: The times during the day to start a backup. At + least one start time must be provided. The start times are + assumed to be in UTC and to be an exact hour (e.g., 04:00:00). + items: + properties: + hours: + description: Hours of day in 24 hour format. Should + be from 0 to 23. An API may choose to allow the value + "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Minutes of hour of day. Currently, only + the value 0 is supported. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Currently, + only the value 0 is supported. + type: integer + seconds: + description: Seconds of minutes of the time. Currently, + only the value 0 is supported. + type: integer + type: object + type: array + required: + - startTimes + type: object + type: object + clusterType: + description: 'The type of cluster. If not set, defaults to PRIMARY. + Default value: "PRIMARY" Possible values: ["PRIMARY", "SECONDARY"].' + type: string + continuousBackupConfig: + description: |- + The continuous backup config for this cluster. + + If no policy is provided then the default policy will be used. The default policy takes one backup a day and retains backups for 14 days. + properties: + enabled: + description: Whether continuous backup recovery is enabled. If + not set, defaults to true. + type: boolean + encryptionConfig: + description: EncryptionConfig describes the encryption config + of a cluster or a backup that is encrypted with a CMEK (customer-managed + encryption key). + properties: + kmsKeyNameRef: + description: '(Optional) The fully-qualified resource name + of the KMS key. Each Cloud KMS key is regionalized and has + the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + recoveryWindowDays: + description: |- + The numbers of days that are eligible to restore from using PITR. To support the entire recovery window, backups and logs are retained for one day more than the recovery window. + + If not set, defaults to 14 days. + type: integer + type: object + deletionPolicy: + description: |- + Policy to determine if the cluster should be deleted forcefully. + Deleting a cluster forcefully, deletes the cluster and all its associated instances within the cluster. + Deleting a Secondary cluster with a secondary instance REQUIRES setting deletion_policy = "FORCE" otherwise an error is returned. This is needed as there is no support to delete just the secondary instance, and the only way to delete secondary instance is to delete the associated secondary cluster forcefully which also deletes the secondary instance. + type: string + displayName: + description: User-settable and human-readable display name for the + Cluster. + type: string + encryptionConfig: + description: EncryptionConfig describes the encryption config of a + cluster or a backup that is encrypted with a CMEK (customer-managed + encryption key). + properties: + kmsKeyNameRef: + description: '(Optional) The fully-qualified resource name of + the KMS key. Each Cloud KMS key is regionalized and has the + following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + initialUser: + description: Initial user to setup during cluster creation. + properties: + password: + description: The initial password for the user. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + user: + description: The database username. + type: string + required: + - password + type: object + location: + description: Immutable. The location where the alloydb cluster should + reside. + type: string + maintenanceUpdatePolicy: + description: MaintenanceUpdatePolicy defines the policy for system + updates. + properties: + maintenanceWindows: + description: Preferred windows to perform maintenance. Currently + limited to 1. + items: + properties: + day: + description: 'Preferred day of the week for maintenance, + e.g. MONDAY, TUESDAY, etc. Possible values: ["MONDAY", + "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", + "SUNDAY"].' + type: string + startTime: + description: Preferred time to start the maintenance operation + on the specified day. Maintenance will start within 1 + hour of this time. + properties: + hours: + description: Hours of day in 24 hour format. Should + be from 0 to 23. + type: integer + minutes: + description: Minutes of hour of day. Currently, only + the value 0 is supported. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Currently, + only the value 0 is supported. + type: integer + seconds: + description: Seconds of minutes of the time. Currently, + only the value 0 is supported. + type: integer + required: + - hours + type: object + required: + - day + - startTime + type: object + type: array + type: object + networkConfig: + description: Metadata related to network configuration. + properties: + allocatedIpRange: + description: |- + The name of the allocated IP range for the private IP AlloyDB cluster. For example: "google-managed-services-default". + If set, the instance IPs for this cluster will be created in the allocated range. + type: string + networkRef: + description: |- + (Required) The relative resource name of the VPC network on which + the instance can be accessed. It is specified in the following form: + projects/{project}/global/networks/{network_id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/global/networks/{{value}}`, + where {{value}} is the `name` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + networkRef: + description: |- + (Required) The relative resource name of the VPC network on which + the instance can be accessed. It is specified in the following form: + projects/{project}/global/networks/{network_id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/global/networks/{{value}}`, + where {{value}} is the `name` field of a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The clusterId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + restoreBackupSource: + description: Immutable. The source when restoring from a backup. Conflicts + with 'restore_continuous_backup_source', both can't be set together. + properties: + backupNameRef: + description: (Required) The name of the backup that this cluster + is restored from. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AlloyDBBackup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backupNameRef + type: object + restoreContinuousBackupSource: + description: Immutable. The source when restoring via point in time + recovery (PITR). Conflicts with 'restore_backup_source', both can't + be set together. + properties: + clusterRef: + description: (Required) The name of the source cluster that this + cluster is restored from. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AlloyDBCluster` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + pointInTime: + description: Immutable. The point in time that this cluster is + restored to, in RFC 3339 format. + type: string + required: + - clusterRef + - pointInTime + type: object + secondaryConfig: + description: Configuration of the secondary cluster for Cross Region + Replication. This should be set if and only if the cluster is of + type SECONDARY. + properties: + primaryClusterNameRef: + description: |- + Name of the primary cluster must be in the format + 'projects/{project}/locations/{location}/clusters/{cluster_id}' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AlloyDBCluster` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - primaryClusterNameRef + type: object + required: + - location + - projectRef + type: object + status: + properties: + backupSource: + description: Cluster created from backup. + items: + properties: + backupName: + description: The name of the backup resource. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + continuousBackupInfo: + description: ContinuousBackupInfo describes the continuous backup + properties of a cluster. + items: + properties: + earliestRestorableTime: + description: The earliest restorable time that can be restored + to. Output only field. + type: string + enabledTime: + description: When ContinuousBackup was most recently enabled. + Set to null if ContinuousBackup is not enabled. + type: string + encryptionInfo: + description: Output only. The encryption information for the + WALs and backups required for ContinuousBackup. + items: + properties: + encryptionType: + description: Output only. Type of encryption. + type: string + kmsKeyVersions: + description: Output only. Cloud KMS key versions that + are being used to protect the database or the backup. + items: + type: string + type: array + type: object + type: array + schedule: + description: Days of the week on which a continuous backup is + taken. Output only field. Ignored if passed into the request. + items: + type: string + type: array + type: object + type: array + databaseVersion: + description: The database engine major version. This is an output-only + field and it's populated at the Cluster creation time. This field + cannot be changed after cluster creation. + type: string + encryptionInfo: + description: EncryptionInfo describes the encryption information of + a cluster or a backup. + items: + properties: + encryptionType: + description: Output only. Type of encryption. + type: string + kmsKeyVersions: + description: Output only. Cloud KMS key versions that are being + used to protect the database or the backup. + items: + type: string + type: array + type: object + type: array + migrationSource: + description: Cluster created via DMS migration. + items: + properties: + hostPort: + description: The host and port of the on-premises instance in + host:port format. + type: string + referenceId: + description: Place holder for the external source identifier(e.g + DMS job name) that created the cluster. + type: string + sourceType: + description: Type of migration source. + type: string + type: object + type: array + name: + description: The name of the cluster resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + clusterType: + description: 'The type of cluster. If not set, defaults to PRIMARY. + Default value: "PRIMARY" Possible values: ["PRIMARY", "SECONDARY"].' + type: string + type: object + uid: + description: The system-generated UID of the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + automatedBackupPolicy: + description: The automated backup policy for this cluster. AutomatedBackupPolicy + is disabled by default. + properties: + backupWindow: + description: |- + The length of the time window during which a backup can be taken. If a backup does not succeed within this time window, it will be canceled and considered failed. + + The backup window must be at least 5 minutes long. There is no upper bound on the window. If not set, it will default to 1 hour. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + enabled: + description: Whether automated backups are enabled. + type: boolean + encryptionConfig: + description: EncryptionConfig describes the encryption config + of a cluster or a backup that is encrypted with a CMEK (customer-managed + encryption key). + properties: + kmsKeyNameRef: + description: '(Optional) The fully-qualified resource name + of the KMS key. Each Cloud KMS key is regionalized and has + the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + labels: + additionalProperties: + type: string + description: Labels to apply to backups created using this configuration. + type: object + location: + description: The location where the backup will be stored. Currently, + the only supported option is to store the backup in the same + region as the cluster. + type: string + quantityBasedRetention: + description: Quantity-based Backup retention policy to retain + recent backups. Conflicts with 'time_based_retention', both + can't be set together. + properties: + count: + description: The number of backups to retain. + type: integer + type: object + timeBasedRetention: + description: Time-based Backup retention policy. Conflicts with + 'quantity_based_retention', both can't be set together. + properties: + retentionPeriod: + description: |- + The retention period. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + type: object + weeklySchedule: + description: Weekly schedule for the Backup. + properties: + daysOfWeek: + description: 'The days of the week to perform a backup. At + least one day of the week must be provided. Possible values: + ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", + "SATURDAY", "SUNDAY"].' + items: + type: string + type: array + startTimes: + description: The times during the day to start a backup. At + least one start time must be provided. The start times are + assumed to be in UTC and to be an exact hour (e.g., 04:00:00). + items: + properties: + hours: + description: Hours of day in 24 hour format. Should + be from 0 to 23. An API may choose to allow the value + "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Minutes of hour of day. Currently, only + the value 0 is supported. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Currently, + only the value 0 is supported. + type: integer + seconds: + description: Seconds of minutes of the time. Currently, + only the value 0 is supported. + type: integer + type: object + type: array + required: + - startTimes + type: object + type: object + clusterType: + description: 'The type of cluster. If not set, defaults to PRIMARY. + Default value: "PRIMARY" Possible values: ["PRIMARY", "SECONDARY"].' + type: string + continuousBackupConfig: + description: |- + The continuous backup config for this cluster. + + If no policy is provided then the default policy will be used. The default policy takes one backup a day and retains backups for 14 days. + properties: + enabled: + description: Whether continuous backup recovery is enabled. If + not set, defaults to true. + type: boolean + encryptionConfig: + description: EncryptionConfig describes the encryption config + of a cluster or a backup that is encrypted with a CMEK (customer-managed + encryption key). + properties: + kmsKeyNameRef: + description: '(Optional) The fully-qualified resource name + of the KMS key. Each Cloud KMS key is regionalized and has + the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + recoveryWindowDays: + description: |- + The numbers of days that are eligible to restore from using PITR. To support the entire recovery window, backups and logs are retained for one day more than the recovery window. + + If not set, defaults to 14 days. + type: integer + type: object + deletionPolicy: + description: |- + Policy to determine if the cluster should be deleted forcefully. + Deleting a cluster forcefully, deletes the cluster and all its associated instances within the cluster. + Deleting a Secondary cluster with a secondary instance REQUIRES setting deletion_policy = "FORCE" otherwise an error is returned. This is needed as there is no support to delete just the secondary instance, and the only way to delete secondary instance is to delete the associated secondary cluster forcefully which also deletes the secondary instance. + type: string + displayName: + description: User-settable and human-readable display name for the + Cluster. + type: string + encryptionConfig: + description: EncryptionConfig describes the encryption config of a + cluster or a backup that is encrypted with a CMEK (customer-managed + encryption key). + properties: + kmsKeyNameRef: + description: '(Optional) The fully-qualified resource name of + the KMS key. Each Cloud KMS key is regionalized and has the + following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + initialUser: + description: Initial user to setup during cluster creation. + properties: + password: + description: The initial password for the user. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + user: + description: The database username. + type: string + required: + - password + type: object + location: + description: Immutable. The location where the alloydb cluster should + reside. + type: string + maintenanceUpdatePolicy: + description: MaintenanceUpdatePolicy defines the policy for system + updates. + properties: + maintenanceWindows: + description: Preferred windows to perform maintenance. Currently + limited to 1. + items: + properties: + day: + description: 'Preferred day of the week for maintenance, + e.g. MONDAY, TUESDAY, etc. Possible values: ["MONDAY", + "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", + "SUNDAY"].' + type: string + startTime: + description: Preferred time to start the maintenance operation + on the specified day. Maintenance will start within 1 + hour of this time. + properties: + hours: + description: Hours of day in 24 hour format. Should + be from 0 to 23. + type: integer + minutes: + description: Minutes of hour of day. Currently, only + the value 0 is supported. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Currently, + only the value 0 is supported. + type: integer + seconds: + description: Seconds of minutes of the time. Currently, + only the value 0 is supported. + type: integer + required: + - hours + type: object + required: + - day + - startTime + type: object + type: array + type: object + networkConfig: + description: Metadata related to network configuration. + properties: + allocatedIpRange: + description: |- + The name of the allocated IP range for the private IP AlloyDB cluster. For example: "google-managed-services-default". + If set, the instance IPs for this cluster will be created in the allocated range. + type: string + networkRef: + description: |- + (Required) The relative resource name of the VPC network on which + the instance can be accessed. It is specified in the following form: + projects/{project}/global/networks/{network_id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/global/networks/{{value}}`, + where {{value}} is the `name` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + networkRef: + description: |- + (Required) The relative resource name of the VPC network on which + the instance can be accessed. It is specified in the following form: + projects/{project}/global/networks/{network_id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/global/networks/{{value}}`, + where {{value}} is the `name` field of a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The clusterId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + restoreBackupSource: + description: Immutable. The source when restoring from a backup. Conflicts + with 'restore_continuous_backup_source', both can't be set together. + properties: + backupNameRef: + description: (Required) The name of the backup that this cluster + is restored from. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AlloyDBBackup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backupNameRef + type: object + restoreContinuousBackupSource: + description: Immutable. The source when restoring via point in time + recovery (PITR). Conflicts with 'restore_backup_source', both can't + be set together. + properties: + clusterRef: + description: (Required) The name of the source cluster that this + cluster is restored from. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AlloyDBCluster` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + pointInTime: + description: Immutable. The point in time that this cluster is + restored to, in RFC 3339 format. + type: string + required: + - clusterRef + - pointInTime + type: object + secondaryConfig: + description: Configuration of the secondary cluster for Cross Region + Replication. This should be set if and only if the cluster is of + type SECONDARY. + properties: + primaryClusterNameRef: + description: |- + Name of the primary cluster must be in the format + 'projects/{project}/locations/{location}/clusters/{cluster_id}' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AlloyDBCluster` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - primaryClusterNameRef + type: object + required: + - location + - projectRef + type: object + status: + properties: + backupSource: + description: Cluster created from backup. + items: + properties: + backupName: + description: The name of the backup resource. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + continuousBackupInfo: + description: ContinuousBackupInfo describes the continuous backup + properties of a cluster. + items: + properties: + earliestRestorableTime: + description: The earliest restorable time that can be restored + to. Output only field. + type: string + enabledTime: + description: When ContinuousBackup was most recently enabled. + Set to null if ContinuousBackup is not enabled. + type: string + encryptionInfo: + description: Output only. The encryption information for the + WALs and backups required for ContinuousBackup. + items: + properties: + encryptionType: + description: Output only. Type of encryption. + type: string + kmsKeyVersions: + description: Output only. Cloud KMS key versions that + are being used to protect the database or the backup. + items: + type: string + type: array + type: object + type: array + schedule: + description: Days of the week on which a continuous backup is + taken. Output only field. Ignored if passed into the request. + items: + type: string + type: array + type: object + type: array + databaseVersion: + description: The database engine major version. This is an output-only + field and it's populated at the Cluster creation time. This field + cannot be changed after cluster creation. + type: string + encryptionInfo: + description: EncryptionInfo describes the encryption information of + a cluster or a backup. + items: + properties: + encryptionType: + description: Output only. Type of encryption. + type: string + kmsKeyVersions: + description: Output only. Cloud KMS key versions that are being + used to protect the database or the backup. + items: + type: string + type: array + type: object + type: array + migrationSource: + description: Cluster created via DMS migration. + items: + properties: + hostPort: + description: The host and port of the on-premises instance in + host:port format. + type: string + referenceId: + description: Place holder for the external source identifier(e.g + DMS job name) that created the cluster. + type: string + sourceType: + description: Type of migration source. + type: string + type: object + type: array + name: + description: The name of the cluster resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + clusterType: + description: 'The type of cluster. If not set, defaults to PRIMARY. + Default value: "PRIMARY" Possible values: ["PRIMARY", "SECONDARY"].' + type: string + type: object + uid: + description: The system-generated UID of the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: alloydbinstances.alloydb.cnrm.cloud.google.com +spec: + group: alloydb.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AlloyDBInstance + plural: alloydbinstances + shortNames: + - gcpalloydbinstance + - gcpalloydbinstances + singular: alloydbinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - instanceType + - required: + - instanceTypeRef + properties: + annotations: + additionalProperties: + type: string + description: Annotations to allow client tools to store small amount + of arbitrary data. This is distinct from labels. + type: object + availabilityType: + description: |- + 'Availability type of an Instance. Defaults to REGIONAL for both primary and read instances. + Note that primary and read instances can have different availability types. + Only READ_POOL instance supports ZONAL type. Users can't specify the zone for READ_POOL instance. + Zone is automatically chosen from the list of zones in the region specified. + Read pool of size 1 can only have zonal availability. Read pools with node count of 2 or more + can have regional availability (nodes are present in 2 or more zones in a region).' Possible values: ["AVAILABILITY_TYPE_UNSPECIFIED", "ZONAL", "REGIONAL"]. + type: string + clusterRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AlloyDBCluster` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + databaseFlags: + additionalProperties: + type: string + description: Database flags. Set at instance level. * They are copied + from primary instance on read instance creation. * Read instances + can set new or override existing flags that are relevant for reads, + e.g. for enabling columnar cache on a read instance. Flags set on + read instance may or may not be present on primary. + type: object + displayName: + description: User-settable and human-readable display name for the + Instance. + type: string + gceZone: + description: The Compute Engine zone that the instance should serve + from, per https://cloud.google.com/compute/docs/regions-zones This + can ONLY be specified for ZONAL instances. If present for a REGIONAL + instance, an error will be thrown. If this is absent for a ZONAL + instance, instance is created in a random zone with available capacity. + type: string + instanceType: + description: |- + We recommend that you use `instanceTypeRef` instead. + The type of the instance. Possible values: [PRIMARY, READ_POOL, SECONDARY] + type: string + instanceTypeRef: + description: |- + The type of instance. + Possible values: ["PRIMARY", "READ_POOL", "SECONDARY"] + For PRIMARY and SECONDARY instances, set the value to refer to the name of the associated cluster. + This is recommended because the instance type of primary and secondary instances is tied to the cluster type of the associated cluster. + If the secondary cluster is promoted to primary cluster, then the associated secondary instance also becomes primary instance. + Example: + instanceTypeRef: + name: clusterName + For instances of type READ_POOL, set the value using external keyword. + Example: + instanceTypeRef: + external: READ_POOL + If the instance type is SECONDARY, the delete instance operation does not delete the secondary instance but abandons it instead. + Use deletionPolicy = "FORCE" in the associated secondary cluster and delete the cluster forcefully to delete the secondary cluster as well its associated secondary instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `clusterType` field of an `AlloyDBCluster` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineConfig: + description: Configurations for the machines that host the underlying + database engine. + properties: + cpuCount: + description: The number of CPU's in the VM instance. + type: integer + type: object + networkConfig: + description: Instance level network configuration. + properties: + authorizedExternalNetworks: + description: A list of external networks authorized to access + this instance. This field is only allowed to be set when 'enable_public_ip' + is set to true. + items: + properties: + cidrRange: + description: CIDR range for one authorized network of the + instance. + type: string + type: object + type: array + enableOutboundPublicIp: + description: Enabling outbound public ip for the instance. + type: boolean + enablePublicIp: + description: Enabling public ip for the instance. If a user wishes + to disable this, please also clear the list of the authorized + external networks set on the same instance. + type: boolean + type: object + readPoolConfig: + description: Read pool specific config. If the instance type is READ_POOL, + this configuration must be provided. + properties: + nodeCount: + description: Read capacity, i.e. number of nodes in a read pool + instance. + type: integer + type: object + resourceID: + description: Immutable. Optional. The instanceId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - clusterRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time the Instance was created in UTC. + type: string + ipAddress: + description: The IP address for the Instance. This is the connection + endpoint for an end-user application. + type: string + name: + description: The name of the instance resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + outboundPublicIpAddresses: + description: |- + The outbound public IP addresses for the instance. This is available ONLY when + networkConfig.enableOutboundPublicIp is set to true. These IP addresses are used + for outbound connections. + items: + type: string + type: array + publicIpAddress: + description: The public IP addresses for the Instance. This is available + ONLY when networkConfig.enablePublicIp is set to true. This is the + connection endpoint for an end-user application. + type: string + reconciling: + description: Set to true if the current state of Instance does not + match the user's intended state, and the service is actively updating + the resource to reconcile them. This can happen due to user-triggered + updates or system actions like failover or maintenance. + type: boolean + state: + description: The current state of the alloydb instance. + type: string + uid: + description: The system-generated UID of the resource. + type: string + updateTime: + description: Time the Instance was updated in UTC. + type: string + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - instanceType + - required: + - instanceTypeRef + properties: + annotations: + additionalProperties: + type: string + description: Annotations to allow client tools to store small amount + of arbitrary data. This is distinct from labels. + type: object + availabilityType: + description: |- + 'Availability type of an Instance. Defaults to REGIONAL for both primary and read instances. + Note that primary and read instances can have different availability types. + Only READ_POOL instance supports ZONAL type. Users can't specify the zone for READ_POOL instance. + Zone is automatically chosen from the list of zones in the region specified. + Read pool of size 1 can only have zonal availability. Read pools with node count of 2 or more + can have regional availability (nodes are present in 2 or more zones in a region).' Possible values: ["AVAILABILITY_TYPE_UNSPECIFIED", "ZONAL", "REGIONAL"]. + type: string + clusterRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AlloyDBCluster` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + databaseFlags: + additionalProperties: + type: string + description: Database flags. Set at instance level. * They are copied + from primary instance on read instance creation. * Read instances + can set new or override existing flags that are relevant for reads, + e.g. for enabling columnar cache on a read instance. Flags set on + read instance may or may not be present on primary. + type: object + displayName: + description: User-settable and human-readable display name for the + Instance. + type: string + gceZone: + description: The Compute Engine zone that the instance should serve + from, per https://cloud.google.com/compute/docs/regions-zones This + can ONLY be specified for ZONAL instances. If present for a REGIONAL + instance, an error will be thrown. If this is absent for a ZONAL + instance, instance is created in a random zone with available capacity. + type: string + instanceType: + description: |- + We recommend that you use `instanceTypeRef` instead. + The type of the instance. Possible values: [PRIMARY, READ_POOL, SECONDARY] + type: string + instanceTypeRef: + description: |- + The type of instance. + Possible values: ["PRIMARY", "READ_POOL", "SECONDARY"] + For PRIMARY and SECONDARY instances, set the value to refer to the name of the associated cluster. + This is recommended because the instance type of primary and secondary instances is tied to the cluster type of the associated cluster. + If the secondary cluster is promoted to primary cluster, then the associated secondary instance also becomes primary instance. + Example: + instanceTypeRef: + name: clusterName + For instances of type READ_POOL, set the value using external keyword. + Example: + instanceTypeRef: + external: READ_POOL + If the instance type is SECONDARY, the delete instance operation does not delete the secondary instance but abandons it instead. + Use deletionPolicy = "FORCE" in the associated secondary cluster and delete the cluster forcefully to delete the secondary cluster as well its associated secondary instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `clusterType` field of an `AlloyDBCluster` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineConfig: + description: Configurations for the machines that host the underlying + database engine. + properties: + cpuCount: + description: The number of CPU's in the VM instance. + type: integer + type: object + networkConfig: + description: Instance level network configuration. + properties: + authorizedExternalNetworks: + description: A list of external networks authorized to access + this instance. This field is only allowed to be set when 'enable_public_ip' + is set to true. + items: + properties: + cidrRange: + description: CIDR range for one authorized network of the + instance. + type: string + type: object + type: array + enableOutboundPublicIp: + description: Enabling outbound public ip for the instance. + type: boolean + enablePublicIp: + description: Enabling public ip for the instance. If a user wishes + to disable this, please also clear the list of the authorized + external networks set on the same instance. + type: boolean + type: object + readPoolConfig: + description: Read pool specific config. If the instance type is READ_POOL, + this configuration must be provided. + properties: + nodeCount: + description: Read capacity, i.e. number of nodes in a read pool + instance. + type: integer + type: object + resourceID: + description: Immutable. Optional. The instanceId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - clusterRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time the Instance was created in UTC. + type: string + ipAddress: + description: The IP address for the Instance. This is the connection + endpoint for an end-user application. + type: string + name: + description: The name of the instance resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + outboundPublicIpAddresses: + description: |- + The outbound public IP addresses for the instance. This is available ONLY when + networkConfig.enableOutboundPublicIp is set to true. These IP addresses are used + for outbound connections. + items: + type: string + type: array + publicIpAddress: + description: The public IP addresses for the Instance. This is available + ONLY when networkConfig.enablePublicIp is set to true. This is the + connection endpoint for an end-user application. + type: string + reconciling: + description: Set to true if the current state of Instance does not + match the user's intended state, and the service is actively updating + the resource to reconcile them. This can happen due to user-triggered + updates or system actions like failover or maintenance. + type: boolean + state: + description: The current state of the alloydb instance. + type: string + uid: + description: The system-generated UID of the resource. + type: string + updateTime: + description: Time the Instance was updated in UTC. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: alloydbusers.alloydb.cnrm.cloud.google.com +spec: + group: alloydb.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AlloyDBUser + plural: alloydbusers + shortNames: + - gcpalloydbuser + - gcpalloydbusers + singular: alloydbuser + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clusterRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AlloyDBCluster` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + databaseRoles: + description: List of database roles this database user has. + items: + type: string + type: array + password: + description: Password for this database user. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + resourceID: + description: Immutable. Optional. The userId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + userType: + description: 'Immutable. The type of this user. Possible values: ["ALLOYDB_BUILT_IN", + "ALLOYDB_IAM_USER"].' + type: string + required: + - clusterRef + - userType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: Name of the resource in the form of projects/{project}/locations/{location}/clusters/{cluster}/users/{user}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigatewayapiconfigs.apigateway.cnrm.cloud.google.com +spec: + group: apigateway.cnrm.cloud.google.com + names: + categories: + - gcp + kind: APIGatewayAPIConfig + plural: apigatewayapiconfigs + shortNames: + - gcpapigatewayapiconfig + - gcpapigatewayapiconfigs + singular: apigatewayapiconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + api: + description: Immutable. The API to attach the config to. + type: string + apiConfigIdPrefix: + description: Immutable. Creates a unique name beginning with the specified + prefix. If this and api_config_id are unspecified, a random value + is chosen for the name. + type: string + displayName: + description: A user-visible name for the API. + type: string + gatewayConfig: + description: |- + Immutable. Immutable. Gateway specific configuration. + If not specified, backend authentication will be set to use OIDC authentication using the default compute service account. + properties: + backendConfig: + description: Backend settings that are applied to all backends + of the Gateway. + properties: + googleServiceAccount: + description: |- + Immutable. Google Cloud IAM service account used to sign OIDC tokens for backends that have authentication configured + (https://cloud.google.com/service-infrastructure/docs/service-management/reference/rest/v1/services.configs#backend). + type: string + required: + - googleServiceAccount + type: object + required: + - backendConfig + type: object + grpcServices: + description: gRPC service definition files. If specified, openapiDocuments + must not be included. + items: + properties: + fileDescriptorSet: + description: |- + Immutable. Input only. File descriptor set, generated by protoc. + To generate, use protoc with imports and source info included. For an example test.proto file, the following command would put the value in a new file named out.pb. + + $ protoc --include_imports --include_source_info test.proto -o out.pb. + properties: + contents: + description: Immutable. Base64 encoded content of the file. + type: string + path: + description: Immutable. The file path (full or relative + path). This is typically the path of the file when it + is uploaded. + type: string + required: + - contents + - path + type: object + source: + description: Uncompiled proto files associated with the descriptor + set, used for display purposes (server-side compilation is + not supported). These should match the inputs to 'protoc' + command used to generate fileDescriptorSet. + items: + properties: + contents: + description: Immutable. Base64 encoded content of the + file. + type: string + path: + description: Immutable. The file path (full or relative + path). This is typically the path of the file when it + is uploaded. + type: string + required: + - contents + - path + type: object + type: array + required: + - fileDescriptorSet + type: object + type: array + managedServiceConfigs: + description: |- + Optional. Service Configuration files. At least one must be included when using gRPC service definitions. See https://cloud.google.com/endpoints/docs/grpc/grpc-service-config#service_configuration_overview for the expected file contents. + If multiple files are specified, the files are merged with the following rules: * All singular scalar fields are merged using "last one wins" semantics in the order of the files uploaded. * Repeated fields are concatenated. * Singular embedded messages are merged using these rules for nested fields. + items: + properties: + contents: + description: Immutable. Base64 encoded content of the file. + type: string + path: + description: Immutable. The file path (full or relative path). + This is typically the path of the file when it is uploaded. + type: string + required: + - contents + - path + type: object + type: array + openapiDocuments: + description: OpenAPI specification documents. If specified, grpcServices + and managedServiceConfigs must not be included. + items: + properties: + document: + description: The OpenAPI Specification document file. + properties: + contents: + description: Immutable. Base64 encoded content of the file. + type: string + path: + description: Immutable. The file path (full or relative + path). This is typically the path of the file when it + is uploaded. + type: string + required: + - contents + - path + type: object + required: + - document + type: object + type: array + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The apiConfigId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - api + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The resource name of the API Config. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + serviceConfigId: + description: The ID of the associated Service Config (https://cloud.google.com/service-infrastructure/docs/glossary#config). + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigatewayapis.apigateway.cnrm.cloud.google.com +spec: + group: apigateway.cnrm.cloud.google.com + names: + categories: + - gcp + kind: APIGatewayAPI + plural: apigatewayapis + shortNames: + - gcpapigatewayapi + - gcpapigatewayapis + singular: apigatewayapi + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: A user-visible name for the API. + type: string + managedService: + description: |- + Immutable. Immutable. The name of a Google Managed Service ( https://cloud.google.com/service-infrastructure/docs/glossary#managed). + If not specified, a new Service will automatically be created in the same project as this API. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The apiId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Creation timestamp in RFC3339 text format. + type: string + name: + description: The resource name of the API. Format 'projects/{{project}}/locations/global/apis/{{apiId}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigatewaygateways.apigateway.cnrm.cloud.google.com +spec: + group: apigateway.cnrm.cloud.google.com + names: + categories: + - gcp + kind: APIGatewayGateway + plural: apigatewaygateways + shortNames: + - gcpapigatewaygateway + - gcpapigatewaygateways + singular: apigatewaygateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + apiConfig: + description: |- + Resource name of the API Config for this Gateway. Format: projects/{project}/locations/global/apis/{api}/configs/{apiConfig}. + When changing api configs please ensure the new config is a new resource and the lifecycle rule 'create_before_destroy' is set. + type: string + displayName: + description: A user-visible name for the API. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the gateway for the API. + type: string + resourceID: + description: Immutable. Optional. The gatewayId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - apiConfig + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + defaultHostname: + description: The default API Gateway host name of the form {gatewayId}-{hash}.{region_code}.gateway.dev. + type: string + name: + description: 'Resource name of the Gateway. Format: projects/{project}/locations/{region}/gateways/{gateway}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeeaddonsconfigs.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeAddonsConfig + plural: apigeeaddonsconfigs + shortNames: + - gcpapigeeaddonsconfig + - gcpapigeeaddonsconfigs + singular: apigeeaddonsconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addonsConfig: + description: Addon configurations of the Apigee organization. + properties: + advancedApiOpsConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + type: object + apiSecurityConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + expiresAt: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: string + type: object + connectorsPlatformConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + expiresAt: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: string + type: object + integrationConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + type: object + monetizationConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + type: object + type: object + org: + description: Immutable. Name of the Apigee organization. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - org + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeeendpointattachments.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeEndpointAttachment + plural: apigeeendpointattachments + shortNames: + - gcpapigeeendpointattachment + - gcpapigeeendpointattachments + singular: apigeeendpointattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: + description: Immutable. Location of the endpoint attachment. + type: string + orgId: + description: |- + Immutable. The Apigee Organization associated with the Apigee instance, + in the format 'organizations/{{org_name}}'. + type: string + resourceID: + description: Immutable. Optional. The endpointAttachmentId of the + resource. Used for creation and acquisition. When unset, the value + of `metadata.name` is used as the default. + type: string + serviceAttachment: + description: 'Immutable. Format: projects/*/regions/*/serviceAttachments/*.' + type: string + required: + - location + - orgId + - serviceAttachment + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + connectionState: + description: State of the endpoint attachment connection to the service + attachment. + type: string + host: + description: Host that can be used in either HTTP Target Endpoint + directly, or as the host in Target Server. + type: string + name: + description: |- + Name of the Endpoint Attachment in the following format: + organizations/{organization}/endpointAttachments/{endpointAttachment}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeeenvgroupattachments.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeEnvgroupAttachment + plural: apigeeenvgroupattachments + shortNames: + - gcpapigeeenvgroupattachment + - gcpapigeeenvgroupattachments + singular: apigeeenvgroupattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + envgroupId: + description: |- + Immutable. The Apigee environment group associated with the Apigee environment, + in the format 'organizations/{{org_name}}/envgroups/{{envgroup_name}}'. + type: string + environment: + description: Immutable. The resource ID of the environment. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - envgroupId + - environment + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The name of the newly created attachment (output parameter). + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeeenvgroups.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeEnvgroup + plural: apigeeenvgroups + shortNames: + - gcpapigeeenvgroup + - gcpapigeeenvgroups + singular: apigeeenvgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + hostnames: + description: Hostnames of the environment group. + items: + type: string + type: array + orgId: + description: |- + Immutable. The Apigee Organization associated with the Apigee environment group, + in the format 'organizations/{{org_name}}'. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - orgId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: apigeeenvironments.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeEnvironment + plural: apigeeenvironments + shortNames: + - gcpapigeeenvironment + - gcpapigeeenvironments + singular: apigeeenvironment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + apigeeOrganizationRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The apigee organization for the resource + + Allowed value: The Google Cloud resource name of an `ApigeeOrganization` resource (format: `organizations/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Optional. Description of the environment. + type: string + displayName: + description: Optional. Display name for this environment. + type: string + properties: + additionalProperties: + type: string + description: Optional. Key-value pairs that may be used for customizing + the environment. + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - apigeeOrganizationRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createdAt: + description: Output only. Creation time of this environment as milliseconds + since epoch. + format: int64 + type: integer + lastModifiedAt: + description: Output only. Last modification time of this environment + as milliseconds since epoch. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. State of the environment. Values other + than ACTIVE means the resource is not ready to use. Possible values: + STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeeinstanceattachments.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeInstanceAttachment + plural: apigeeinstanceattachments + shortNames: + - gcpapigeeinstanceattachment + - gcpapigeeinstanceattachments + singular: apigeeinstanceattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + environment: + description: Immutable. The resource ID of the environment. + type: string + instanceId: + description: |- + Immutable. The Apigee instance associated with the Apigee environment, + in the format 'organizations/{{org_name}}/instances/{{instance_name}}'. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - environment + - instanceId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The name of the newly created attachment (output parameter). + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeeinstances.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeInstance + plural: apigeeinstances + shortNames: + - gcpapigeeinstance + - gcpapigeeinstances + singular: apigeeinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + consumerAcceptList: + description: |- + Immutable. Optional. Customer accept list represents the list of projects (id/number) on customer + side that can privately connect to the service attachment. It is an optional field + which the customers can provide during the instance creation. By default, the customer + project associated with the Apigee organization will be included to the list. + items: + type: string + type: array + description: + description: Immutable. Description of the instance. + type: string + diskEncryptionKeyName: + description: |- + Immutable. Customer Managed Encryption Key (CMEK) used for disk and volume encryption. Required for Apigee paid subscriptions only. + Use the following format: 'projects/([^/]+)/locations/([^/]+)/keyRings/([^/]+)/cryptoKeys/([^/]+)'. + type: string + displayName: + description: Immutable. Display name of the instance. + type: string + ipRange: + description: |- + Immutable. IP range represents the customer-provided CIDR block of length 22 that will be used for + the Apigee instance creation. This optional range, if provided, should be freely + available as part of larger named range the customer has allocated to the Service + Networking peering. If this is not provided, Apigee will automatically request for any + available /22 CIDR block from Service Networking. The customer should use this CIDR block + for configuring their firewall needs to allow traffic from Apigee. + Input format: "a.b.c.d/22". + type: string + location: + description: Immutable. Required. Compute Engine location where the + instance resides. + type: string + orgId: + description: |- + Immutable. The Apigee Organization associated with the Apigee instance, + in the format 'organizations/{{org_name}}'. + type: string + peeringCidrRange: + description: |- + Immutable. The size of the CIDR block range that will be reserved by the instance. For valid values, + see [CidrRange](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances#CidrRange) on the documentation. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - orgId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + host: + description: Output only. Hostname or IP address of the exposed Apigee + endpoint used by clients to connect to the service. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + port: + description: Output only. Port number of the exposed Apigee endpoint. + type: string + serviceAttachment: + description: |- + Output only. Resource name of the service attachment created for the instance in + the format: projects/*/regions/*/serviceAttachments/* Apigee customers can privately + forward traffic to this service attachment using the PSC endpoints. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeenataddresses.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeNATAddress + plural: apigeenataddresses + shortNames: + - gcpapigeenataddress + - gcpapigeenataddresses + singular: apigeenataddress + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + instanceId: + description: |- + Immutable. The Apigee instance associated with the Apigee environment, + in the format 'organizations/{{org_name}}/instances/{{instance_name}}'. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - instanceId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + ipAddress: + description: The allocated NAT IP address. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: State of the NAT IP address. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: apigeeorganizations.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeOrganization + plural: apigeeorganizations + shortNames: + - gcpapigeeorganization + - gcpapigeeorganizations + singular: apigeeorganization + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addonsConfig: + description: Addon configurations of the Apigee organization. + properties: + advancedApiOpsConfig: + description: Configuration for the Advanced API Ops add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + type: object + monetizationConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Monetization + add-on is enabled. + type: boolean + type: object + type: object + analyticsRegion: + description: Immutable. Required. Primary GCP region for analytics + data storage. For valid values, see (https://cloud.google.com/apigee/docs/api-platform/get-started/create-org). + type: string + authorizedNetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Compute Engine network used for Service Networking to be peered with Apigee runtime instances. See (https://cloud.google.com/vpc/docs/shared-vpc). To use a shared VPC network, use the following format: `projects/{host-project-id}/{region}/networks/{network-name}`. For example: `projects/my-sharedvpc-host/global/networks/mynetwork` **Note:** Not supported for Apigee hybrid. + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Description of the Apigee organization. + type: string + displayName: + description: Display name for the Apigee organization. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. Name of the GCP project in which to associate the Apigee organization. Pass the information as a query parameter using the following structure in your request: projects/ Authorization requires the following IAM permission on the specified resource parent: apigee.organizations.create + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + properties: + additionalProperties: + type: string + description: Properties defined in the Apigee organization profile. + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + runtimeDatabaseEncryptionKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances. Update is not allowed after the organization is created. Required when (#RuntimeType) is `TRIAL`, a Google-Managed encryption key will be used. For example: "projects/foo/locations/us/keyRings/bar/cryptoKeys/baz". **Note:** Not supported for Apigee hybrid. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + runtimeType: + description: 'Immutable. Required. Runtime type of the Apigee organization + based on the Apigee subscription purchased. Possible values: RUNTIME_TYPE_UNSPECIFIED, + CLOUD, HYBRID' + type: string + required: + - analyticsRegion + - projectRef + - runtimeType + type: object + status: + properties: + billingType: + description: 'Output only. Billing type of the Apigee organization. + See (https://cloud.google.com/apigee/pricing). Possible values: + BILLING_TYPE_UNSPECIFIED, SUBSCRIPTION, EVALUATION' + type: string + caCertificate: + description: Output only. Base64-encoded public certificate for the + root CA of the Apigee organization. Valid only when (#RuntimeType) + is `CLOUD`. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createdAt: + description: Output only. Time that the Apigee organization was created + in milliseconds since epoch. + format: int64 + type: integer + environments: + description: Output only. List of environments in the Apigee organization. + items: + type: string + type: array + expiresAt: + description: Output only. Time that the Apigee organization is scheduled + for deletion. + format: int64 + type: integer + lastModifiedAt: + description: Output only. Time that the Apigee organization was last + modified in milliseconds since epoch. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + projectId: + description: Output only. Project ID associated with the Apigee organization. + type: string + state: + description: 'Output only. State of the organization. Values other + than ACTIVE means the resource is not ready to use. Possible values: + SNAPSHOT_STATE_UNSPECIFIED, MISSING, OK_DOCSTORE, OK_SUBMITTED, + OK_EXTERNAL, DELETED' + type: string + subscriptionType: + description: 'Output only. DEPRECATED: This will eventually be replaced + by BillingType. Subscription type of the Apigee organization. Valid + values include trial (free, limited, and for evaluation purposes + only) or paid (full subscription has been purchased). See (https://cloud.google.com/apigee/pricing/). + Possible values: SUBSCRIPTION_TYPE_UNSPECIFIED, PAID, TRIAL' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeesyncauthorizations.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeSyncAuthorization + plural: apigeesyncauthorizations + shortNames: + - gcpapigeesyncauthorization + - gcpapigeesyncauthorizations + singular: apigeesyncauthorization + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + identities: + description: |- + Array of service accounts to grant access to control plane resources, each specified using the following format: 'serviceAccount:service-account-name'. + + The 'service-account-name' is formatted like an email address. For example: my-synchronizer-manager-serviceAccount@my_project_id.iam.gserviceaccount.com + + You might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one. + + The service accounts must have **Apigee Synchronizer Manager** role. See also [Create service accounts](https://cloud.google.com/apigee/docs/hybrid/v1.8/sa-about#create-the-service-accounts). + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - identities + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: |- + Entity tag (ETag) used for optimistic concurrency control as a way to help prevent simultaneous updates from overwriting each other. + Used internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apikeyskeys.apikeys.cnrm.cloud.google.com +spec: + group: apikeys.cnrm.cloud.google.com + names: + categories: + - gcp + kind: APIKeysKey + listKind: APIKeysKeyList + plural: apikeyskeys + shortNames: + - gcpapikeyskey + - gcpapikeyskeys + singular: apikeyskey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: APIKeysKey is the Schema for the APIKeys Key resource. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Human-readable display name of this key that you can + modify. The maximum length is 63 characters. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + restrictions: + description: Key restrictions. + properties: + androidKeyRestrictions: + description: The Android apps that are allowed to use the key. + properties: + allowedApplications: + description: A list of Android applications that are allowed + to make API calls with this key. + items: + properties: + packageName: + description: The package name of the application. + type: string + sha1Fingerprint: + description: 'The SHA1 fingerprint of the application. + For example, both sha1 formats are acceptable : DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09 + or DA39A3EE5E6B4B0D3255BFEF95601890AFD80709. Output + format is the latter.' + type: string + required: + - packageName + - sha1Fingerprint + type: object + type: array + required: + - allowedApplications + type: object + apiTargets: + description: A restriction for a specific service and optionally + one or more specific methods. Requests are allowed if they match + any of these restrictions. If no restrictions are specified, + all targets are allowed. + items: + properties: + methods: + description: 'Optional. List of one or more methods that + can be called. If empty, all methods for the service are + allowed. A wildcard (*) can be used as the last symbol. + Valid examples: `google.cloud.translate.v2.TranslateService.GetSupportedLanguage` + `TranslateText` `Get*` `translate.googleapis.com.Get*`' + items: + type: string + type: array + service: + description: 'The service for this restriction. It should + be the canonical service name, for example: `translate.googleapis.com`. + You can use [`gcloud services list`](/sdk/gcloud/reference/services/list) + to get a list of services that are enabled in the project.' + type: string + required: + - service + type: object + type: array + browserKeyRestrictions: + description: The HTTP referrers (websites) that are allowed to + use the key. + properties: + allowedReferrers: + description: A list of regular expressions for the referrer + URLs that are allowed to make API calls with this key. + items: + type: string + type: array + required: + - allowedReferrers + type: object + iosKeyRestrictions: + description: The iOS apps that are allowed to use the key. + properties: + allowedBundleIds: + description: A list of bundle IDs that are allowed when making + API calls with this key. + items: + type: string + type: array + required: + - allowedBundleIds + type: object + serverKeyRestrictions: + description: The IP addresses of callers that are allowed to use + the key. + properties: + allowedIps: + description: A list of the caller IP addresses that are allowed + to make API calls with this key. + items: + type: string + type: array + required: + - allowedIps + type: object + type: object + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + uid: + description: Output only. Unique id in UUID4 format. + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: appenginedomainmappings.appengine.cnrm.cloud.google.com +spec: + group: appengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AppEngineDomainMapping + plural: appenginedomainmappings + shortNames: + - gcpappenginedomainmapping + - gcpappenginedomainmappings + singular: appenginedomainmapping + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + overrideStrategy: + description: |- + Whether the domain creation should override any existing mappings for this domain. + By default, overrides are rejected. Default value: "STRICT" Possible values: ["STRICT", "OVERRIDE"]. + type: string + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The domainName of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslSettings: + description: SSL configuration for this domain. If unconfigured, this + domain will not serve with SSL. + properties: + certificateId: + description: |- + ID of the AuthorizedCertificate resource configuring SSL for the application. Clearing this field will + remove SSL support. + By default, a managed certificate is automatically created for every domain mapping. To omit SSL support + or to configure SSL manually, specify 'SslManagementType.MANUAL' on a 'CREATE' or 'UPDATE' request. You must be + authorized to administer the 'AuthorizedCertificate' resource to manually map it to a DomainMapping resource. + Example: 12345. + type: string + pendingManagedCertificateId: + description: |- + ID of the managed 'AuthorizedCertificate' resource currently being provisioned, if applicable. Until the new + managed certificate has been successfully provisioned, the previous SSL state will be preserved. Once the + provisioning process completes, the 'certificateId' field will reflect the new managed certificate and this + field will be left empty. To remove SSL support while there is still a pending managed certificate, clear the + 'certificateId' field with an update request. + type: string + sslManagementType: + description: |- + SSL management type for this domain. If 'AUTOMATIC', a managed certificate is automatically provisioned. + If 'MANUAL', 'certificateId' must be manually specified in order to configure SSL for this domain. Possible values: ["AUTOMATIC", "MANUAL"]. + type: string + required: + - sslManagementType + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'Full path to the DomainMapping resource in the API. + Example: apps/myapp/domainMapping/example.com.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + resourceRecords: + description: |- + The resource records required to configure this domain mapping. These records must be added to the domain's DNS + configuration in order to serve the application via this domain mapping. + items: + properties: + name: + description: 'Relative name of the object affected by this record. + Only applicable for CNAME records. Example: ''www''.' + type: string + rrdata: + description: Data for this record. Values vary by record type, + as defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1). + type: string + type: + description: 'Resource record type. Example: ''AAAA''. Possible + values: ["A", "AAAA", "CNAME"].' + type: string + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: appenginefirewallrules.appengine.cnrm.cloud.google.com +spec: + group: appengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AppEngineFirewallRule + plural: appenginefirewallrules + shortNames: + - gcpappenginefirewallrule + - gcpappenginefirewallrules + singular: appenginefirewallrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: 'The action to take if this rule matches. Possible values: + ["UNSPECIFIED_ACTION", "ALLOW", "DENY"].' + type: string + description: + description: An optional string description of this rule. + type: string + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The priority of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceRange: + description: IP address or range, defined using CIDR notation, of + requests that this rule applies to. + type: string + required: + - action + - sourceRange + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: appengineflexibleappversions.appengine.cnrm.cloud.google.com +spec: + group: appengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AppEngineFlexibleAppVersion + plural: appengineflexibleappversions + shortNames: + - gcpappengineflexibleappversion + - gcpappengineflexibleappversions + singular: appengineflexibleappversion + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + apiConfig: + description: Serving configuration for Google Cloud Endpoints. + properties: + authFailAction: + description: 'Action to take when users access resources that + require authentication. Default value: "AUTH_FAIL_ACTION_REDIRECT" + Possible values: ["AUTH_FAIL_ACTION_REDIRECT", "AUTH_FAIL_ACTION_UNAUTHORIZED"].' + type: string + login: + description: 'Level of login required to access this resource. + Default value: "LOGIN_OPTIONAL" Possible values: ["LOGIN_OPTIONAL", + "LOGIN_ADMIN", "LOGIN_REQUIRED"].' + type: string + script: + description: Path to the script from the application root directory. + type: string + securityLevel: + description: 'Security (HTTPS) enforcement for this URL. Possible + values: ["SECURE_DEFAULT", "SECURE_NEVER", "SECURE_OPTIONAL", + "SECURE_ALWAYS"].' + type: string + url: + description: URL to serve the endpoint at. + type: string + required: + - script + type: object + automaticScaling: + description: Automatic scaling is based on request rate, response + latencies, and other application metrics. + properties: + coolDownPeriod: + description: |- + The time period that the Autoscaler should wait before it starts collecting information from a new instance. + This prevents the autoscaler from collecting information when the instance is initializing, + during which the collected usage would not be reliable. Default: 120s. + type: string + cpuUtilization: + description: Target scaling by CPU usage. + properties: + aggregationWindowLength: + description: Period of time over which CPU utilization is + calculated. + type: string + targetUtilization: + description: Target CPU utilization ratio to maintain when + scaling. Must be between 0 and 1. + type: number + required: + - targetUtilization + type: object + diskUtilization: + description: Target scaling by disk usage. + properties: + targetReadBytesPerSecond: + description: Target bytes read per second. + type: integer + targetReadOpsPerSecond: + description: Target ops read per seconds. + type: integer + targetWriteBytesPerSecond: + description: Target bytes written per second. + type: integer + targetWriteOpsPerSecond: + description: Target ops written per second. + type: integer + type: object + maxConcurrentRequests: + description: |- + Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance. + + Defaults to a runtime-specific value. + type: integer + maxIdleInstances: + description: Maximum number of idle instances that should be maintained + for this version. + type: integer + maxPendingLatency: + description: Maximum amount of time that a request should wait + in the pending queue before starting a new instance to handle + it. + type: string + maxTotalInstances: + description: 'Maximum number of instances that should be started + to handle requests for this version. Default: 20.' + type: integer + minIdleInstances: + description: Minimum number of idle instances that should be maintained + for this version. Only applicable for the default version of + a service. + type: integer + minPendingLatency: + description: Minimum amount of time a request should wait in the + pending queue before starting a new instance to handle it. + type: string + minTotalInstances: + description: 'Minimum number of running instances that should + be maintained for this version. Default: 2.' + type: integer + networkUtilization: + description: Target scaling by network usage. + properties: + targetReceivedBytesPerSecond: + description: Target bytes received per second. + type: integer + targetReceivedPacketsPerSecond: + description: Target packets received per second. + type: integer + targetSentBytesPerSecond: + description: Target bytes sent per second. + type: integer + targetSentPacketsPerSecond: + description: Target packets sent per second. + type: integer + type: object + requestUtilization: + description: Target scaling by request utilization. + properties: + targetConcurrentRequests: + description: Target number of concurrent requests. + type: number + targetRequestCountPerSecond: + description: Target requests per second. + type: string + type: object + required: + - cpuUtilization + type: object + betaSettings: + additionalProperties: + type: string + description: Metadata settings that are supplied to this version to + enable beta runtime features. + type: object + defaultExpiration: + description: |- + Duration that static files should be cached by web proxies and browsers. + Only applicable if the corresponding StaticFilesHandler does not specify its own expiration time. + type: string + deleteServiceOnDestroy: + description: If set to 'true', the service will be deleted if it is + the last version. + type: boolean + deployment: + description: Code and application artifacts that make up this version. + properties: + cloudBuildOptions: + description: Options for the build operations performed as a part + of the version deployment. Only applicable when creating a version + using source code directly. + properties: + appYamlPath: + description: Path to the yaml file used in deployment, used + to determine runtime configuration details. + type: string + cloudBuildTimeout: + description: |- + The Cloud Build timeout used as part of any dependent builds performed by version creation. Defaults to 10 minutes. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + required: + - appYamlPath + type: object + container: + description: The Docker image for the container that runs the + version. + properties: + image: + description: |- + URI to the hosted container image in Google Container Registry. The URI must be fully qualified and include a tag or digest. + Examples: "gcr.io/my-project/image:tag" or "gcr.io/my-project/image@digest". + type: string + required: + - image + type: object + files: + description: |- + Manifest of the files stored in Google Cloud Storage that are included as part of this version. + All files must be readable using the credentials supplied with this call. + items: + properties: + name: + type: string + sha1Sum: + description: SHA1 checksum of the file. + type: string + sourceUrl: + description: Source URL. + type: string + required: + - name + - sourceUrl + type: object + type: array + zip: + description: Zip File. + properties: + filesCount: + description: files count. + type: integer + sourceUrl: + description: Source URL. + type: string + required: + - sourceUrl + type: object + type: object + endpointsApiService: + description: Code and application artifacts that make up this version. + properties: + configId: + description: |- + Endpoints service configuration ID as specified by the Service Management API. For example "2016-09-19r1". + + By default, the rollout strategy for Endpoints is "FIXED". This means that Endpoints starts up with a particular configuration ID. + When a new configuration is rolled out, Endpoints must be given the new configuration ID. The configId field is used to give the configuration ID + and is required in this case. + + Endpoints also has a rollout strategy called "MANAGED". When using this, Endpoints fetches the latest configuration and does not need + the configuration ID. In this case, configId must be omitted. + type: string + disableTraceSampling: + description: Enable or disable trace sampling. By default, this + is set to false for enabled. + type: boolean + name: + description: |- + Endpoints service name which is the name of the "service" resource in the Service Management API. + For example "myapi.endpoints.myproject.cloud.goog". + type: string + rolloutStrategy: + description: 'Endpoints rollout strategy. If FIXED, configId must + be specified. If MANAGED, configId must be omitted. Default + value: "FIXED" Possible values: ["FIXED", "MANAGED"].' + type: string + required: + - name + type: object + entrypoint: + description: The entrypoint for the application. + properties: + shell: + description: The format should be a shell command that can be + fed to bash -c. + type: string + required: + - shell + type: object + envVariables: + additionalProperties: + type: string + type: object + handlers: + description: |- + An ordered list of URL-matching patterns that should be applied to incoming requests. + The first matching URL handles the request and other request handlers are not attempted. + items: + properties: + authFailAction: + description: 'Actions to take when the user is not logged in. + Possible values: ["AUTH_FAIL_ACTION_REDIRECT", "AUTH_FAIL_ACTION_UNAUTHORIZED"].' + type: string + login: + description: 'Methods to restrict access to a URL based on login + status. Possible values: ["LOGIN_OPTIONAL", "LOGIN_ADMIN", + "LOGIN_REQUIRED"].' + type: string + redirectHttpResponseCode: + description: '30x code to use when performing redirects for + the secure field. Possible values: ["REDIRECT_HTTP_RESPONSE_CODE_301", + "REDIRECT_HTTP_RESPONSE_CODE_302", "REDIRECT_HTTP_RESPONSE_CODE_303", + "REDIRECT_HTTP_RESPONSE_CODE_307"].' + type: string + script: + description: |- + Executes a script to handle the requests that match this URL pattern. + Only the auto value is supported for Node.js in the App Engine standard environment, for example "script:" "auto". + properties: + scriptPath: + description: Path to the script from the application root + directory. + type: string + required: + - scriptPath + type: object + securityLevel: + description: 'Security (HTTPS) enforcement for this URL. Possible + values: ["SECURE_DEFAULT", "SECURE_NEVER", "SECURE_OPTIONAL", + "SECURE_ALWAYS"].' + type: string + staticFiles: + description: |- + Files served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files. + Static file handlers describe which files in the application directory are static files, and which URLs serve them. + properties: + applicationReadable: + description: |- + Whether files should also be uploaded as code data. By default, files declared in static file handlers are + uploaded as static data and are only served to end users; they cannot be read by the application. If enabled, + uploads are charged against both your code and static data storage resource quotas. + type: boolean + expiration: + description: |- + Time a static file served by this handler should be cached by web proxies and browsers. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example "3.5s". + Default is '0s'. + type: string + httpHeaders: + additionalProperties: + type: string + description: |- + HTTP headers to use for all responses from these URLs. + An object containing a list of "key:value" value pairs.". + type: object + mimeType: + description: |- + MIME type used to serve all files served by this handler. + Defaults to file-specific MIME types, which are derived from each file's filename extension. + type: string + path: + description: |- + Path to the static files matched by the URL pattern, from the application root directory. + The path can refer to text matched in groupings in the URL pattern. + type: string + requireMatchingFile: + description: Whether this handler should match the request + if the file referenced by the handler does not exist. + type: boolean + uploadPathRegex: + description: Regular expression that matches the file paths + for all files that should be referenced by this handler. + type: string + type: object + urlRegex: + description: |- + URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings. + All URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path. + type: string + type: object + type: array + inboundServices: + description: 'A list of the types of messages that this application + is able to receive. Possible values: ["INBOUND_SERVICE_MAIL", "INBOUND_SERVICE_MAIL_BOUNCE", + "INBOUND_SERVICE_XMPP_ERROR", "INBOUND_SERVICE_XMPP_MESSAGE", "INBOUND_SERVICE_XMPP_SUBSCRIBE", + "INBOUND_SERVICE_XMPP_PRESENCE", "INBOUND_SERVICE_CHANNEL_PRESENCE", + "INBOUND_SERVICE_WARMUP"].' + items: + type: string + type: array + instanceClass: + description: |- + Instance class that is used to run this version. Valid values are + AutomaticScaling: F1, F2, F4, F4_1G + ManualScaling: B1, B2, B4, B8, B4_1G + Defaults to F1 for AutomaticScaling and B1 for ManualScaling. + type: string + livenessCheck: + description: Health checking configuration for VM instances. Unhealthy + instances are killed and replaced with new instances. + properties: + checkInterval: + description: Interval between health checks. + type: string + failureThreshold: + description: 'Number of consecutive failed checks required before + considering the VM unhealthy. Default: 4.' + type: number + host: + description: 'Host header to send when performing a HTTP Readiness + check. Example: "myapp.appspot.com".' + type: string + initialDelay: + description: 'The initial delay before starting to execute the + checks. Default: "300s".' + type: string + path: + description: The request path. + type: string + successThreshold: + description: 'Number of consecutive successful checks required + before considering the VM healthy. Default: 2.' + type: number + timeout: + description: 'Time before the check is considered failed. Default: + "4s".' + type: string + required: + - path + type: object + manualScaling: + description: A service with manual scaling runs continuously, allowing + you to perform complex initialization and rely on the state of its + memory over time. + properties: + instances: + description: |- + Number of instances to assign to the service at the start. + + **Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2 + Modules API set_num_instances() you must use 'lifecycle.ignore_changes = ["manual_scaling"[0].instances]' to prevent drift detection. + type: integer + required: + - instances + type: object + network: + description: Extra network settings. + properties: + forwardedPorts: + description: List of ports, or port pairs, to forward from the + virtual machine to the application container. + items: + type: string + type: array + instanceTag: + description: Tag to apply to the instance during creation. + type: string + name: + description: Google Compute Engine network where the virtual machines + are created. Specify the short name, not the resource path. + type: string + sessionAffinity: + description: Enable session affinity. + type: boolean + subnetwork: + description: |- + Google Cloud Platform sub-network where the virtual machines are created. Specify the short name, not the resource path. + + If the network that the instance is being created in is a Legacy network, then the IP address is allocated from the IPv4Range. + If the network that the instance is being created in is an auto Subnet Mode Network, then only network name should be specified (not the subnetworkName) and the IP address is created from the IPCidrRange of the subnetwork that exists in that zone for that network. + If the network that the instance is being created in is a custom Subnet Mode Network, then the subnetworkName must be specified and the IP address is created from the IPCidrRange of the subnetwork. + If specified, the subnetwork must exist in the same region as the App Engine flexible environment application. + type: string + required: + - name + type: object + nobuildFilesRegex: + description: Files that match this pattern will not be built into + this version. Only applicable for Go runtimes. + type: string + noopOnDestroy: + description: If set to 'true', the application version will not be + deleted. + type: boolean + project: + description: Immutable. + type: string + readinessCheck: + description: Configures readiness health checking for instances. Unhealthy + instances are not put into the backend traffic rotation. + properties: + appStartTimeout: + description: |- + A maximum time limit on application initialization, measured from moment the application successfully + replies to a healthcheck until it is ready to serve traffic. Default: "300s". + type: string + checkInterval: + description: 'Interval between health checks. Default: "5s".' + type: string + failureThreshold: + description: 'Number of consecutive failed checks required before + removing traffic. Default: 2.' + type: number + host: + description: 'Host header to send when performing a HTTP Readiness + check. Example: "myapp.appspot.com".' + type: string + path: + description: The request path. + type: string + successThreshold: + description: 'Number of consecutive successful checks required + before receiving traffic. Default: 2.' + type: number + timeout: + description: 'Time before the check is considered failed. Default: + "4s".' + type: string + required: + - path + type: object + resourceID: + description: Immutable. Optional. The versionId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resources: + description: Machine resources for a version. + properties: + cpu: + description: Number of CPU cores needed. + type: integer + diskGb: + description: Disk size (GB) needed. + type: integer + memoryGb: + description: Memory (GB) needed. + type: number + volumes: + description: List of ports, or port pairs, to forward from the + virtual machine to the application container. + items: + properties: + name: + description: Unique name for the volume. + type: string + sizeGb: + description: Volume size in gigabytes. + type: integer + volumeType: + description: Underlying volume type, e.g. 'tmpfs'. + type: string + required: + - name + - sizeGb + - volumeType + type: object + type: array + type: object + runtime: + description: Desired runtime. Example python27. + type: string + runtimeApiVersion: + description: |- + The version of the API in the given runtime environment. + Please see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard//config/appref'\ + Substitute '' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'. + type: string + runtimeChannel: + description: The channel of the runtime to use. Only available for + some runtimes. + type: string + runtimeMainExecutablePath: + description: The path or name of the app's main executable. + type: string + serviceAccount: + description: |- + The identity that the deployed version will run as. Admin API will use the App Engine Appspot service account as + default if this field is neither provided in app.yaml file nor through CLI flag. + type: string + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AppEngineService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + servingStatus: + description: 'Current serving status of this version. Only the versions + with a SERVING status create instances and can be billed. Default + value: "SERVING" Possible values: ["SERVING", "STOPPED"].' + type: string + vpcAccessConnector: + description: Enables VPC connectivity for standard apps. + properties: + name: + description: Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1. + type: string + required: + - name + type: object + required: + - livenessCheck + - readinessCheck + - runtime + - serviceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: Full path to the Version resource in the API. Example, + "v1". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: appengineservicesplittraffics.appengine.cnrm.cloud.google.com +spec: + group: appengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AppEngineServiceSplitTraffic + plural: appengineservicesplittraffics + shortNames: + - gcpappengineservicesplittraffic + - gcpappengineservicesplittraffics + singular: appengineservicesplittraffic + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + migrateTraffic: + description: If set to true traffic will be migrated to this version. + type: boolean + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The service of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + split: + description: Mapping that defines fractional HTTP traffic diversion + to different versions within the service. + properties: + allocations: + additionalProperties: + type: string + description: Mapping from version IDs within the service to fractional + (0.000, 1] allocations of traffic for that version. Each version + can be specified only once, but some versions in the service + may not have any traffic allocation. Services that have traffic + allocated cannot be deleted until either the service is deleted + or their traffic allocation is removed. Allocations must sum + to 1. Up to two decimal place precision is supported for IP-based + splits and up to three decimal places is supported for cookie-based + splits. + type: object + shardBy: + description: 'Mechanism used to determine which version a request + is sent to. The traffic selection algorithm will be stable for + either type until allocations are changed. Possible values: + ["UNSPECIFIED", "COOKIE", "IP", "RANDOM"].' + type: string + required: + - allocations + type: object + required: + - split + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: appenginestandardappversions.appengine.cnrm.cloud.google.com +spec: + group: appengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AppEngineStandardAppVersion + plural: appenginestandardappversions + shortNames: + - gcpappenginestandardappversion + - gcpappenginestandardappversions + singular: appenginestandardappversion + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + appEngineApis: + description: Allows App Engine second generation runtimes to access + the legacy bundled services. + type: boolean + automaticScaling: + description: Automatic scaling is based on request rate, response + latencies, and other application metrics. + properties: + maxConcurrentRequests: + description: |- + Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance. + + Defaults to a runtime-specific value. + type: integer + maxIdleInstances: + description: Maximum number of idle instances that should be maintained + for this version. + type: integer + maxPendingLatency: + description: |- + Maximum amount of time that a request should wait in the pending queue before starting a new instance to handle it. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + minIdleInstances: + description: Minimum number of idle instances that should be maintained + for this version. Only applicable for the default version of + a service. + type: integer + minPendingLatency: + description: |- + Minimum amount of time a request should wait in the pending queue before starting a new instance to handle it. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + standardSchedulerSettings: + description: Scheduler settings for standard environment. + properties: + maxInstances: + description: Maximum number of instances to run for this version. + Set to zero to disable maxInstances configuration. + type: integer + minInstances: + description: Minimum number of instances to run for this version. + Set to zero to disable minInstances configuration. + type: integer + targetCpuUtilization: + description: Target CPU utilization ratio to maintain when + scaling. Should be a value in the range [0.50, 0.95], zero, + or a negative value. + type: number + targetThroughputUtilization: + description: Target throughput utilization ratio to maintain + when scaling. Should be a value in the range [0.50, 0.95], + zero, or a negative value. + type: number + type: object + type: object + basicScaling: + description: Basic scaling creates instances when your application + receives requests. Each instance will be shut down when the application + becomes idle. Basic scaling is ideal for work that is intermittent + or driven by user activity. + properties: + idleTimeout: + description: |- + Duration of time after the last request that an instance must wait before the instance is shut down. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. + type: string + maxInstances: + description: Maximum number of instances to create for this version. + Must be in the range [1.0, 200.0]. + type: integer + required: + - maxInstances + type: object + deleteServiceOnDestroy: + description: If set to 'true', the service will be deleted if it is + the last version. + type: boolean + deployment: + description: Code and application artifacts that make up this version. + properties: + files: + description: |- + Manifest of the files stored in Google Cloud Storage that are included as part of this version. + All files must be readable using the credentials supplied with this call. + items: + properties: + name: + type: string + sha1Sum: + description: SHA1 checksum of the file. + type: string + sourceUrl: + description: Source URL. + type: string + required: + - name + - sourceUrl + type: object + type: array + zip: + description: Zip File. + properties: + filesCount: + description: files count. + type: integer + sourceUrl: + description: Source URL. + type: string + required: + - sourceUrl + type: object + type: object + entrypoint: + description: The entrypoint for the application. + properties: + shell: + description: The format should be a shell command that can be + fed to bash -c. + type: string + required: + - shell + type: object + envVariables: + additionalProperties: + type: string + description: Environment variables available to the application. + type: object + handlers: + description: |- + An ordered list of URL-matching patterns that should be applied to incoming requests. + The first matching URL handles the request and other request handlers are not attempted. + items: + properties: + authFailAction: + description: 'Actions to take when the user is not logged in. + Possible values: ["AUTH_FAIL_ACTION_REDIRECT", "AUTH_FAIL_ACTION_UNAUTHORIZED"].' + type: string + login: + description: 'Methods to restrict access to a URL based on login + status. Possible values: ["LOGIN_OPTIONAL", "LOGIN_ADMIN", + "LOGIN_REQUIRED"].' + type: string + redirectHttpResponseCode: + description: '30x code to use when performing redirects for + the secure field. Possible values: ["REDIRECT_HTTP_RESPONSE_CODE_301", + "REDIRECT_HTTP_RESPONSE_CODE_302", "REDIRECT_HTTP_RESPONSE_CODE_303", + "REDIRECT_HTTP_RESPONSE_CODE_307"].' + type: string + script: + description: |- + Executes a script to handle the requests that match this URL pattern. + Only the auto value is supported for Node.js in the App Engine standard environment, for example "script:" "auto". + properties: + scriptPath: + description: Path to the script from the application root + directory. + type: string + required: + - scriptPath + type: object + securityLevel: + description: 'Security (HTTPS) enforcement for this URL. Possible + values: ["SECURE_DEFAULT", "SECURE_NEVER", "SECURE_OPTIONAL", + "SECURE_ALWAYS"].' + type: string + staticFiles: + description: Files served directly to the user for a given URL, + such as images, CSS stylesheets, or JavaScript source files. + Static file handlers describe which files in the application + directory are static files, and which URLs serve them. + properties: + applicationReadable: + description: |- + Whether files should also be uploaded as code data. By default, files declared in static file handlers are uploaded as + static data and are only served to end users; they cannot be read by the application. If enabled, uploads are charged + against both your code and static data storage resource quotas. + type: boolean + expiration: + description: |- + Time a static file served by this handler should be cached by web proxies and browsers. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example "3.5s". + type: string + httpHeaders: + additionalProperties: + type: string + description: |- + HTTP headers to use for all responses from these URLs. + An object containing a list of "key:value" value pairs.". + type: object + mimeType: + description: |- + MIME type used to serve all files served by this handler. + Defaults to file-specific MIME types, which are derived from each file's filename extension. + type: string + path: + description: Path to the static files matched by the URL + pattern, from the application root directory. The path + can refer to text matched in groupings in the URL pattern. + type: string + requireMatchingFile: + description: Whether this handler should match the request + if the file referenced by the handler does not exist. + type: boolean + uploadPathRegex: + description: Regular expression that matches the file paths + for all files that should be referenced by this handler. + type: string + type: object + urlRegex: + description: |- + URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings. + All URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path. + type: string + type: object + type: array + inboundServices: + description: 'A list of the types of messages that this application + is able to receive. Possible values: ["INBOUND_SERVICE_MAIL", "INBOUND_SERVICE_MAIL_BOUNCE", + "INBOUND_SERVICE_XMPP_ERROR", "INBOUND_SERVICE_XMPP_MESSAGE", "INBOUND_SERVICE_XMPP_SUBSCRIBE", + "INBOUND_SERVICE_XMPP_PRESENCE", "INBOUND_SERVICE_CHANNEL_PRESENCE", + "INBOUND_SERVICE_WARMUP"].' + items: + type: string + type: array + instanceClass: + description: |- + Instance class that is used to run this version. Valid values are + AutomaticScaling: F1, F2, F4, F4_1G + BasicScaling or ManualScaling: B1, B2, B4, B4_1G, B8 + Defaults to F1 for AutomaticScaling and B2 for ManualScaling and BasicScaling. If no scaling is specified, AutomaticScaling is chosen. + type: string + libraries: + description: Configuration for third-party Python runtime libraries + that are required by the application. + items: + properties: + name: + description: Name of the library. Example "django". + type: string + version: + description: Version of the library to select, or "latest". + type: string + type: object + type: array + manualScaling: + description: A service with manual scaling runs continuously, allowing + you to perform complex initialization and rely on the state of its + memory over time. + properties: + instances: + description: |- + Number of instances to assign to the service at the start. + + **Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2 + Modules API set_num_instances() you must use 'lifecycle.ignore_changes = ["manual_scaling"[0].instances]' to prevent drift detection. + type: integer + required: + - instances + type: object + noopOnDestroy: + description: If set to 'true', the application version will not be + deleted. + type: boolean + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The versionId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + runtime: + description: Desired runtime. Example python27. + type: string + runtimeApiVersion: + description: |- + The version of the API in the given runtime environment. + Please see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard//config/appref'\ + Substitute '' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'. + type: string + serviceAccount: + description: The identity that the deployed version will run as. Admin + API will use the App Engine Appspot service account as default if + this field is neither provided in app.yaml file nor through CLI + flag. + type: string + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AppEngineService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + threadsafe: + description: Whether multiple requests can be dispatched to this version + at once. + type: boolean + vpcAccessConnector: + description: Enables VPC connectivity for standard apps. + properties: + egressSetting: + description: The egress setting for the connector, controlling + what traffic is diverted through it. + type: string + name: + description: Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1. + type: string + required: + - name + type: object + required: + - deployment + - entrypoint + - runtime + - serviceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: Full path to the Version resource in the API. Example, + "v1". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: artifactregistryrepositories.artifactregistry.cnrm.cloud.google.com +spec: + group: artifactregistry.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ArtifactRegistryRepository + plural: artifactregistryrepositories + shortNames: + - gcpartifactregistryrepository + - gcpartifactregistryrepositories + singular: artifactregistryrepository + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cleanupPolicies: + description: |- + Cleanup policies for this repository. Cleanup policies indicate when + certain package versions can be automatically deleted. + Map keys are policy IDs supplied by users during policy creation. They must + unique within a repository and be under 128 characters in length. + items: + properties: + action: + description: 'Policy action. Possible values: ["DELETE", "KEEP"].' + type: string + condition: + description: Policy condition for matching versions. + properties: + newerThan: + description: Match versions newer than a duration. + type: string + olderThan: + description: Match versions older than a duration. + type: string + packageNamePrefixes: + description: Match versions by package prefix. Applied on + any prefix match. + items: + type: string + type: array + tagPrefixes: + description: Match versions by tag prefix. Applied on any + prefix match. + items: + type: string + type: array + tagState: + description: 'Match versions by tag status. Default value: + "ANY" Possible values: ["TAGGED", "UNTAGGED", "ANY"].' + type: string + versionNamePrefixes: + description: Match versions by version name prefix. Applied + on any prefix match. + items: + type: string + type: array + type: object + id: + type: string + mostRecentVersions: + description: |- + Policy condition for retaining a minimum number of versions. May only be + specified with a Keep action. + properties: + keepCount: + description: Minimum number of versions to keep. + type: integer + packageNamePrefixes: + description: Match versions by package prefix. Applied on + any prefix match. + items: + type: string + type: array + type: object + required: + - id + type: object + type: array + cleanupPolicyDryRun: + description: |- + If true, the cleanup pipeline is prevented from deleting versions in this + repository. + type: boolean + description: + description: The user-provided description of the repository. + type: string + dockerConfig: + description: Docker repository config contains repository level configuration + for the repositories of docker type. + properties: + immutableTags: + description: The repository which enabled this flag prevents all + tags from being modified, moved or deleted. This does not prevent + tags from being created. + type: boolean + type: object + format: + description: |- + Immutable. The format of packages that are stored in the repository. Supported formats + can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). + You can only create alpha formats if you are a member of the + [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). + type: string + kmsKeyRef: + description: |- + The customer managed encryption key that’s used to encrypt the + contents of the Repository. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Immutable. The name of the location this repository is + located in. + type: string + mavenConfig: + description: |- + MavenRepositoryConfig is maven related repository details. + Provides additional configuration details for repositories of the maven + format type. + properties: + allowSnapshotOverwrites: + description: |- + Immutable. The repository with this flag will allow publishing the same + snapshot versions. + type: boolean + versionPolicy: + description: 'Immutable. Version policy defines the versions that + the registry will accept. Default value: "VERSION_POLICY_UNSPECIFIED" + Possible values: ["VERSION_POLICY_UNSPECIFIED", "RELEASE", "SNAPSHOT"].' + type: string + type: object + mode: + description: 'Immutable. The mode configures the repository to serve + artifacts from different sources. Default value: "STANDARD_REPOSITORY" + Possible values: ["STANDARD_REPOSITORY", "VIRTUAL_REPOSITORY", "REMOTE_REPOSITORY"].' + type: string + remoteRepositoryConfig: + description: Immutable. Configuration specific for a Remote Repository. + properties: + description: + description: Immutable. The description of the remote source. + type: string + dockerRepository: + description: Immutable. Specific settings for a Docker remote + repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "DOCKER_HUB" Possible values: ["DOCKER_HUB"].' + type: string + type: object + mavenRepository: + description: Immutable. Specific settings for a Maven remote repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "MAVEN_CENTRAL" Possible values: ["MAVEN_CENTRAL"].' + type: string + type: object + npmRepository: + description: Immutable. Specific settings for an Npm remote repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "NPMJS" Possible values: ["NPMJS"].' + type: string + type: object + pythonRepository: + description: Immutable. Specific settings for a Python remote + repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "PYPI" Possible values: ["PYPI"].' + type: string + type: object + type: object + resourceID: + description: Immutable. Optional. The repositoryId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + virtualRepositoryConfig: + description: Configuration specific for a Virtual Repository. + properties: + upstreamPolicies: + description: |- + Policies that configure the upstream artifacts distributed by the Virtual + Repository. Upstream policies cannot be set on a standard repository. + items: + properties: + id: + description: The user-provided ID of the upstream policy. + type: string + priority: + description: Entries with a greater priority value take + precedence in the pull order. + type: integer + repositoryRef: + description: |- + A reference to the repository resource, for example: + "projects/p1/locations/us-central1/repositories/repo1". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/repositories/{{value}}`, + where {{value}} is the `name` field of an `ArtifactRegistryRepository` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object + required: + - format + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the repository was created. + type: string + name: + description: |- + The name of the repository, for example: + "repo1". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: The time when the repository was last updated. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: beyondcorpappconnections.beyondcorp.cnrm.cloud.google.com +spec: + group: beyondcorp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BeyondCorpAppConnection + plural: beyondcorpappconnections + shortNames: + - gcpbeyondcorpappconnection + - gcpbeyondcorpappconnections + singular: beyondcorpappconnection + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + applicationEndpoint: + description: Address of the remote application endpoint for the BeyondCorp + AppConnection. + properties: + host: + description: Hostname or IP address of the remote application + endpoint. + type: string + port: + description: Port of the remote application endpoint. + type: integer + required: + - host + - port + type: object + connectors: + description: List of AppConnectors that are authorised to be associated + with this AppConnection. + items: + type: string + type: array + displayName: + description: An arbitrary user-provided name for the AppConnection. + type: string + gateway: + description: Gateway used by the AppConnection. + properties: + appGateway: + description: 'AppGateway name in following format: projects/{project_id}/locations/{locationId}/appgateways/{gateway_id}.' + type: string + ingressPort: + description: Ingress port reserved on the gateways for this AppConnection, + if not specified or zero, the default port is 19443. + type: integer + type: + description: |- + The type of hosting used by the gateway. Refer to + https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#Type_1 + for a list of possible values. + type: string + uri: + description: Server-defined URI for this resource. + type: string + required: + - appGateway + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the AppConnection. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The type of network connectivity used by the AppConnection. Refer to + https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#type + for a list of possible values. + type: string + required: + - applicationEndpoint + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: beyondcorpappconnectors.beyondcorp.cnrm.cloud.google.com +spec: + group: beyondcorp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BeyondCorpAppConnector + plural: beyondcorpappconnectors + shortNames: + - gcpbeyondcorpappconnector + - gcpbeyondcorpappconnectors + singular: beyondcorpappconnector + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: An arbitrary user-provided name for the AppConnector. + type: string + principalInfo: + description: Principal information about the Identity of the AppConnector. + properties: + serviceAccount: + description: ServiceAccount represents a GCP service account. + properties: + email: + description: Email address of the service account. + type: string + required: + - email + type: object + required: + - serviceAccount + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the AppConnector. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - principalInfo + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: Represents the different states of a AppConnector. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: beyondcorpappgateways.beyondcorp.cnrm.cloud.google.com +spec: + group: beyondcorp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BeyondCorpAppGateway + plural: beyondcorpappgateways + shortNames: + - gcpbeyondcorpappgateway + - gcpbeyondcorpappgateways + singular: beyondcorpappgateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Immutable. An arbitrary user-provided name for the AppGateway. + type: string + hostType: + description: 'Immutable. The type of hosting used by the AppGateway. + Default value: "HOST_TYPE_UNSPECIFIED" Possible values: ["HOST_TYPE_UNSPECIFIED", + "GCP_REGIONAL_MIG"].' + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the AppGateway. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. The type of network connectivity used by + the AppGateway. Default value: "TYPE_UNSPECIFIED" Possible values: + ["TYPE_UNSPECIFIED", "TCP_PROXY"].' + type: string + required: + - projectRef + - region + type: object + status: + properties: + allocatedConnections: + description: A list of connections allocated for the Gateway. + items: + properties: + ingressPort: + description: The ingress port of an allocated connection. + type: integer + pscUri: + description: The PSC uri of an allocated connection. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: Represents the different states of a AppGateway. + type: string + uri: + description: Server-defined URI for this resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + name: bigqueryanalyticshubdataexchanges.bigqueryanalyticshub.cnrm.cloud.google.com +spec: + group: bigqueryanalyticshub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryAnalyticsHubDataExchange + listKind: BigQueryAnalyticsHubDataExchangeList + plural: bigqueryanalyticshubdataexchanges + shortNames: + - gcpbigqueryanalyticshubdataexchange + - gcpbigqueryanalyticshubdataexchanges + singular: bigqueryanalyticshubdataexchange + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: BigQueryAnalyticsHubDataExchange is the Schema for the BigQueryAnalyticsHubDataExchange + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BigQueryAnalyticsHubDataExchangeSpec defines the desired + state of BigQueryAnalyticsHubDataExchange + properties: + description: + description: 'Optional. Description of the data exchange. The description + must not contain Unicode non-characters as well as C0 and C1 control + codes except tabs (HT), new lines (LF), carriage returns (CR), and + page breaks (FF). Default value is an empty string. Max length: + 2000 bytes.' + type: string + discoveryType: + description: Optional. Type of discovery on the discovery page for + all the listings under this exchange. Updating this field also updates + (overwrites) the discovery_type field for all the listings under + this exchange. + type: string + displayName: + description: 'Required. Human-readable display name of the data exchange. + The display name must contain only Unicode letters, numbers (0-9), + underscores (_), dashes (-), spaces ( ), ampersands (&) and must + not start or end with spaces. Default value is an empty string. + Max length: 63 bytes.' + type: string + documentation: + description: Optional. Documentation describing the data exchange. + type: string + location: + description: Immutable. The name of the location this data exchange. + type: string + primaryContact: + description: 'Optional. Email or URL of the primary point of contact + of the data exchange. Max Length: 1000 bytes.' + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: Immutable. The BigQueryAnalyticsHubDataExchange name. + If not given, the metadata.name will be used. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + required: + - location + - projectRef + type: object + status: + description: BigQueryAnalyticsHubDataExchangeStatus defines the config + connector machine state of BigQueryAnalyticsHubDataExchange + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the BigQueryAnalyticsHubDataExchange + resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + listingCount: + description: Number of listings contained in the data exchange. + format: int64 + type: integer + type: object + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: BigQueryAnalyticsHubDataExchange is the Schema for the BigQueryAnalyticsHubDataExchange + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BigQueryAnalyticsHubDataExchangeSpec defines the desired + state of BigQueryAnalyticsHubDataExchange + properties: + description: + description: 'Optional. Description of the data exchange. The description + must not contain Unicode non-characters as well as C0 and C1 control + codes except tabs (HT), new lines (LF), carriage returns (CR), and + page breaks (FF). Default value is an empty string. Max length: + 2000 bytes.' + type: string + discoveryType: + description: Optional. Type of discovery on the discovery page for + all the listings under this exchange. Updating this field also updates + (overwrites) the discovery_type field for all the listings under + this exchange. + type: string + displayName: + description: 'Required. Human-readable display name of the data exchange. + The display name must contain only Unicode letters, numbers (0-9), + underscores (_), dashes (-), spaces ( ), ampersands (&) and must + not start or end with spaces. Default value is an empty string. + Max length: 63 bytes.' + type: string + documentation: + description: Optional. Documentation describing the data exchange. + type: string + location: + description: Immutable. The name of the location this data exchange. + type: string + primaryContact: + description: 'Optional. Email or URL of the primary point of contact + of the data exchange. Max Length: 1000 bytes.' + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: Immutable. The BigQueryAnalyticsHubDataExchange name. + If not given, the metadata.name will be used. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + required: + - location + - projectRef + type: object + status: + description: BigQueryAnalyticsHubDataExchangeStatus defines the config + connector machine state of BigQueryAnalyticsHubDataExchange + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the BigQueryAnalyticsHubDataExchange + resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + listingCount: + description: Number of listings contained in the data exchange. + format: int64 + type: integer + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: bigqueryanalyticshublistings.bigqueryanalyticshub.cnrm.cloud.google.com +spec: + group: bigqueryanalyticshub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryAnalyticsHubListing + listKind: BigQueryAnalyticsHubListingList + plural: bigqueryanalyticshublistings + singular: bigqueryanalyticshublisting + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: BigQueryAnalyticsHubListing is the Schema for the BigQueryAnalyticsHubListing + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BigQueryAnalyticsHubListingSpec defines the desired state + of BigQueryAnalyticsHubDataExchangeListing + properties: + categories: + description: Optional. Categories of the listing. Up to two categories + are allowed. + items: + type: string + type: array + dataExchangeRef: + description: BigQueryAnalyticsHubDataExchangeRef defines the resource + reference to BigQueryAnalyticsHubDataExchange, which "External" + field holds the GCP identifier for the KRM object. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed BigQueryAnalyticsHubDataExchange + resource. Should be in the format "projects//locations//dataexchanges/". + type: string + name: + description: The name of a BigQueryAnalyticsHubDataExchange resource. + type: string + namespace: + description: The namespace of a BigQueryAnalyticsHubDataExchange + resource. + type: string + type: object + dataProvider: + description: Optional. Details of the data provider who owns the source + data. + properties: + name: + description: Optional. Name of the data provider. + type: string + primaryContact: + description: 'Optional. Email or URL of the data provider. Max + Length: 1000 bytes.' + type: string + type: object + description: + description: 'Optional. Short description of the listing. The description + must contain only Unicode characters or tabs (HT), new lines (LF), + carriage returns (CR), and page breaks (FF). Default value is an + empty string. Max length: 2000 bytes.' + type: string + discoveryType: + description: Optional. Type of discovery of the listing on the discovery + page. + type: string + displayName: + description: 'Required. Human-readable display name of the listing. + The display name must contain only Unicode letters, numbers (0-9), + underscores (_), dashes (-), spaces ( ), ampersands (&) and can''t + start or end with spaces. Default value is an empty string. Max + length: 63 bytes.' + type: string + documentation: + description: Optional. Documentation describing the listing. + type: string + location: + description: Immutable. The name of the location this data exchange. + type: string + primaryContact: + description: 'Optional. Email or URL of the primary point of contact + of the listing. Max Length: 1000 bytes.' + type: string + projectRef: + description: The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + publisher: + description: Optional. Details of the publisher who owns the listing + and who can share the source data. + properties: + name: + description: Optional. Name of the listing publisher. + type: string + primaryContact: + description: 'Optional. Email or URL of the listing publisher. + Max Length: 1000 bytes.' + type: string + type: object + requestAccess: + description: 'Optional. Email or URL of the request access of the + listing. Subscribers can use this reference to request access. Max + Length: 1000 bytes.' + type: string + resourceID: + description: Immutable. The BigQueryAnalyticsHubDataExchangeListing + name. If not given, the metadata.name will be used. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + source: + properties: + bigQueryDatasetSource: + description: One of the following fields must be set. + properties: + datasetRef: + description: Resource name of the dataset source for this + listing. e.g. `projects/myproject/datasets/123` + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: If provided must be in the format `projects/[project_id]/datasets/[dataset_id]`. + type: string + name: + description: The `metadata.name` field of a `BigQueryDataset` + resource. + type: string + namespace: + description: The `metadata.namespace` field of a `BigQueryDataset` + resource. + type: string + type: object + restrictedExportPolicy: + description: Optional. If set, restricted export policy will + be propagated and enforced on the linked dataset. + properties: + enabled: + description: Optional. If true, enable restricted export. + type: boolean + restrictDirectTableAccess: + description: Optional. If true, restrict direct table + access (read api/tabledata.list) on linked table. + type: boolean + restrictQueryResult: + description: Optional. If true, restrict export of query + result derived from restricted linked dataset table. + type: boolean + type: object + selectedResources: + description: Optional. Resources in this dataset that are + selectively shared. If this field is empty, then the entire + dataset (all resources) are shared. This field is only valid + for data clean room exchanges. + items: + properties: + table: + description: 'Optional. A reference to a BigQueryTable. + Format: `projects/{projectId}/datasets/{datasetId}/tables/{tableId}` + Example:"projects/test_project/datasets/test_dataset/tables/test_table"' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: If provided must be in the format `projects/{projectId}/datasets/{datasetId}/tables/{tableId}`. + type: string + name: + description: The `metadata.name` field of a `BigQueryTable` + resource. + type: string + namespace: + description: The `metadata.namespace` field of a + `BigQueryTable` resource. + type: string + type: object + type: object + type: array + required: + - datasetRef + type: object + type: object + required: + - dataExchangeRef + - displayName + - location + - projectRef + - source + type: object + status: + description: BigQueryAnalyticsHubListingStatus defines the config connector + machine state of BigQueryAnalyticsHubDataExchangeListing + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the BigQueryAnalyticsHubDataExchangeListing + resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + state: + description: Output only. Current state of the listing. + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: bigqueryconnectionconnections.bigqueryconnection.cnrm.cloud.google.com +spec: + group: bigqueryconnection.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryConnectionConnection + listKind: BigQueryConnectionConnectionList + plural: bigqueryconnectionconnections + shortNames: + - gcpbigqueryconnectionconnection + - gcpbigqueryconnectionconnections + singular: bigqueryconnectionconnection + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: BigQueryConnectionConnection is the Schema for the BigQueryConnectionConnection + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BigQueryConnectionConnectionSpec defines the desired state + to connect BigQuery to external resources + properties: + aws: + description: Amazon Web Services (AWS) properties. + properties: + accessRole: + description: Authentication using Google owned service account + to assume into customer's AWS IAM Role. + properties: + iamRoleID: + description: The user’s AWS IAM Role that trusts the Google-owned + AWS IAM user Connection. + type: string + required: + - iamRoleID + type: object + required: + - accessRole + type: object + azure: + description: Azure properties. + properties: + customerTenantID: + description: The id of customer's directory that host the data. + type: string + federatedApplicationClientID: + description: The client ID of the user's Azure Active Directory + Application used for a federated connection. + type: string + required: + - customerTenantID + type: object + cloudResource: + description: Use Cloud Resource properties. + type: object + cloudSQL: + description: Cloud SQL properties. + properties: + credential: + description: Cloud SQL credential. + properties: + secretRef: + description: The Kubernetes Secret object that stores the + "username" and "password" information. The Secret type has + to be `kubernetes.io/basic-auth`. + properties: + name: + description: The `metadata.name` field of a Kubernetes + `Secret` + type: string + namespace: + description: The `metadata.namespace` field of a Kubernetes + `Secret`. + type: string + required: + - name + type: object + type: object + databaseRef: + description: Reference to the SQL Database. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The SQL Database name, when not managed by Config + Connector. + type: string + name: + description: The `name` field of a `SQLDatabase` resource. + type: string + namespace: + description: The `namespace` field of a `SQLDatabase` resource. + type: string + type: object + instanceRef: + description: Reference to the Cloud SQL instance ID. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The SQLInstance selfLink, when not managed by + Config Connector. + type: string + name: + description: The `name` field of a `SQLInstance` resource. + type: string + namespace: + description: The `namespace` field of a `SQLInstance` resource. + type: string + type: object + type: + description: Type of the Cloud SQL database. + type: string + required: + - credential + - databaseRef + - instanceRef + - type + type: object + cloudSpanner: + description: Cloud Spanner properties. + properties: + databaseRef: + description: Reference to a spanner database ID. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The Spanner Database selfLink, when not managed + by Config Connector. + type: string + name: + description: The `name` field of a `SpannerDatabase` resource. + type: string + namespace: + description: The `namespace` field of a `SpannerDatabase` + resource. + type: string + type: object + databaseRole: + description: |- + Optional. Cloud Spanner database role for fine-grained access control. + The Cloud Spanner admin should have provisioned the database role with + appropriate permissions, such as `SELECT` and `INSERT`. Other users should + only use roles provided by their Cloud Spanner admins. + + For more details, see [About fine-grained access control] + (https://cloud.google.com/spanner/docs/fgac-about). + + REQUIRES: The database role name must start with a letter, and can only + contain letters, numbers, and underscores. + type: string + maxParallelism: + description: |- + Allows setting max parallelism per query when executing on Spanner + independent compute resources. If unspecified, default values of + parallelism are chosen that are dependent on the Cloud Spanner instance + configuration. + + REQUIRES: `use_parallelism` must be set. + REQUIRES: Either `use_data_boost` or `use_serverless_analytics` must be + set. + format: int32 + type: integer + useDataBoost: + description: |- + If set, the request will be executed via Spanner independent compute + resources. + REQUIRES: `use_parallelism` must be set. + + NOTE: `use_serverless_analytics` will be deprecated. Prefer + `use_data_boost` over `use_serverless_analytics`. + type: boolean + useParallelism: + description: If parallelism should be used when reading from Cloud + Spanner + type: boolean + useServerlessAnalytics: + description: 'If the serverless analytics service should be used + to read data from Cloud Spanner. Note: `use_parallelism` must + be set when using serverless analytics.' + type: boolean + required: + - databaseRef + type: object + description: + description: User provided description. + type: string + friendlyName: + description: User provided display name for the connection. + type: string + location: + description: Immutable. + type: string + x-kubernetes-validations: + - message: Location field is immutable + rule: self == oldSelf + projectRef: + description: The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: 'Immutable. Optional. The BigQuery Connection ID used + for resource creation or acquisition. For creation: If specified, + this value is used as the connection ID. If not provided, a UUID + will be generated and assigned as the connection ID. For acquisition: + This field must be provided to identify the connection resource + to acquire.' + type: string + spark: + description: Spark properties. + properties: + metastoreService: + description: Optional. Dataproc Metastore Service configuration + for the connection. + properties: + metastoreServiceRef: + description: |- + Optional. Resource name of an existing Dataproc Metastore service. + + Example: + + * `projects/[project_id]/locations/[region]/services/[service_id]` + properties: + external: + description: The self-link of an existing Dataproc Metastore + service , when not managed by Config Connector. + type: string + required: + - external + type: object + type: object + sparkHistoryServer: + description: Optional. Spark History Server configuration for + the connection. + properties: + dataprocClusterRef: + description: |- + Optional. Resource name of an existing Dataproc Cluster to act as a Spark + History Server for the connection. + + Example: + + * `projects/[project_id]/regions/[region]/clusters/[cluster_name]` + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The self-link of an existing Dataproc Cluster + to act as a Spark History Server for the connection + , when not managed by Config Connector. + type: string + name: + description: The `name` field of a Dataproc Cluster. + type: string + namespace: + description: The `namespace` field of a Dataproc Cluster. + type: string + type: object + type: object + type: object + required: + - location + - projectRef + type: object + status: + description: BigQueryConnectionConnectionStatus defines the config connector + machine state of BigQueryConnectionConnection + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the BigQueryConnectionConnection + resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + aws: + properties: + accessRole: + properties: + identity: + description: A unique Google-owned and Google-generated + identity for the Connection. This identity will be used + to access the user's AWS IAM Role. + type: string + type: object + type: object + azure: + properties: + application: + description: The name of the Azure Active Directory Application. + type: string + clientID: + description: The client id of the Azure Active Directory Application. + type: string + identity: + description: A unique Google-owned and Google-generated identity + for the Connection. This identity will be used to access + the user's Azure Active Directory Application. + type: string + objectID: + description: The object id of the Azure Active Directory Application. + type: string + redirectUri: + description: The URL user will be redirected to after granting + consent during connection setup. + type: string + type: object + cloudResource: + properties: + serviceAccountID: + description: |2- + The account ID of the service created for the purpose of this + connection. + + The service account does not have any permissions associated with it + when it is created. After creation, customers delegate permissions + to the service account. When the connection is used in the context of an + operation in BigQuery, the service account will be used to connect to the + desired resources in GCP. + + The account ID is in the form of: + @gcp-sa-bigquery-cloudresource.iam.gserviceaccount.com + type: string + type: object + cloudSQL: + properties: + serviceAccountID: + description: |- + The account ID of the service used for the purpose of this connection. + + When the connection is used in the context of an operation in + BigQuery, this service account will serve as the identity being used for + connecting to the CloudSQL instance specified in this connection. + type: string + type: object + description: + description: The description for the connection. + type: string + friendlyName: + description: The display name for the connection. + type: string + hasCredential: + description: Output only. True, if credential is configured for + this connection. + type: boolean + spark: + properties: + serviceAccountID: + description: |2- + The account ID of the service created for the purpose of this + connection. + + The service account does not have any permissions associated with it when + it is created. After creation, customers delegate permissions to the + service account. When the connection is used in the context of a stored + procedure for Apache Spark in BigQuery, the service account is used to + connect to the desired resources in Google Cloud. + + The account ID is in the form of: + bqcx--@gcp-sa-bigquery-consp.iam.gserviceaccount.com + type: string + type: object + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: BigQueryConnectionConnection is the Schema for the BigQueryConnectionConnection + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BigQueryConnectionConnectionSpec defines the desired state + to connect BigQuery to external resources + properties: + aws: + description: Amazon Web Services (AWS) properties. + properties: + accessRole: + description: Authentication using Google owned service account + to assume into customer's AWS IAM Role. + properties: + iamRoleID: + description: The user’s AWS IAM Role that trusts the Google-owned + AWS IAM user Connection. + type: string + required: + - iamRoleID + type: object + required: + - accessRole + type: object + azure: + description: Azure properties. + properties: + customerTenantID: + description: The id of customer's directory that host the data. + type: string + federatedApplicationClientID: + description: The client ID of the user's Azure Active Directory + Application used for a federated connection. + type: string + required: + - customerTenantID + type: object + cloudResource: + description: Use Cloud Resource properties. + type: object + cloudSQL: + description: Cloud SQL properties. + properties: + credential: + description: Cloud SQL credential. + properties: + secretRef: + description: The Kubernetes Secret object that stores the + "username" and "password" information. The Secret type has + to be `kubernetes.io/basic-auth`. + properties: + name: + description: The `metadata.name` field of a Kubernetes + `Secret` + type: string + namespace: + description: The `metadata.namespace` field of a Kubernetes + `Secret`. + type: string + required: + - name + type: object + type: object + databaseRef: + description: Reference to the SQL Database. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The SQL Database name, when not managed by Config + Connector. + type: string + name: + description: The `name` field of a `SQLDatabase` resource. + type: string + namespace: + description: The `namespace` field of a `SQLDatabase` resource. + type: string + type: object + instanceRef: + description: Reference to the Cloud SQL instance ID. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The SQLInstance selfLink, when not managed by + Config Connector. + type: string + name: + description: The `name` field of a `SQLInstance` resource. + type: string + namespace: + description: The `namespace` field of a `SQLInstance` resource. + type: string + type: object + type: + description: Type of the Cloud SQL database. + type: string + required: + - credential + - databaseRef + - instanceRef + - type + type: object + cloudSpanner: + description: Cloud Spanner properties. + properties: + databaseRef: + description: Reference to a spanner database ID. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The Spanner Database selfLink, when not managed + by Config Connector. + type: string + name: + description: The `name` field of a `SpannerDatabase` resource. + type: string + namespace: + description: The `namespace` field of a `SpannerDatabase` + resource. + type: string + type: object + databaseRole: + description: |- + Optional. Cloud Spanner database role for fine-grained access control. + The Cloud Spanner admin should have provisioned the database role with + appropriate permissions, such as `SELECT` and `INSERT`. Other users should + only use roles provided by their Cloud Spanner admins. + + For more details, see [About fine-grained access control] + (https://cloud.google.com/spanner/docs/fgac-about). + + REQUIRES: The database role name must start with a letter, and can only + contain letters, numbers, and underscores. + type: string + maxParallelism: + description: |- + Allows setting max parallelism per query when executing on Spanner + independent compute resources. If unspecified, default values of + parallelism are chosen that are dependent on the Cloud Spanner instance + configuration. + + REQUIRES: `use_parallelism` must be set. + REQUIRES: Either `use_data_boost` or `use_serverless_analytics` must be + set. + format: int32 + type: integer + useDataBoost: + description: |- + If set, the request will be executed via Spanner independent compute + resources. + REQUIRES: `use_parallelism` must be set. + + NOTE: `use_serverless_analytics` will be deprecated. Prefer + `use_data_boost` over `use_serverless_analytics`. + type: boolean + useParallelism: + description: If parallelism should be used when reading from Cloud + Spanner + type: boolean + useServerlessAnalytics: + description: 'If the serverless analytics service should be used + to read data from Cloud Spanner. Note: `use_parallelism` must + be set when using serverless analytics.' + type: boolean + required: + - databaseRef + type: object + description: + description: User provided description. + type: string + friendlyName: + description: User provided display name for the connection. + type: string + location: + description: Immutable. + type: string + x-kubernetes-validations: + - message: Location field is immutable + rule: self == oldSelf + projectRef: + description: The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: 'Immutable. Optional. The BigQuery Connection ID used + for resource creation or acquisition. For creation: If specified, + this value is used as the connection ID. If not provided, a UUID + will be generated and assigned as the connection ID. For acquisition: + This field must be provided to identify the connection resource + to acquire.' + type: string + spark: + description: Spark properties. + properties: + metastoreService: + description: Optional. Dataproc Metastore Service configuration + for the connection. + properties: + metastoreServiceRef: + description: |- + Optional. Resource name of an existing Dataproc Metastore service. + + Example: + + * `projects/[project_id]/locations/[region]/services/[service_id]` + properties: + external: + description: The self-link of an existing Dataproc Metastore + service , when not managed by Config Connector. + type: string + required: + - external + type: object + type: object + sparkHistoryServer: + description: Optional. Spark History Server configuration for + the connection. + properties: + dataprocClusterRef: + description: |- + Optional. Resource name of an existing Dataproc Cluster to act as a Spark + History Server for the connection. + + Example: + + * `projects/[project_id]/regions/[region]/clusters/[cluster_name]` + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The self-link of an existing Dataproc Cluster + to act as a Spark History Server for the connection + , when not managed by Config Connector. + type: string + name: + description: The `name` field of a Dataproc Cluster. + type: string + namespace: + description: The `namespace` field of a Dataproc Cluster. + type: string + type: object + type: object + type: object + required: + - location + - projectRef + type: object + status: + description: BigQueryConnectionConnectionStatus defines the config connector + machine state of BigQueryConnectionConnection + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the BigQueryConnectionConnection + resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + aws: + properties: + accessRole: + properties: + identity: + description: A unique Google-owned and Google-generated + identity for the Connection. This identity will be used + to access the user's AWS IAM Role. + type: string + type: object + type: object + azure: + properties: + application: + description: The name of the Azure Active Directory Application. + type: string + clientID: + description: The client id of the Azure Active Directory Application. + type: string + identity: + description: A unique Google-owned and Google-generated identity + for the Connection. This identity will be used to access + the user's Azure Active Directory Application. + type: string + objectID: + description: The object id of the Azure Active Directory Application. + type: string + redirectUri: + description: The URL user will be redirected to after granting + consent during connection setup. + type: string + type: object + cloudResource: + properties: + serviceAccountID: + description: |2- + The account ID of the service created for the purpose of this + connection. + + The service account does not have any permissions associated with it + when it is created. After creation, customers delegate permissions + to the service account. When the connection is used in the context of an + operation in BigQuery, the service account will be used to connect to the + desired resources in GCP. + + The account ID is in the form of: + @gcp-sa-bigquery-cloudresource.iam.gserviceaccount.com + type: string + type: object + cloudSQL: + properties: + serviceAccountID: + description: |- + The account ID of the service used for the purpose of this connection. + + When the connection is used in the context of an operation in + BigQuery, this service account will serve as the identity being used for + connecting to the CloudSQL instance specified in this connection. + type: string + type: object + description: + description: The description for the connection. + type: string + friendlyName: + description: The display name for the connection. + type: string + hasCredential: + description: Output only. True, if credential is configured for + this connection. + type: boolean + spark: + properties: + serviceAccountID: + description: |2- + The account ID of the service created for the purpose of this + connection. + + The service account does not have any permissions associated with it when + it is created. After creation, customers delegate permissions to the + service account. When the connection is used in the context of a stored + procedure for Apache Spark in BigQuery, the service account is used to + connect to the desired resources in Google Cloud. + + The account ID is in the form of: + bqcx--@gcp-sa-bigquery-consp.iam.gserviceaccount.com + type: string + type: object + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigquerydatapolicydatapolicies.bigquerydatapolicy.cnrm.cloud.google.com +spec: + group: bigquerydatapolicy.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryDataPolicyDataPolicy + plural: bigquerydatapolicydatapolicies + shortNames: + - gcpbigquerydatapolicydatapolicy + - gcpbigquerydatapolicydatapolicies + singular: bigquerydatapolicydatapolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataMaskingPolicy: + description: The data masking policy that specifies the data masking + rule to use. + properties: + predefinedExpression: + description: 'The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options. + Possible values: ["SHA256", "ALWAYS_NULL", "DEFAULT_MASKING_VALUE", + "LAST_FOUR_CHARACTERS", "FIRST_FOUR_CHARACTERS", "EMAIL_MASK", + "DATE_YEAR_MASK"].' + type: string + required: + - predefinedExpression + type: object + dataPolicyType: + description: 'The enrollment level of the service. Possible values: + ["COLUMN_LEVEL_SECURITY_POLICY", "DATA_MASKING_POLICY"].' + type: string + location: + description: Immutable. The name of the location of the data policy. + type: string + policyTag: + description: Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The dataPolicyId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - dataPolicyType + - location + - policyTag + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: Resource name of this data policy, in the format of projects/{project_number}/locations/{locationId}/dataPolicies/{dataPolicyId}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigquerydatasetaccesses.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryDatasetAccess + plural: bigquerydatasetaccesses + shortNames: + - gcpbigquerydatasetaccess + - gcpbigquerydatasetaccesses + singular: bigquerydatasetaccess + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataset: + description: Immutable. Grants all resources of particular types in + a particular dataset read access to the current dataset. + properties: + dataset: + description: Immutable. The dataset this entry applies to. + properties: + datasetId: + description: Immutable. The ID of the dataset containing this + table. + type: string + projectId: + description: Immutable. The ID of the project containing this + table. + type: string + required: + - datasetId + - projectId + type: object + targetTypes: + description: |- + Immutable. Which resources in the dataset this entry applies to. Currently, only views are supported, + but additional target types may be added in the future. Possible values: VIEWS. + items: + type: string + type: array + required: + - dataset + - targetTypes + type: object + datasetId: + description: |- + Immutable. A unique ID for this dataset, without the project name. The ID + must contain only letters (a-z, A-Z), numbers (0-9), or + underscores (_). The maximum length is 1,024 characters. + type: string + domain: + description: |- + Immutable. A domain to grant access to. Any users signed in with the + domain specified will be granted the specified access. + type: string + groupByEmail: + description: Immutable. An email address of a Google Group to grant + access to. + type: string + iamMember: + description: |- + Immutable. Some other type of member that appears in the IAM Policy but isn't a user, + group, domain, or special group. For example: 'allUsers'. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The routine of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + role: + description: |- + Immutable. Describes the rights granted to the user specified by the other + member of the access object. Basic, predefined, and custom roles are + supported. Predefined roles that have equivalent basic roles are + swapped by the API to their basic counterparts, and will show a diff + post-create. See + [official docs](https://cloud.google.com/bigquery/docs/access-control). + type: string + specialGroup: + description: |- + Immutable. A special group to grant access to. Possible values include: + + + * 'projectOwners': Owners of the enclosing project. + + + * 'projectReaders': Readers of the enclosing project. + + + * 'projectWriters': Writers of the enclosing project. + + + * 'allAuthenticatedUsers': All authenticated BigQuery users. + type: string + userByEmail: + description: |- + Immutable. An email address of a user to grant access to. For example: + fred@example.com. + type: string + view: + description: |- + Immutable. A view from a different dataset to grant access to. Queries + executed against that view will have read access to tables in + this dataset. The role field is not required when this field is + set. If that view is updated by any user, access to the view + needs to be granted again via an update operation. + properties: + datasetId: + description: Immutable. The ID of the dataset containing this + table. + type: string + projectId: + description: Immutable. The ID of the project containing this + table. + type: string + tableId: + description: |- + Immutable. The ID of the table. The ID must contain only letters (a-z, + A-Z), numbers (0-9), or underscores (_). The maximum length + is 1,024 characters. + type: string + required: + - datasetId + - projectId + - tableId + type: object + required: + - datasetId + - projectRef + type: object + status: + properties: + apiUpdatedMember: + description: If true, represents that that the iam_member in the config + was translated to a different member type by the API, and is stored + in state as a different member type. + type: boolean + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigquerydatasets.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryDataset + listKind: BigQueryDatasetList + plural: bigquerydatasets + shortNames: + - gcpbigquerydataset + - gcpbigquerydatasets + singular: bigquerydataset + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: BigQueryDataset is the Schema for the BigQueryDataset API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BigQueryDatasetSpec defines the desired state of BigQueryDataset + properties: + access: + description: An array of objects that define dataset access for one + or more entities. + items: + properties: + dataset: + description: '[Pick one] A grant authorizing all resources of + a particular type in a particular dataset access to this dataset. + Only views are supported for now. The role field is not required + when this field is set. If that dataset is deleted and re-created, + its access needs to be granted again via an update operation.' + properties: + dataset: + description: The dataset this entry applies to. + properties: + datasetId: + description: A unique Id for this dataset, without the + project name. The Id must contain only letters (a-z, + A-Z), numbers (0-9), or underscores (_). The maximum + length is 1,024 characters. + type: string + projectId: + description: The ID of the project containing this dataset. + type: string + required: + - datasetId + - projectId + type: object + targetTypes: + description: Which resources in the dataset this entry applies + to. Currently, only views are supported, but additional + target types may be added in the future. + items: + type: string + type: array + required: + - dataset + - targetTypes + type: object + domain: + description: '[Pick one] A domain to grant access to. Any users + signed in with the domain specified will be granted the specified + access. Example: "example.com". Maps to IAM policy member + "domain:DOMAIN".' + type: string + groupByEmail: + description: '[Pick one] An email address of a Google Group + to grant access to. Maps to IAM policy member "group:GROUP".' + type: string + iamMember: + description: '[Pick one] Some other type of member that appears + in the IAM Policy but isn''t a user, group, domain, or special + group.' + type: string + role: + description: |- + An IAM role ID that should be granted to the user, group, + or domain specified in this access entry. + The following legacy mappings will be applied: + + * `OWNER`: `roles/bigquery.dataOwner` + * `WRITER`: `roles/bigquery.dataEditor` + * `READER`: `roles/bigquery.dataViewer` + + This field will accept any of the above formats, but will return only + the legacy format. For example, if you set this field to + "roles/bigquery.dataOwner", it will be returned back as "OWNER". + type: string + routine: + description: '[Pick one] A routine from a different dataset + to grant access to. Queries executed against that routine + will have read access to views/tables/routines in this dataset. + Only UDF is supported for now. The role field is not required + when this field is set. If that routine is updated by any + user, access to the routine needs to be granted again via + an update operation.' + properties: + datasetId: + description: The ID of the dataset containing this routine. + type: string + projectId: + description: The ID of the project containing this routine. + type: string + routineId: + description: The Id of the routine. The Id must contain + only letters (a-z, A-Z), numbers (0-9), or underscores + (_). The maximum length is 256 characters. + type: string + required: + - datasetId + - projectId + - routineId + type: object + specialGroup: + description: |- + [Pick one] A special group to grant access to. Possible values include: + + * projectOwners: Owners of the enclosing project. + * projectReaders: Readers of the enclosing project. + * projectWriters: Writers of the enclosing project. + * allAuthenticatedUsers: All authenticated BigQuery users. + + Maps to similarly-named IAM members. + type: string + userByEmail: + description: '[Pick one] An email address of a user to grant + access to. For example: fred@example.com. Maps to IAM policy + member "user:EMAIL" or "serviceAccount:EMAIL".' + type: string + view: + description: '[Pick one] A view from a different dataset to + grant access to. Queries executed against that view will have + read access to views/tables/routines in this dataset. The + role field is not required when this field is set. If that + view is updated by any user, access to the view needs to be + granted again via an update operation.' + properties: + datasetId: + description: The ID of the dataset containing this table. + type: string + projectId: + description: The ID of the project containing this table. + type: string + tableId: + description: The Id of the table. The Id can contain Unicode + characters in category L (letter), M (mark), N (number), + Pc (connector, including underscore), Pd (dash), and Zs + (space). For more information, see [General Category](https://wikipedia.org/wiki/Unicode_character_property#General_Category). + The maximum length is 1,024 characters. Certain operations + allow suffixing of the table Id with a partition decorator, + such as `sample_table$20190123`. + type: string + required: + - datasetId + - projectId + - tableId + type: object + type: object + type: array + defaultCollation: + description: |- + Optional. Defines the default collation specification of future tables + created in the dataset. If a table is created in this dataset without + table-level default collation, then the table inherits the dataset default + collation, which is applied to the string fields that do not have explicit + collation specified. A change to this field affects only tables created + afterwards, and does not alter the existing tables. + The following values are supported: + + * 'und:ci': undetermined locale, case-insensitive. + * '': empty string. Default to case-sensitive behavior. + type: string + defaultEncryptionConfiguration: + description: The default encryption key for all tables in the dataset. + After this property is set, the encryption key of all newly-created + tables in the dataset is set to this value unless the table creation + request or query explicitly overrides the key. + properties: + kmsKeyRef: + description: Optional. Describes the Cloud KMS encryption key + that will be used to protect destination BigQuery table. The + BigQuery Service Account associated with your project requires + access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed KMSCryptoKey. + Should be in the format `projects/[kms_project_id]/locations/[region]/keyRings/[key_ring_id]/cryptoKeys/[key]`. + type: string + name: + description: The `name` of a `KMSCryptoKey` resource. + type: string + namespace: + description: The `namespace` of a `KMSCryptoKey` resource. + type: string + type: object + type: object + defaultPartitionExpirationMs: + description: |- + This default partition expiration, expressed in milliseconds. + + When new time-partitioned tables are created in a dataset where this + property is set, the table will inherit this value, propagated as the + `TimePartitioning.expirationMs` property on the new table. If you set + `TimePartitioning.expirationMs` explicitly when creating a table, + the `defaultPartitionExpirationMs` of the containing dataset is ignored. + + When creating a partitioned table, if `defaultPartitionExpirationMs` + is set, the `defaultTableExpirationMs` value is ignored and the table + will not be inherit a table expiration deadline. + format: int64 + type: integer + defaultTableExpirationMs: + description: Optional. The default lifetime of all tables in the dataset, + in milliseconds. The minimum lifetime value is 3600000 milliseconds + (one hour). To clear an existing default expiration with a PATCH + request, set to 0. Once this property is set, all newly-created + tables in the dataset will have an expirationTime property set to + the creation time plus the value in this property, and changing + the value will only affect new tables, not existing ones. When the + expirationTime for a given table is reached, that table will be + deleted automatically. If a table's expirationTime is modified or + removed before the table expires, or if you provide an explicit + expirationTime when creating a table, that value takes precedence + over the default expiration time indicated by this property. + format: int64 + type: integer + description: + description: Optional. A user-friendly description of the dataset. + type: string + friendlyName: + description: Optional. A descriptive name for the dataset. + type: string + isCaseInsensitive: + description: Optional. TRUE if the dataset and its table names are + case-insensitive, otherwise FALSE. By default, this is FALSE, which + means the dataset and its table names are case-sensitive. This field + does not affect routine references. + type: boolean + location: + description: Optional. The geographic location where the dataset should + reside. See https://cloud.google.com/bigquery/docs/locations for + supported locations. + type: string + maxTimeTravelHours: + description: Optional. Defines the time travel window in hours. The + value can be from 48 to 168 hours (2 to 7 days). The default value + is 168 hours if this is not set. + type: string + projectRef: + description: ' Optional. The project that this resource belongs to.' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: The BigQueryDataset name. If not given, the metadata.name + will be used. + type: string + storageBillingModel: + description: Optional. Updates storage_billing_model for the dataset. + type: string + type: object + status: + description: BigQueryDatasetStatus defines the config connector machine + state of BigQueryDataset + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTime: + description: Output only. The time when this dataset was created, + in milliseconds since the epoch. + format: int64 + type: integer + etag: + description: Output only. A hash of the resource. + type: string + externalRef: + description: A unique specifier for the BigQueryAnalyticsHubDataExchangeListing + resource in GCP. + type: string + lastModifiedTime: + description: Output only. The date when this dataset was last modified, + in milliseconds since the epoch. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + location: + description: Optional. If the location is not specified in the + spec, the GCP server defaults to a location and will be captured + here. + type: string + type: object + selfLink: + description: Output only. A URL that can be used to access the resource + again. You can use this URL in Get or Update requests to the resource. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: bigquerydatatransferconfigs.bigquerydatatransfer.cnrm.cloud.google.com +spec: + group: bigquerydatatransfer.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryDataTransferConfig + listKind: BigQueryDataTransferConfigList + plural: bigquerydatatransferconfigs + singular: bigquerydatatransferconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: BigQueryDataTransferConfig is the Schema for the BigQueryDataTransferConfig + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BigQueryDataTransferConfigSpec defines the desired state + of BigQueryDataTransferConfig + properties: + dataRefreshWindowDays: + description: The number of days to look back to automatically refresh + the data. For example, if `data_refresh_window_days = 10`, then + every day BigQuery reingests data for [today-10, today-1], rather + than ingesting data for just [today-1]. Only valid if the data source + supports the feature. Set the value to 0 to use the default value. + format: int32 + type: integer + dataSourceID: + description: 'Immutable. Data source ID. This cannot be changed once + data transfer is created. The full list of available data source + IDs can be returned through an API call: https://cloud.google.com/bigquery-transfer/docs/reference/datatransfer/rest/v1/projects.locations.dataSources/list' + type: string + x-kubernetes-validations: + - message: DataSourceID field is immutable + rule: self == oldSelf + datasetRef: + description: The BigQuery target dataset id. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: If provided must be in the format `projects/[project_id]/datasets/[dataset_id]`. + type: string + name: + description: The `metadata.name` field of a `BigQueryDataset` + resource. + type: string + namespace: + description: The `metadata.namespace` field of a `BigQueryDataset` + resource. + type: string + type: object + disabled: + description: Is this config disabled. When set to true, no runs will + be scheduled for this transfer config. + type: boolean + displayName: + description: User specified display name for the data transfer. + type: string + emailPreferences: + description: Email notifications will be sent according to these preferences + to the email address of the user who owns this transfer config. + properties: + enableFailureEmail: + description: If true, email notifications will be sent on transfer + run failures. + type: boolean + type: object + encryptionConfiguration: + description: The encryption configuration part. Currently, it is only + used for the optional KMS key name. The BigQuery service account + of your project must be granted permissions to use the key. Read + methods will return the key name applied in effect. Write methods + will apply the key if it is present, or otherwise try to apply project + default keys if it is absent. + properties: + kmsKeyRef: + description: The KMS key used for encrypting BigQuery data. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed KMSCryptoKey. + Should be in the format `projects/[kms_project_id]/locations/[region]/keyRings/[key_ring_id]/cryptoKeys/[key]`. + type: string + name: + description: The `name` of a `KMSCryptoKey` resource. + type: string + namespace: + description: The `namespace` of a `KMSCryptoKey` resource. + type: string + type: object + type: object + location: + description: Immutable. + type: string + x-kubernetes-validations: + - message: Location field is immutable + rule: self == oldSelf + params: + additionalProperties: + type: string + description: 'Parameters specific to each data source. For more information + see the bq tab in the ''Setting up a data transfer'' section for + each data source. For example the parameters for Cloud Storage transfers + are listed here: https://cloud.google.com/bigquery-transfer/docs/cloud-storage-transfer#bq' + type: object + projectRef: + description: The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + pubSubTopicRef: + description: Pub/Sub topic where notifications will be sent after + transfer runs associated with this transfer config finish. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: If provided must be in the format `projects/[project_id]/topics/[topic_id]`. + type: string + name: + description: The `metadata.name` field of a `PubSubTopic` resource. + type: string + namespace: + description: The `metadata.namespace` field of a `PubSubTopic` + resource. + type: string + type: object + resourceID: + description: Immutable. The BigQueryDataTransferConfig name. If not + given, the metadata.name will be used. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + schedule: + description: |- + Data transfer schedule. + If the data source does not support a custom schedule, this should be + empty. If it is empty, the default value for the data source will be used. + The specified times are in UTC. + Examples of valid format: + `1st,3rd monday of month 15:30`, + `every wed,fri of jan,jun 13:15`, and + `first sunday of quarter 00:00`. + See more explanation about the format here: + https://cloud.google.com/appengine/docs/flexible/python/scheduling-jobs-with-cron-yaml#the_schedule_format + + NOTE: The minimum interval time between recurring transfers depends on the + data source; refer to the documentation for your data source. + type: string + scheduleOptions: + description: Options customizing the data transfer schedule. + properties: + disableAutoScheduling: + description: If true, automatic scheduling of data transfer runs + for this configuration will be disabled. The runs can be started + on ad-hoc basis using StartManualTransferRuns API. When automatic + scheduling is disabled, the TransferConfig.schedule field will + be ignored. + type: boolean + endTime: + description: Defines time to stop scheduling transfer runs. A + transfer run cannot be scheduled at or after the end time. The + end time can be changed at any moment. The time when a data + transfer can be triggered manually is not limited by this option. + type: string + startTime: + description: Specifies time to start scheduling transfer runs. + The first run will be scheduled at or after the start time according + to a recurrence pattern defined in the schedule string. The + start time can be changed at any moment. The time when a data + transfer can be triggered manually is not limited by this option. + type: string + type: object + serviceAccountRef: + description: Service account email. If this field is set, the transfer + config will be created with this service account's credentials. + It requires that the requesting user calling this API has permissions + to act as this service account. Note that not all data sources support + service account credentials when creating a transfer config. For + the latest list of data sources, please refer to https://cloud.google.com/bigquery/docs/use-service-accounts. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - dataSourceID + - datasetRef + - location + - params + - projectRef + type: object + status: + description: BigQueryDataTransferConfigStatus defines the config connector + machine state of BigQueryDataTransferConfig + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the BigQueryDataTransferConfig + resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + datasetRegion: + description: Output only. Region in which BigQuery dataset is + located. + type: string + name: + description: Identifier. The resource name of the transfer config. + Transfer config names have the form either `projects/{project_id}/locations/{region}/transferConfigs/{config_id}` + or `projects/{project_id}/transferConfigs/{config_id}`, where + `config_id` is usually a UUID, even though it is not guaranteed + or required. The name is ignored when creating a transfer config. + type: string + nextRunTime: + description: Output only. Next time when data transfer will run. + type: string + ownerInfo: + description: Output only. Information about the user whose credentials + are used to transfer data. Populated only for `transferConfigs.get` + requests. In case the user information is not available, this + field will not be populated. + properties: + email: + description: E-mail address of the user. + type: string + type: object + state: + description: Output only. State of the most recently updated transfer + run. + type: string + updateTime: + description: Output only. Data transfer modification time. Ignored + by server on input. + type: string + userID: + description: Deprecated. Unique ID of the user on whose behalf + transfer is done. + format: int64 + type: integer + type: object + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: BigQueryDataTransferConfig is the Schema for the BigQueryDataTransferConfig + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BigQueryDataTransferConfigSpec defines the desired state + of BigQueryDataTransferConfig + properties: + dataRefreshWindowDays: + description: The number of days to look back to automatically refresh + the data. For example, if `data_refresh_window_days = 10`, then + every day BigQuery reingests data for [today-10, today-1], rather + than ingesting data for just [today-1]. Only valid if the data source + supports the feature. Set the value to 0 to use the default value. + format: int32 + type: integer + dataSourceID: + description: 'Immutable. Data source ID. This cannot be changed once + data transfer is created. The full list of available data source + IDs can be returned through an API call: https://cloud.google.com/bigquery-transfer/docs/reference/datatransfer/rest/v1/projects.locations.dataSources/list' + type: string + x-kubernetes-validations: + - message: DataSourceID field is immutable + rule: self == oldSelf + datasetRef: + description: The BigQuery target dataset id. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: If provided must be in the format `projects/[project_id]/datasets/[dataset_id]`. + type: string + name: + description: The `metadata.name` field of a `BigQueryDataset` + resource. + type: string + namespace: + description: The `metadata.namespace` field of a `BigQueryDataset` + resource. + type: string + type: object + disabled: + description: Is this config disabled. When set to true, no runs will + be scheduled for this transfer config. + type: boolean + displayName: + description: User specified display name for the data transfer. + type: string + emailPreferences: + description: Email notifications will be sent according to these preferences + to the email address of the user who owns this transfer config. + properties: + enableFailureEmail: + description: If true, email notifications will be sent on transfer + run failures. + type: boolean + type: object + encryptionConfiguration: + description: The encryption configuration part. Currently, it is only + used for the optional KMS key name. The BigQuery service account + of your project must be granted permissions to use the key. Read + methods will return the key name applied in effect. Write methods + will apply the key if it is present, or otherwise try to apply project + default keys if it is absent. + properties: + kmsKeyRef: + description: The KMS key used for encrypting BigQuery data. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed KMSCryptoKey. + Should be in the format `projects/[kms_project_id]/locations/[region]/keyRings/[key_ring_id]/cryptoKeys/[key]`. + type: string + name: + description: The `name` of a `KMSCryptoKey` resource. + type: string + namespace: + description: The `namespace` of a `KMSCryptoKey` resource. + type: string + type: object + type: object + location: + description: Immutable. + type: string + x-kubernetes-validations: + - message: Location field is immutable + rule: self == oldSelf + params: + additionalProperties: + type: string + description: 'Parameters specific to each data source. For more information + see the bq tab in the ''Setting up a data transfer'' section for + each data source. For example the parameters for Cloud Storage transfers + are listed here: https://cloud.google.com/bigquery-transfer/docs/cloud-storage-transfer#bq' + type: object + projectRef: + description: The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + pubSubTopicRef: + description: Pub/Sub topic where notifications will be sent after + transfer runs associated with this transfer config finish. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: If provided must be in the format `projects/[project_id]/topics/[topic_id]`. + type: string + name: + description: The `metadata.name` field of a `PubSubTopic` resource. + type: string + namespace: + description: The `metadata.namespace` field of a `PubSubTopic` + resource. + type: string + type: object + resourceID: + description: Immutable. The BigQueryDataTransferConfig name. If not + given, the metadata.name will be used. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + schedule: + description: |- + Data transfer schedule. + If the data source does not support a custom schedule, this should be + empty. If it is empty, the default value for the data source will be used. + The specified times are in UTC. + Examples of valid format: + `1st,3rd monday of month 15:30`, + `every wed,fri of jan,jun 13:15`, and + `first sunday of quarter 00:00`. + See more explanation about the format here: + https://cloud.google.com/appengine/docs/flexible/python/scheduling-jobs-with-cron-yaml#the_schedule_format + + NOTE: The minimum interval time between recurring transfers depends on the + data source; refer to the documentation for your data source. + type: string + scheduleOptions: + description: Options customizing the data transfer schedule. + properties: + disableAutoScheduling: + description: If true, automatic scheduling of data transfer runs + for this configuration will be disabled. The runs can be started + on ad-hoc basis using StartManualTransferRuns API. When automatic + scheduling is disabled, the TransferConfig.schedule field will + be ignored. + type: boolean + endTime: + description: Defines time to stop scheduling transfer runs. A + transfer run cannot be scheduled at or after the end time. The + end time can be changed at any moment. The time when a data + transfer can be triggered manually is not limited by this option. + type: string + startTime: + description: Specifies time to start scheduling transfer runs. + The first run will be scheduled at or after the start time according + to a recurrence pattern defined in the schedule string. The + start time can be changed at any moment. The time when a data + transfer can be triggered manually is not limited by this option. + type: string + type: object + serviceAccountRef: + description: Service account email. If this field is set, the transfer + config will be created with this service account's credentials. + It requires that the requesting user calling this API has permissions + to act as this service account. Note that not all data sources support + service account credentials when creating a transfer config. For + the latest list of data sources, please refer to https://cloud.google.com/bigquery/docs/use-service-accounts. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - dataSourceID + - datasetRef + - location + - params + - projectRef + type: object + status: + description: BigQueryDataTransferConfigStatus defines the config connector + machine state of BigQueryDataTransferConfig + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the BigQueryDataTransferConfig + resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + datasetRegion: + description: Output only. Region in which BigQuery dataset is + located. + type: string + name: + description: Identifier. The resource name of the transfer config. + Transfer config names have the form either `projects/{project_id}/locations/{region}/transferConfigs/{config_id}` + or `projects/{project_id}/transferConfigs/{config_id}`, where + `config_id` is usually a UUID, even though it is not guaranteed + or required. The name is ignored when creating a transfer config. + type: string + nextRunTime: + description: Output only. Next time when data transfer will run. + type: string + ownerInfo: + description: Output only. Information about the user whose credentials + are used to transfer data. Populated only for `transferConfigs.get` + requests. In case the user information is not available, this + field will not be populated. + properties: + email: + description: E-mail address of the user. + type: string + type: object + state: + description: Output only. State of the most recently updated transfer + run. + type: string + updateTime: + description: Output only. Data transfer modification time. Ignored + by server on input. + type: string + userID: + description: Deprecated. Unique ID of the user on whose behalf + transfer is done. + format: int64 + type: integer + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryjobs.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryJob + plural: bigqueryjobs + shortNames: + - gcpbigqueryjob + - gcpbigqueryjobs + singular: bigqueryjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + copy: + description: Immutable. Copies a table. + properties: + createDisposition: + description: |- + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. + type: string + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string + required: + - kmsKeyRef + type: object + destinationTable: + description: Immutable. The destination table. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + sourceTables: + description: Immutable. Source tables to copy. + items: + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + type: array + writeDisposition: + description: |- + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. + type: string + required: + - sourceTables + type: object + extract: + description: Immutable. Configures an extract job. + properties: + compression: + description: |- + Immutable. The compression type to use for exported files. Possible values include GZIP, DEFLATE, SNAPPY, and NONE. + The default value is NONE. DEFLATE and SNAPPY are only supported for Avro. + type: string + destinationFormat: + description: |- + Immutable. The exported file format. Possible values include CSV, NEWLINE_DELIMITED_JSON and AVRO for tables and SAVED_MODEL for models. + The default value for tables is CSV. Tables with nested or repeated fields cannot be exported as CSV. + The default value for models is SAVED_MODEL. + type: string + destinationUris: + description: Immutable. A list of fully-qualified Google Cloud + Storage URIs where the extracted table should be written. + items: + type: string + type: array + fieldDelimiter: + description: |- + Immutable. When extracting data in CSV format, this defines the delimiter to use between fields in the exported data. + Default is ','. + type: string + printHeader: + description: Immutable. Whether to print out a header row in the + results. Default is true. + type: boolean + sourceTable: + description: Immutable. A reference to the table being exported. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + useAvroLogicalTypes: + description: Immutable. Whether to use logical types when extracting + to AVRO format. + type: boolean + required: + - destinationUris + type: object + jobTimeoutMs: + description: Immutable. Job timeout in milliseconds. If this time + limit is exceeded, BigQuery may attempt to terminate the job. + type: string + load: + description: Immutable. Configures a load job. + properties: + allowJaggedRows: + description: |- + Immutable. Accept rows that are missing trailing optional columns. The missing values are treated as nulls. + If false, records with missing trailing columns are treated as bad records, and if there are too many bad records, + an invalid error is returned in the job result. The default value is false. Only applicable to CSV, ignored for other formats. + type: boolean + allowQuotedNewlines: + description: |- + Immutable. Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file. + The default value is false. + type: boolean + autodetect: + description: Immutable. Indicates if we should automatically infer + the options and schema for CSV and JSON sources. + type: boolean + createDisposition: + description: |- + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. + type: string + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string + required: + - kmsKeyRef + type: object + destinationTable: + description: Immutable. The destination table to load the data + into. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + encoding: + description: |- + Immutable. The character encoding of the data. The supported values are UTF-8 or ISO-8859-1. + The default value is UTF-8. BigQuery decodes the data after the raw, binary data + has been split using the values of the quote and fieldDelimiter properties. + type: string + fieldDelimiter: + description: |- + Immutable. The separator for fields in a CSV file. The separator can be any ISO-8859-1 single-byte character. + To use a character in the range 128-255, you must encode the character as UTF8. BigQuery converts + the string to ISO-8859-1 encoding, and then uses the first byte of the encoded string to split the + data in its raw, binary state. BigQuery also supports the escape sequence "\t" to specify a tab separator. + The default value is a comma (','). + type: string + ignoreUnknownValues: + description: |- + Immutable. Indicates if BigQuery should allow extra values that are not represented in the table schema. + If true, the extra values are ignored. If false, records with extra columns are treated as bad records, + and if there are too many bad records, an invalid error is returned in the job result. + The default value is false. The sourceFormat property determines what BigQuery treats as an extra value: + CSV: Trailing columns + JSON: Named values that don't match any column names. + type: boolean + jsonExtension: + description: |- + Immutable. If sourceFormat is set to newline-delimited JSON, indicates whether it should be processed as a JSON variant such as GeoJSON. + For a sourceFormat other than JSON, omit this field. If the sourceFormat is newline-delimited JSON: - for newline-delimited + GeoJSON: set to GEOJSON. + type: string + maxBadRecords: + description: |- + Immutable. The maximum number of bad records that BigQuery can ignore when running the job. If the number of bad records exceeds this value, + an invalid error is returned in the job result. The default value is 0, which requires that all records are valid. + type: integer + nullMarker: + description: |- + Immutable. Specifies a string that represents a null value in a CSV file. For example, if you specify "\N", BigQuery interprets "\N" as a null value + when loading a CSV file. The default value is the empty string. If you set this property to a custom value, BigQuery throws an error if an + empty string is present for all data types except for STRING and BYTE. For STRING and BYTE columns, BigQuery interprets the empty string as + an empty value. + type: string + parquetOptions: + description: Immutable. Parquet Options for load and make external + tables. + properties: + enableListInference: + description: Immutable. If sourceFormat is set to PARQUET, + indicates whether to use schema inference specifically for + Parquet LIST logical type. + type: boolean + enumAsString: + description: Immutable. If sourceFormat is set to PARQUET, + indicates whether to infer Parquet ENUM logical type as + STRING instead of BYTES by default. + type: boolean + type: object + projectionFields: + description: |- + Immutable. If sourceFormat is set to "DATASTORE_BACKUP", indicates which entity properties to load into BigQuery from a Cloud Datastore backup. + Property names are case sensitive and must be top-level properties. If no properties are specified, BigQuery loads all properties. + If any named property isn't found in the Cloud Datastore backup, an invalid error is returned in the job result. + items: + type: string + type: array + quote: + description: |- + Immutable. The value that is used to quote data sections in a CSV file. BigQuery converts the string to ISO-8859-1 encoding, + and then uses the first byte of the encoded string to split the data in its raw, binary state. + The default value is a double-quote ('"'). If your data does not contain quoted sections, set the property value to an empty string. + If your data contains quoted newline characters, you must also set the allowQuotedNewlines property to true. + type: string + schemaUpdateOptions: + description: |- + Immutable. Allows the schema of the destination table to be updated as a side effect of the load job if a schema is autodetected or + supplied in the job configuration. Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; + when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, specified by partition decorators. + For normal tables, WRITE_TRUNCATE will always overwrite the schema. One or more of the following values are specified: + ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. + ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. + items: + type: string + type: array + skipLeadingRows: + description: |- + Immutable. The number of rows at the top of a CSV file that BigQuery will skip when loading the data. + The default value is 0. This property is useful if you have header rows in the file that should be skipped. + When autodetect is on, the behavior is the following: + skipLeadingRows unspecified - Autodetect tries to detect headers in the first row. If they are not detected, + the row is read as data. Otherwise data is read starting from the second row. + skipLeadingRows is 0 - Instructs autodetect that there are no headers and data should be read starting from the first row. + skipLeadingRows = N > 0 - Autodetect skips N-1 rows and tries to detect headers in row N. If headers are not detected, + row N is just skipped. Otherwise row N is used to extract column names for the detected schema. + type: integer + sourceFormat: + description: |- + Immutable. The format of the data files. For CSV files, specify "CSV". For datastore backups, specify "DATASTORE_BACKUP". + For newline-delimited JSON, specify "NEWLINE_DELIMITED_JSON". For Avro, specify "AVRO". For parquet, specify "PARQUET". + For orc, specify "ORC". [Beta] For Bigtable, specify "BIGTABLE". + The default value is CSV. + type: string + sourceUris: + description: |- + Immutable. The fully-qualified URIs that point to your data in Google Cloud. + For Google Cloud Storage URIs: Each URI can contain one '\*' wildcard character + and it must come after the 'bucket' name. Size limits related to load jobs apply + to external data sources. For Google Cloud Bigtable URIs: Exactly one URI can be + specified and it has be a fully specified and valid HTTPS URL for a Google Cloud Bigtable table. + For Google Cloud Datastore backups: Exactly one URI can be specified. Also, the '\*' wildcard character is not allowed. + items: + type: string + type: array + timePartitioning: + description: Immutable. Time-based partitioning specification + for the destination table. + properties: + expirationMs: + description: Immutable. Number of milliseconds for which to + keep the storage for a partition. A wrapper is used here + because 0 is an invalid value. + type: string + field: + description: |- + Immutable. If not set, the table is partitioned by pseudo column '_PARTITIONTIME'; if set, the table is partitioned by this field. + The field must be a top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or REQUIRED. + A wrapper is used here because an empty string is an invalid value. + type: string + type: + description: |- + Immutable. The only type supported is DAY, which will generate one partition per day. Providing an empty string used to cause an error, + but in OnePlatform the field will be treated as unset. + type: string + required: + - type + type: object + writeDisposition: + description: |- + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. + type: string + required: + - destinationTable + - sourceUris + type: object + location: + description: Immutable. The geographic location of the job. The default + value is US. + type: string + query: + description: Immutable. Configures a query job. + properties: + allowLargeResults: + description: |- + Immutable. If true and query uses legacy SQL dialect, allows the query to produce arbitrarily large result tables at a slight cost in performance. + Requires destinationTable to be set. For standard SQL queries, this flag is ignored and large results are always allowed. + However, you must still set destinationTable when result size exceeds the allowed maximum response size. + type: boolean + createDisposition: + description: |- + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. + type: string + defaultDataset: + description: Immutable. Specifies the default dataset to use for + unqualified table names in the query. Note that this does not + alter behavior of unqualified dataset names. + properties: + datasetRef: + description: A reference to the dataset. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryDataset` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - datasetRef + type: object + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string + required: + - kmsKeyRef + type: object + destinationTable: + description: |- + Immutable. Describes the table where the query results should be stored. + This property must be set for large results that exceed the maximum response size. + For queries that produce anonymous (cached) results, this field will be populated by BigQuery. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + flattenResults: + description: |- + Immutable. If true and query uses legacy SQL dialect, flattens all nested and repeated fields in the query results. + allowLargeResults must be true if this is set to false. For standard SQL queries, this flag is ignored and results are never flattened. + type: boolean + maximumBillingTier: + description: |- + Immutable. Limits the billing tier for this job. Queries that have resource usage beyond this tier will fail (without incurring a charge). + If unspecified, this will be set to your project default. + type: integer + maximumBytesBilled: + description: |- + Immutable. Limits the bytes billed for this job. Queries that will have bytes billed beyond this limit will fail (without incurring a charge). + If unspecified, this will be set to your project default. + type: string + parameterMode: + description: Immutable. Standard SQL only. Set to POSITIONAL to + use positional (?) query parameters or to NAMED to use named + (@myparam) query parameters in this query. + type: string + priority: + description: 'Immutable. Specifies a priority for the query. Default + value: "INTERACTIVE" Possible values: ["INTERACTIVE", "BATCH"].' + type: string + query: + description: |- + Immutable. SQL query text to execute. The useLegacySql field can be used to indicate whether the query uses legacy SQL or standard SQL. + *NOTE*: queries containing [DML language](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-manipulation-language) + ('DELETE', 'UPDATE', 'MERGE', 'INSERT') must specify 'create_disposition = ""' and 'write_disposition = ""'. + type: string + schemaUpdateOptions: + description: |- + Immutable. Allows the schema of the destination table to be updated as a side effect of the query job. + Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; + when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, + specified by partition decorators. For normal tables, WRITE_TRUNCATE will always overwrite the schema. + One or more of the following values are specified: + ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. + ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. + items: + type: string + type: array + scriptOptions: + description: Immutable. Options controlling the execution of scripts. + properties: + keyResultStatement: + description: |- + Immutable. Determines which statement in the script represents the "key result", + used to populate the schema and query results of the script job. Possible values: ["LAST", "FIRST_SELECT"]. + type: string + statementByteBudget: + description: Immutable. Limit on the number of bytes billed + per statement. Exceeding this budget results in an error. + type: string + statementTimeoutMs: + description: Immutable. Timeout period for each statement + in a script. + type: string + type: object + useLegacySql: + description: |- + Immutable. Specifies whether to use BigQuery's legacy SQL dialect for this query. The default value is true. + If set to false, the query will use BigQuery's standard SQL. + type: boolean + useQueryCache: + description: |- + Immutable. Whether to look for the result in the query cache. The query cache is a best-effort cache that will be flushed whenever + tables in the query are modified. Moreover, the query cache is only available when a query does not have a destination table specified. + The default value is true. + type: boolean + userDefinedFunctionResources: + description: Immutable. Describes user-defined function resources + used in the query. + items: + properties: + inlineCode: + description: |- + Immutable. An inline resource that contains code for a user-defined function (UDF). + Providing a inline code resource is equivalent to providing a URI for a file containing the same code. + type: string + resourceUri: + description: Immutable. A code resource to load from a Google + Cloud Storage URI (gs://bucket/path). + type: string + type: object + type: array + writeDisposition: + description: |- + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. + type: string + required: + - query + type: object + resourceID: + description: Immutable. Optional. The jobId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + jobType: + description: The type of the job. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + status: + description: The status of this job. Examine this value when polling + an asynchronous job to see if the job is complete. + items: + properties: + errorResult: + description: Final error result of the job. If present, indicates + that the job has completed and was unsuccessful. + items: + properties: + location: + description: Specifies where the error occurred, if present. + type: string + message: + description: A human-readable description of the error. + type: string + reason: + description: A short error code that summarizes the error. + type: string + type: object + type: array + errors: + description: |- + The first errors encountered during the running of the job. The final message + includes the number of errors that caused the process to stop. Errors here do + not necessarily mean that the job has not completed or was unsuccessful. + items: + properties: + location: + description: Specifies where the error occurred, if present. + type: string + message: + description: A human-readable description of the error. + type: string + reason: + description: A short error code that summarizes the error. + type: string + type: object + type: array + state: + description: Running state of the job. Valid states include + 'PENDING', 'RUNNING', and 'DONE'. + type: string + type: object + type: array + userEmail: + description: Email address of the user who ran the job. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryreservationcapacitycommitments.bigqueryreservation.cnrm.cloud.google.com +spec: + group: bigqueryreservation.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryReservationCapacityCommitment + plural: bigqueryreservationcapacitycommitments + shortNames: + - gcpbigqueryreservationcapacitycommitment + - gcpbigqueryreservationcapacitycommitments + singular: bigqueryreservationcapacitycommitment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + edition: + description: Immutable. The edition type. Valid values are STANDARD, + ENTERPRISE, ENTERPRISE_PLUS. + type: string + enforceSingleAdminProjectPerOrg: + description: Immutable. If true, fail the request if another project + in the organization has a capacity commitment. + type: string + location: + description: |- + Immutable. The geographic location where the transfer config should reside. + Examples: US, EU, asia-northeast1. The default value is US. + type: string + plan: + description: Capacity commitment plan. Valid values are at https://cloud.google.com/bigquery/docs/reference/reservations/rpc/google.cloud.bigquery.reservation.v1#commitmentplan. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + renewalPlan: + description: The plan this capacity commitment is converted to after + commitmentEndTime passes. Once the plan is changed, committed period + is extended according to commitment plan. Only applicable some commitment + plans. + type: string + resourceID: + description: Immutable. Optional. The capacityCommitmentId of the + resource. Used for creation and acquisition. When unset, the value + of `metadata.name` is used as the default. + type: string + slotCount: + description: Immutable. Number of slots in this commitment. + type: integer + required: + - location + - plan + - projectRef + - slotCount + type: object + status: + properties: + commitmentEndTime: + description: The start of the current commitment period. It is applicable + only for ACTIVE capacity commitments. + type: string + commitmentStartTime: + description: The start of the current commitment period. It is applicable + only for ACTIVE capacity commitments. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The resource name of the capacity commitment, e.g., projects/myproject/locations/US/capacityCommitments/123. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: State of the commitment. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryreservationreservations.bigqueryreservation.cnrm.cloud.google.com +spec: + group: bigqueryreservation.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryReservationReservation + plural: bigqueryreservationreservations + shortNames: + - gcpbigqueryreservationreservation + - gcpbigqueryreservationreservations + singular: bigqueryreservationreservation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscale: + description: The configuration parameters for the auto scaling feature. + properties: + currentSlots: + description: The slot capacity added to this reservation when + autoscale happens. Will be between [0, max_slots]. + type: integer + maxSlots: + description: Number of slots to be scaled when needed. + type: integer + type: object + concurrency: + description: Maximum number of queries that are allowed to run concurrently + in this reservation. This is a soft limit due to asynchronous nature + of the system and various optimizations for small queries. Default + value is 0 which means that concurrency will be automatically set + based on the reservation size. + type: integer + edition: + description: Immutable. The edition type. Valid values are STANDARD, + ENTERPRISE, ENTERPRISE_PLUS. + type: string + ignoreIdleSlots: + description: |- + If false, any query using this reservation will use idle slots from other reservations within + the same admin project. If true, a query using this reservation will execute with the slot + capacity specified above at most. + type: boolean + location: + description: |- + Immutable. The geographic location where the transfer config should reside. + Examples: US, EU, asia-northeast1. The default value is US. + type: string + multiRegionAuxiliary: + description: |- + Applicable only for reservations located within one of the BigQuery multi-regions (US or EU). + If set to true, this reservation is placed in the organization's secondary region which is designated for disaster recovery purposes. If false, this reservation is placed in the organization's default region. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + slotCapacity: + description: |- + Minimum slots available to this reservation. A slot is a unit of computational power in BigQuery, and serves as the + unit of parallelism. Queries using this reservation might use more slots during runtime if ignoreIdleSlots is set to false. + type: integer + required: + - location + - projectRef + - slotCapacity + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryroutines.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryRoutine + plural: bigqueryroutines + shortNames: + - gcpbigqueryroutine + - gcpbigqueryroutines + singular: bigqueryroutine + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + arguments: + description: Input/output argument of a function or a stored procedure. + items: + properties: + argumentKind: + description: 'Defaults to FIXED_TYPE. Default value: "FIXED_TYPE" + Possible values: ["FIXED_TYPE", "ANY_TYPE"].' + type: string + dataType: + description: |- + A JSON schema for the data type. Required unless argumentKind = ANY_TYPE. + ~>**NOTE**: Because this field expects a JSON string, any changes to the string + will create a diff, even if the JSON itself hasn't changed. If the API returns + a different value for the same schema, e.g. it switched the order of values + or replaced STRUCT field type with RECORD field type, we currently cannot + suppress the recurring diff this causes. As a workaround, we recommend using + the schema as returned by the API. + type: string + mode: + description: 'Specifies whether the argument is input or output. + Can be set for procedures only. Possible values: ["IN", "OUT", + "INOUT"].' + type: string + name: + description: The name of this argument. Can be absent for function + return argument. + type: string + type: object + type: array + datasetRef: + description: The ID of the dataset containing this routine. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigQueryDataset` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + definitionBody: + description: |- + The body of the routine. For functions, this is the expression in the AS clause. + If language=SQL, it is the substring inside (but excluding) the parentheses. + type: string + description: + description: The description of the routine if defined. + type: string + determinismLevel: + description: 'The determinism level of the JavaScript UDF if defined. + Possible values: ["DETERMINISM_LEVEL_UNSPECIFIED", "DETERMINISTIC", + "NOT_DETERMINISTIC"].' + type: string + importedLibraries: + description: |- + Optional. If language = "JAVASCRIPT", this field stores the path of the + imported JAVASCRIPT libraries. + items: + type: string + type: array + language: + description: 'The language of the routine. Possible values: ["SQL", + "JAVASCRIPT"].' + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The routineId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + returnTableType: + description: |- + Optional. Can be set only if routineType = "TABLE_VALUED_FUNCTION". + + If absent, the return table type is inferred from definitionBody at query time in each query + that references this routine. If present, then the columns in the evaluated table result will + be cast to match the column types specificed in return table type, at query time. + type: string + returnType: + description: |- + A JSON schema for the return type. Optional if language = "SQL"; required otherwise. + If absent, the return type is inferred from definitionBody at query time in each query + that references this routine. If present, then the evaluated result will be cast to + the specified returned type at query time. ~>**NOTE**: Because this field expects a JSON + string, any changes to the string will create a diff, even if the JSON itself hasn't + changed. If the API returns a different value for the same schema, e.g. it switche + d the order of values or replaced STRUCT field type with RECORD field type, we currently + cannot suppress the recurring diff this causes. As a workaround, we recommend using + the schema as returned by the API. + type: string + routineType: + description: 'Immutable. The type of routine. Possible values: ["SCALAR_FUNCTION", + "PROCEDURE", "TABLE_VALUED_FUNCTION"].' + type: string + required: + - datasetRef + - definitionBody + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTime: + description: |- + The time when this routine was created, in milliseconds since the + epoch. + type: integer + lastModifiedTime: + description: |- + The time when this routine was modified, in milliseconds since the + epoch. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigquerytables.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryTable + plural: bigquerytables + shortNames: + - gcpbigquerytable + - gcpbigquerytables + singular: bigquerytable + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clustering: + description: Specifies column names to use for data clustering. Up + to four top-level columns are allowed, and should be specified in + descending priority order. + items: + type: string + type: array + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigQueryDataset` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: The field description. + type: string + encryptionConfiguration: + description: Immutable. Specifies how the table should be encrypted. + If left blank, the table will be encrypted with a Google-managed + key; that process is transparent to the user. + properties: + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: The self link or full name of the kms key version + used to encrypt this table. + type: string + required: + - kmsKeyRef + type: object + expirationTime: + description: The time when this table expires, in milliseconds since + the epoch. If not present, the table will persist indefinitely. + Expired tables will be deleted and their storage reclaimed. + type: integer + externalDataConfiguration: + description: Describes the data format, location, and other properties + of a table stored outside of BigQuery. By defining these properties, + the data source can then be queried as if it were a standard BigQuery + table. + properties: + autodetect: + description: Let BigQuery try to autodetect the schema and format + of the table. + type: boolean + avroOptions: + description: Additional options if source_format is set to "AVRO". + properties: + useAvroLogicalTypes: + description: If sourceFormat is set to "AVRO", indicates whether + to interpret logical types as the corresponding BigQuery + data type (for example, TIMESTAMP), instead of using the + raw type (for example, INTEGER). + type: boolean + required: + - useAvroLogicalTypes + type: object + compression: + description: The compression type of the data source. Valid values + are "NONE" or "GZIP". + type: string + connectionId: + description: The connection specifying the credentials to be used + to read external storage, such as Azure Blob, Cloud Storage, + or S3. The connectionId can have the form "{{project}}.{{location}}.{{connection_id}}" + or "projects/{{project}}/locations/{{location}}/connections/{{connection_id}}". + type: string + csvOptions: + description: Additional properties to set if source_format is + set to "CSV". + properties: + allowJaggedRows: + description: Indicates if BigQuery should accept rows that + are missing trailing optional columns. + type: boolean + allowQuotedNewlines: + description: Indicates if BigQuery should allow quoted data + sections that contain newline characters in a CSV file. + The default value is false. + type: boolean + encoding: + description: The character encoding of the data. The supported + values are UTF-8 or ISO-8859-1. + type: string + fieldDelimiter: + description: The separator for fields in a CSV file. + type: string + quote: + type: string + skipLeadingRows: + description: The number of rows at the top of a CSV file that + BigQuery will skip when reading the data. + type: integer + required: + - quote + type: object + fileSetSpecType: + description: Specifies how source URIs are interpreted for constructing + the file set to load. By default source URIs are expanded against + the underlying storage. Other options include specifying manifest + files. Only applicable to object storage systems. + type: string + googleSheetsOptions: + description: Additional options if source_format is set to "GOOGLE_SHEETS". + properties: + range: + description: 'Range of a sheet to query from. Only used when + non-empty. At least one of range or skip_leading_rows must + be set. Typical format: "sheet_name!top_left_cell_id:bottom_right_cell_id" + For example: "sheet1!A1:B20".' + type: string + skipLeadingRows: + description: The number of rows at the top of the sheet that + BigQuery will skip when reading the data. At least one of + range or skip_leading_rows must be set. + type: integer + type: object + hivePartitioningOptions: + description: When set, configures hive partitioning support. Not + all storage formats support hive partitioning -- requesting + hive partitioning on an unsupported format will lead to an error, + as will providing an invalid specification. + properties: + mode: + description: When set, what mode of hive partitioning to use + when reading data. + type: string + requirePartitionFilter: + description: If set to true, queries over this table require + a partition filter that can be used for partition elimination + to be specified. + type: boolean + sourceUriPrefix: + description: When hive partition detection is requested, a + common for all source uris must be required. The prefix + must end immediately before the partition key encoding begins. + type: string + type: object + ignoreUnknownValues: + description: Indicates if BigQuery should allow extra values that + are not represented in the table schema. If true, the extra + values are ignored. If false, records with extra columns are + treated as bad records, and if there are too many bad records, + an invalid error is returned in the job result. The default + value is false. + type: boolean + jsonOptions: + description: Additional properties to set if sourceFormat is set + to JSON.". + properties: + encoding: + description: The character encoding of the data. The supported + values are UTF-8, UTF-16BE, UTF-16LE, UTF-32BE, and UTF-32LE. + The default value is UTF-8. + type: string + type: object + maxBadRecords: + description: The maximum number of bad records that BigQuery can + ignore when reading data. + type: integer + metadataCacheMode: + description: Metadata Cache Mode for the table. Set this to enable + caching of metadata from external data source. + type: string + objectMetadata: + description: Object Metadata is used to create Object Tables. + Object Tables contain a listing of objects (with their metadata) + found at the sourceUris. If ObjectMetadata is set, sourceFormat + should be omitted. + type: string + parquetOptions: + description: Additional properties to set if sourceFormat is set + to PARQUET.". + properties: + enableListInference: + description: Indicates whether to use schema inference specifically + for Parquet LIST logical type. + type: boolean + enumAsString: + description: Indicates whether to infer Parquet ENUM logical + type as STRING instead of BYTES by default. + type: boolean + type: object + referenceFileSchemaUri: + description: 'When creating an external table, the user can provide + a reference file with the table schema. This is enabled for + the following formats: AVRO, PARQUET, ORC.' + type: string + schema: + description: Immutable. A JSON schema for the external table. + Schema is required for CSV and JSON formats and is disallowed + for Google Cloud Bigtable, Cloud Datastore backups, and Avro + formats when using external tables. + type: string + sourceFormat: + description: ' Please see sourceFormat under ExternalDataConfiguration + in Bigquery''s public API documentation (https://cloud.google.com/bigquery/docs/reference/rest/v2/tables#externaldataconfiguration) + for supported formats. To use "GOOGLE_SHEETS" the scopes must + include "googleapis.com/auth/drive.readonly".' + type: string + sourceUris: + description: A list of the fully-qualified URIs that point to + your data in Google Cloud. + items: + type: string + type: array + required: + - autodetect + - sourceUris + type: object + friendlyName: + description: A descriptive name for the table. + type: string + materializedView: + description: If specified, configures this table as a materialized + view. + properties: + allowNonIncrementalDefinition: + description: Immutable. Allow non incremental materialized view + definition. The default value is false. + type: boolean + enableRefresh: + description: Specifies if BigQuery should automatically refresh + materialized view when the base table is updated. The default + is true. + type: boolean + query: + description: Immutable. A query whose result is persisted. + type: string + refreshIntervalMs: + description: Specifies maximum frequency at which this materialized + view will be refreshed. The default is 1800000. + type: integer + required: + - query + type: object + maxStaleness: + description: The maximum staleness of data that could be returned + when the table (or stale MV) is queried. Staleness encoded as a + string encoding of sql IntervalValue type. + type: string + rangePartitioning: + description: If specified, configures range-based partitioning for + this table. + properties: + field: + description: Immutable. The field used to determine how to create + a range-based partition. + type: string + range: + description: Information required to partition based on ranges. + Structure is documented below. + properties: + end: + description: End of the range partitioning, exclusive. + type: integer + interval: + description: The width of each range within the partition. + type: integer + start: + description: Start of the range partitioning, inclusive. + type: integer + required: + - end + - interval + - start + type: object + required: + - field + - range + type: object + requirePartitionFilter: + description: If set to true, queries over this table require a partition + filter that can be used for partition elimination to be specified. + type: boolean + resourceID: + description: Immutable. Optional. The tableId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + schema: + description: A JSON schema for the table. + type: string + tableConstraints: + description: Defines the primary key and foreign keys. + properties: + foreignKeys: + description: Present only if the table has a foreign key. The + foreign key is not enforced. + items: + properties: + columnReferences: + description: The pair of the foreign key column and primary + key column. + properties: + referencedColumn: + description: The column in the primary key that are + referenced by the referencingColumn. + type: string + referencingColumn: + description: The column that composes the foreign key. + type: string + required: + - referencedColumn + - referencingColumn + type: object + name: + description: Set only if the foreign key constraint is named. + type: string + referencedTable: + description: The table that holds the primary key and is + referenced by this foreign key. + properties: + datasetId: + description: The ID of the dataset containing this table. + type: string + projectId: + description: The ID of the project containing this table. + type: string + tableId: + description: The ID of the table. The ID must contain + only letters (a-z, A-Z), numbers (0-9), or underscores + (_). The maximum length is 1,024 characters. Certain + operations allow suffixing of the table ID with a + partition decorator, such as sample_table$20190123. + type: string + required: + - datasetId + - projectId + - tableId + type: object + required: + - columnReferences + - referencedTable + type: object + type: array + primaryKey: + description: Represents a primary key constraint on a table's + columns. Present only if the table has a primary key. The primary + key is not enforced. + properties: + columns: + description: The columns that are composed of the primary + key constraint. + items: + type: string + type: array + required: + - columns + type: object + type: object + timePartitioning: + description: If specified, configures time-based partitioning for + this table. + properties: + expirationMs: + description: Number of milliseconds for which to keep the storage + for a partition. + type: integer + field: + description: Immutable. The field used to determine how to create + a time-based partition. If time-based partitioning is enabled + without this value, the table is partitioned based on the load + time. + type: string + requirePartitionFilter: + description: DEPRECATED. This field is deprecated; please use + the top level field with the same name instead. If set to true, + queries over this table require a partition filter that can + be used for partition elimination to be specified. + type: boolean + type: + description: The supported types are DAY, HOUR, MONTH, and YEAR, + which will generate one partition per day, hour, month, and + year, respectively. + type: string + required: + - type + type: object + view: + description: If specified, configures this table as a view. + properties: + query: + description: A query that BigQuery executes when the view is referenced. + type: string + useLegacySql: + description: Specifies whether to use BigQuery's legacy SQL for + this view. The default value is true. If set to false, the view + will use BigQuery's standard SQL. + type: boolean + required: + - query + type: object + required: + - datasetRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTime: + description: The time when this table was created, in milliseconds + since the epoch. + type: integer + etag: + description: A hash of the resource. + type: string + lastModifiedTime: + description: The time when this table was last modified, in milliseconds + since the epoch. + type: integer + location: + description: The geographic location where the table resides. This + value is inherited from the dataset. + type: string + numBytes: + description: The geographic location where the table resides. This + value is inherited from the dataset. + type: integer + numLongTermBytes: + description: The number of bytes in the table that are considered + "long-term storage". + type: integer + numRows: + description: The number of rows of data in this table, excluding any + data in the streaming buffer. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: + description: Describes the table type. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigtableappprofiles.bigtable.cnrm.cloud.google.com +spec: + group: bigtable.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigtableAppProfile + plural: bigtableappprofiles + shortNames: + - gcpbigtableappprofile + - gcpbigtableappprofiles + singular: bigtableappprofile + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Long form description of the use case for this app profile. + type: string + instanceRef: + description: The instance to create the app profile within. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + multiClusterRoutingClusterIds: + description: The set of clusters to route to. The order is ignored; + clusters will be tried in order of distance. If left empty, all + clusters are eligible. + items: + type: string + type: array + multiClusterRoutingUseAny: + description: |- + If true, read/write requests are routed to the nearest cluster in the instance, and will fail over to the nearest cluster that is available + in the event of transient errors or delays. Clusters in a region are considered equidistant. Choosing this option sacrifices read-your-writes + consistency to improve availability. + type: boolean + resourceID: + description: Immutable. Optional. The appProfileId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + singleClusterRouting: + description: Use a single-cluster routing policy. + properties: + allowTransactionalWrites: + description: |- + If true, CheckAndMutateRow and ReadModifyWriteRow requests are allowed by this app profile. + It is unsafe to send these requests to the same table/row/column in multiple clusters. + type: boolean + clusterId: + description: The cluster to which read/write requests should be + routed. + type: string + required: + - clusterId + type: object + standardIsolation: + description: The standard options used for isolating this app profile's + traffic from other use cases. + properties: + priority: + description: 'The priority of requests sent using this app profile. + Possible values: ["PRIORITY_LOW", "PRIORITY_MEDIUM", "PRIORITY_HIGH"].' + type: string + required: + - priority + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The unique name of the requested app profile. Values + are of the form 'projects//instances//appProfiles/'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigtablegcpolicies.bigtable.cnrm.cloud.google.com +spec: + group: bigtable.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigtableGCPolicy + plural: bigtablegcpolicies + shortNames: + - gcpbigtablegcpolicy + - gcpbigtablegcpolicies + singular: bigtablegcpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + columnFamily: + description: Immutable. The name of the column family. + type: string + deletionPolicy: + description: "The deletion policy for the GC policy. Setting ABANDON + allows the resource\n\t\t\t\tto be abandoned rather than deleted. + This is useful for GC policy as it cannot be deleted\n\t\t\t\tin + a replicated instance. Possible values are: \"ABANDON\"." + type: string + gcRules: + description: Serialized JSON string for garbage collection policy. + Conflicts with "mode", "max_age" and "max_version". + type: string + instanceRef: + description: The name of the Bigtable instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + maxAge: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. GC policy that applies to all cells + older than the given age.' + items: + properties: + days: + description: DEPRECATED. Deprecated in favor of duration. Immutable. + Number of days before applying GC policy. + type: integer + duration: + description: Immutable. Duration before applying GC policy. + type: string + type: object + type: array + maxVersion: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. GC policy that applies to all versions + of a cell except for the most recent.' + items: + properties: + number: + description: Immutable. Number of version before applying the + GC policy. + type: integer + required: + - number + type: object + type: array + mode: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. If multiple policies are set, you + should choose between UNION OR INTERSECTION.' + type: string + tableRef: + description: The name of the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableTable` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - columnFamily + - instanceRef + - tableRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigtableinstances.bigtable.cnrm.cloud.google.com +spec: + group: bigtable.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigtableInstance + listKind: BigtableInstanceList + plural: bigtableinstances + shortNames: + - gcpbigtableinstance + - gcpbigtableinstances + singular: bigtableinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: BigtableInstance is the Schema for the BigtableInstance API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BigtableInstanceSpec defines the desired state of BigtableInstance + properties: + cluster: + description: A block of cluster configuration options. This can be + specified at least once. + items: + properties: + autoscalingConfig: + description: A list of Autoscaling configurations. Only one + element is used and allowed. + properties: + cpuTarget: + description: The target CPU utilization for autoscaling. + Value must be between 10 and 80. + format: int64 + type: integer + maxNodes: + description: The maximum number of nodes for autoscaling. + format: int64 + type: integer + minNodes: + description: The minimum number of nodes for autoscaling. + format: int64 + type: integer + storageTarget: + description: The target storage utilization for autoscaling, + in GB, for each node in a cluster. This number is limited + between 2560 (2.5TiB) and 5120 (5TiB) for a SSD cluster + and between 8192 (8TiB) and 16384 (16 TiB) for an HDD + cluster. If not set, whatever is already set for the cluster + will not change, or if the cluster is just being created, + it will use the default value of 2560 for SSD clusters + and 8192 for HDD clusters. + format: int64 + type: integer + required: + - cpuTarget + - maxNodes + - minNodes + type: object + clusterId: + description: The ID of the Cloud Bigtable cluster. Must be 6-30 + characters and must only contain hyphens, lowercase letters + and numbers. + type: string + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable + cluster. The requirements for this key are: + + 1) The Cloud Bigtable service account associated with the project that contains + this cluster must be granted the cloudkms.cryptoKeyEncrypterDecrypter role on the CMEK key. + 2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster. + 3) All clusters within an instance must use the same CMEK key access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed KMSCryptoKey. + Should be in the format `projects/[kms_project_id]/locations/[region]/keyRings/[key_ring_id]/cryptoKeys/[key]`. + type: string + name: + description: The `name` of a `KMSCryptoKey` resource. + type: string + namespace: + description: The `namespace` of a `KMSCryptoKey` resource. + type: string + type: object + numNodes: + description: The number of nodes in the cluster. If no value + is set, Cloud Bigtable automatically allocates nodes based + on your data footprint and optimized for 50% storage utilization. + format: int64 + type: integer + storageType: + description: The storage type to use. One of "SSD" or "HDD". + Defaults to "SSD". + type: string + zone: + description: The zone to create the Cloud Bigtable cluster in. + Each cluster must have a different zone in the same region. + Zones that support Bigtable instances are noted on the Cloud + Bigtable locations page. + type: string + required: + - clusterId + - zone + type: object + type: array + deletionProtection: + description: DEPRECATED. This field no longer serves any function + and is intended to be dropped in a later version of the resource. + type: boolean + displayName: + description: Required. The descriptive name for this instance as it + appears in UIs. Can be changed at any time, but should be kept globally + unique to avoid confusion. + type: string + instanceType: + description: DEPRECATED. It is recommended to leave this field unspecified + since the distinction between "DEVELOPMENT" and "PRODUCTION" instances + is going away, and all instances will become "PRODUCTION" instances. + This means that new and existing "DEVELOPMENT" instances will be + converted to "PRODUCTION" instances. It is recommended for users + to use "PRODUCTION" instances in any case, since a 1-node "PRODUCTION" + instance is functionally identical to a "DEVELOPMENT" instance, + but without the accompanying restrictions. The instance type to + create. One of "DEVELOPMENT" or "PRODUCTION". Defaults to "PRODUCTION". + type: string + resourceID: + description: The Instance name. If not given, the metadata.name will + be used. + type: string + type: object + status: + description: BigtableInstanceStatus defines the config connector machine + state of BigtableInstance + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigtabletables.bigtable.cnrm.cloud.google.com +spec: + group: bigtable.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigtableTable + plural: bigtabletables + shortNames: + - gcpbigtabletable + - gcpbigtabletables + singular: bigtabletable + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + changeStreamRetention: + description: Duration to retain change stream data for the table. + Set to 0 to disable. Must be between 1 and 7 days. + type: string + columnFamily: + description: A group of columns within a table which share a common + configuration. This can be specified multiple times. + items: + properties: + family: + description: The name of the column family. + type: string + required: + - family + type: object + type: array + deletionProtection: + description: A field to make the table protected against data loss + i.e. when set to PROTECTED, deleting the table, the column families + in the table, and the instance containing the table would be prohibited. + If not provided, currently deletion protection will be set to UNPROTECTED + as it is the API default value. + type: string + instanceRef: + description: The name of the Bigtable instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + splitKeys: + items: + type: string + type: array + required: + - instanceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: billingbudgetsbudgets.billingbudgets.cnrm.cloud.google.com +spec: + group: billingbudgets.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BillingBudgetsBudget + plural: billingbudgetsbudgets + shortNames: + - gcpbillingbudgetsbudget + - gcpbillingbudgetsbudgets + singular: billingbudgetsbudget + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + allUpdatesRule: + description: Optional. Rules to apply to notifications sent based + on budget spend and thresholds. + properties: + disableDefaultIamRecipients: + description: Optional. When set to true, disables default notifications + sent when a threshold is exceeded. Default notifications are + sent to those with Billing Account Administrator and Billing + Account User IAM roles for the target account. + type: boolean + monitoringNotificationChannels: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `MonitoringNotificationChannel` resource (format: + `projects/{{project}}/notificationChannels/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + pubsubTopicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The name of the Pub/Sub topic where budget related messages will be published, in the form `projects/{project_id}/topics/{topic_id}`. Updates are sent at regular intervals to the topic. The topic needs to be created before the budget is created; see https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications for more details. Caller is expected to have `pubsub.topics.setIamPolicy` permission on the topic when it's set for a budget, otherwise, the API call will fail with PERMISSION_DENIED. See https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#permissions_required_for_this_task for more details on Pub/Sub roles and permissions. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + schemaVersion: + description: Optional. Required when NotificationsRule.pubsub_topic + is set. The schema version of the notification sent to NotificationsRule.pubsub_topic. + Only "1.0" is accepted. It represents the JSON schema as defined + in https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#notification_format. + type: string + type: object + amount: + description: Required. Budgeted amount. + properties: + lastPeriodAmount: + description: Use the last period's actual spend as the budget + for the present period. LastPeriodAmount can only be set when + the budget's time period is a . + type: object + x-kubernetes-preserve-unknown-fields: true + specifiedAmount: + description: A specified amount to use as the budget. `currency_code` + is optional. If specified when creating a budget, it must match + the currency of the billing account. If specified when updating + a budget, it must match the currency_code of the existing budget. + The `currency_code` is provided on output. + properties: + currencyCode: + description: Immutable. The three-letter currency code defined + in ISO 4217. + type: string + nanos: + description: Number of nano (10^-9) units of the amount. The + value must be between -999,999,999 and +999,999,999 inclusive. + If `units` is positive, `nanos` must be positive or zero. + If `units` is zero, `nanos` can be positive, zero, or negative. + If `units` is negative, `nanos` must be negative or zero. + For example $-1.75 is represented as `units`=-1 and `nanos`=-750,000,000. + format: int64 + type: integer + units: + description: The whole units of the amount. For example if + `currencyCode` is `"USD"`, then 1 unit is one US dollar. + format: int64 + type: integer + type: object + type: object + billingAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The billing account of the resource + + Allowed value: The Google Cloud resource name of a Google Cloud Billing Account (format: `billingAccounts/{{name}}`). + type: string + name: + description: |- + [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + budgetFilter: + description: Optional. Filters that define which resources are used + to compute the actual spend against the budget amount, such as projects, + services, and the budget's time period, as well as other filters. + properties: + calendarPeriod: + description: 'Optional. Specifies to track usage for recurring + calendar period. For example, assume that CalendarPeriod.QUARTER + is set. The budget will track usage from April 1 to June 30, + when the current calendar month is April, May, June. After that, + it will track usage from July 1 to September 30 when the current + calendar month is July, August, September, so on. Possible values: + CALENDAR_PERIOD_UNSPECIFIED, MONTH, QUARTER, YEAR' + type: string + creditTypes: + description: Optional. If Filter.credit_types_treatment is INCLUDE_SPECIFIED_CREDITS, + this is a list of credit types to be subtracted from gross cost + to determine the spend for threshold calculations. See a list + of acceptable credit type values. If Filter.credit_types_treatment + is not INCLUDE_SPECIFIED_CREDITS, this field must be empty. + items: + type: string + type: array + creditTypesTreatment: + description: Optional. If not set, default behavior is `INCLUDE_ALL_CREDITS`. + type: string + customPeriod: + description: Optional. Specifies to track usage from any start + date (required) to any end date (optional). This time period + is static, it does not recur. + properties: + endDate: + description: Immutable. Optional. The end date of the time + period. Budgets with elapsed end date won't be processed. + If unset, specifies to track all usage incurred since the + start_date. + properties: + day: + description: Immutable. Day of a month. Must be from 1 + to 31 and valid for the year and month, or 0 to specify + a year by itself or a year and month where the day isn't + significant. + format: int64 + type: integer + month: + description: Immutable. Month of a year. Must be from + 1 to 12, or 0 to specify a year without a month and + day. + format: int64 + type: integer + year: + description: Immutable. Year of the date. Must be from + 1 to 9999, or 0 to specify a date without a year. + format: int64 + type: integer + type: object + startDate: + description: Immutable. Required. The start date must be after + January 1, 2017. + properties: + day: + description: Immutable. Day of a month. Must be from 1 + to 31 and valid for the year and month, or 0 to specify + a year by itself or a year and month where the day isn't + significant. + format: int64 + type: integer + month: + description: Immutable. Month of a year. Must be from + 1 to 12, or 0 to specify a year without a month and + day. + format: int64 + type: integer + year: + description: Immutable. Year of the date. Must be from + 1 to 9999, or 0 to specify a date without a year. + format: int64 + type: integer + type: object + required: + - startDate + type: object + labels: + additionalProperties: + properties: + values: + description: Immutable. The values of the label + items: + type: string + type: array + type: object + description: Optional. A single label and value pair specifying + that usage from only this set of labeled resources should be + included in the budget. Currently, multiple entries or multiple + values per entry are not allowed. If omitted, the report will + include all labeled and unlabeled usage. + type: object + projects: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + services: + description: 'Optional. A set of services of the form `services/{service_id}`, + specifying that usage from only this set of services should + be included in the budget. If omitted, the report will include + usage for all the services. The service names are available + through the Catalog API: https://cloud.google.com/billing/v1/how-tos/catalog-api.' + items: + type: string + type: array + subaccounts: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + type: string + name: + description: |- + [WARNING] CloudBillingBillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + displayName: + description: User data for display name in UI. The name must be less + than or equal to 60 characters. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + thresholdRules: + description: Optional. Rules that trigger alerts (notifications of + thresholds being crossed) when spend exceeds the specified percentages + of the budget. + items: + properties: + spendBasis: + description: 'Optional. The type of basis used to determine + if spend has passed the threshold. Behavior defaults to CURRENT_SPEND + if not set. Possible values: BASIS_UNSPECIFIED, CURRENT_SPEND, + FORECASTED_SPEND' + type: string + thresholdPercent: + description: 'Required. Send an alert when this threshold is + exceeded. This is a 1.0-based percentage, so 0.5 = 50%. Validation: + non-negative number.' + format: double + type: number + required: + - thresholdPercent + type: object + type: array + required: + - amount + - billingAccountRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: Optional. Etag to validate that the object is unchanged + for a read-modify-write operation. An empty etag will cause an update + to overwrite other changes. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: binaryauthorizationattestors.binaryauthorization.cnrm.cloud.google.com +spec: + group: binaryauthorization.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BinaryAuthorizationAttestor + plural: binaryauthorizationattestors + shortNames: + - gcpbinaryauthorizationattestor + - gcpbinaryauthorizationattestors + singular: binaryauthorizationattestor + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A descriptive comment. This field may be updated. + The field may be displayed in chooser dialogs. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + userOwnedDrydockNote: + description: This specifies how an attestation will be read, and how + it will be used during policy enforcement. + properties: + noteRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The Drydock resource name of a Attestation. Authority Note, created by the user, in the format: `projects/*/notes/*`. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation. Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency. + + Allowed value: The Google Cloud resource name of a `ContainerAnalysisNote` resource (format: `projects/{{project}}/notes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + publicKeys: + description: Optional. Public keys that verify attestations signed + by this attestor. This field may be updated. If this field is + non-empty, one of the specified public keys must verify that + an attestation was signed by this attestor for the image specified + in the admission request. If this field is empty, this attestor + always returns that no valid attestations exist. + items: + properties: + asciiArmoredPgpPublicKey: + description: ASCII-armored representation of a PGP public + key, as the entire output by the command `gpg --export + --armor foo@example.com` (either LF or CRLF line endings). + When using this field, `id` should be left blank. The + BinAuthz API handlers will calculate the ID and fill it + in automatically. BinAuthz computes this ID as the OpenPGP + RFC4880 V4 fingerprint, represented as upper-case hex. + If `id` is provided by the caller, it will be overwritten + by the API-calculated ID. + type: string + comment: + description: Optional. A descriptive comment. This field + may be updated. + type: string + id: + description: The ID of this public key. Signatures verified + by BinAuthz must include the ID of the public key that + can be used to verify them, and that ID must match the + contents of this field exactly. Additional restrictions + on this field can be imposed based on which public key + type is encapsulated. See the documentation on `public_key` + cases below for details. + type: string + pkixPublicKey: + description: 'A raw PKIX SubjectPublicKeyInfo format public + key. NOTE: `id` may be explicitly provided by the caller + when using this type of public key, but it MUST be a valid + RFC3986 URI. If `id` is left blank, a default one will + be computed based on the digest of the DER encoding of + the public key.' + properties: + publicKeyPem: + description: A PEM-encoded public key, as described + in https://tools.ietf.org/html/rfc7468#section-13 + type: string + signatureAlgorithm: + description: 'The signature algorithm used to verify + a message against a signature using this key. These + signature algorithm must match the structure and any + object identifiers encoded in `public_key_pem` (i.e. + this algorithm must match that of the public key). + Possible values: SIGNATURE_ALGORITHM_UNSPECIFIED, + RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, + RSA_PSS_4096_SHA512, RSA_SIGN_PKCS1_2048_SHA256, RSA_SIGN_PKCS1_3072_SHA256, + RSA_SIGN_PKCS1_4096_SHA256, RSA_SIGN_PKCS1_4096_SHA512, + ECDSA_P256_SHA256, EC_SIGN_P256_SHA256, ECDSA_P384_SHA384, + EC_SIGN_P384_SHA384, ECDSA_P521_SHA512, EC_SIGN_P521_SHA512' + type: string + type: object + type: object + type: array + required: + - noteRef + type: object + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. Time when the attestor was last updated. + format: date-time + type: string + userOwnedDrydockNote: + properties: + delegationServiceAccountEmail: + description: Output only. This field will contain the service + account email address that this Attestor will use as the principal + when querying Container Analysis. Attestor administrators must + grant this service account the IAM role needed to read attestations + from the in Container Analysis (`containeranalysis.notes.occurrences.viewer`). + This email address is fixed for the lifetime of the Attestor, + but callers should not make any other assumptions about the + service account email; future versions may use an email based + on a different naming pattern. + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: binaryauthorizationpolicies.binaryauthorization.cnrm.cloud.google.com +spec: + group: binaryauthorization.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BinaryAuthorizationPolicy + plural: binaryauthorizationpolicies + shortNames: + - gcpbinaryauthorizationpolicy + - gcpbinaryauthorizationpolicies + singular: binaryauthorizationpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + admissionWhitelistPatterns: + description: Optional. Admission policy allowlisting. A matching admission + request will always be permitted. This feature is typically used + to exclude Google or third-party infrastructure images from Binary + Authorization policies. + items: + properties: + namePattern: + description: An image name pattern to allowlist, in the form + `registry/path/to/image`. This supports a trailing `*` as + a wildcard, but this is allowed only in text after the `registry/` + part. + type: string + type: object + type: array + clusterAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-cluster admission rules. Cluster spec + format: location.clusterId. There can be at most one admission rule + per cluster spec. A location is either a compute zone (e.g. us-central1-a) + or a region (e.g. us-central1). For clusterId syntax restrictions + see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.' + type: object + defaultAdmissionRule: + description: Required. Default admission rule for a cluster without + a per-cluster, per-kubernetes-service-account, or per-istio-service-identity + admission rule. + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `BinaryAuthorizationAttestor` resource (format: `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: + description: Optional. A descriptive comment. + type: string + globalPolicyEvaluationMode: + description: 'Optional. Controls the evaluation of a Google-maintained + global admission policy for common system-level images. Images not + covered by the global policy will be subject to the project admission + policy. This setting has no effect when specified inside a global + admission policy. Possible values: GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED, + ENABLE, DISABLE' + type: string + istioServiceIdentityAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-istio-service-identity admission rules. + Istio service identity spec format: spiffe:///ns//sa/ or /ns//sa/ + e.g. spiffe://example.com/ns/test-ns/sa/default' + type: object + kubernetesNamespaceAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-kubernetes-namespace admission rules. + K8s namespace spec format: [a-z.-]+, e.g. ''some-namespace''' + type: object + kubernetesServiceAccountAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-kubernetes-service-account admission rules. + Service account spec format: namespace:serviceaccount. e.g. ''test-ns:default''' + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project of the resource. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - defaultAdmissionRule + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. The resource name, in the format `projects/*/policy`. + There is at most one policy per project. + type: string + updateTime: + description: Output only. Time when the policy was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: certificatemanagercertificatemapentries.certificatemanager.cnrm.cloud.google.com +spec: + group: certificatemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CertificateManagerCertificateMapEntry + plural: certificatemanagercertificatemapentries + shortNames: + - gcpcertificatemanagercertificatemapentry + - gcpcertificatemanagercertificatemapentries + singular: certificatemanagercertificatemapentry + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificatesRefs: + items: + description: |- + A set of Certificates defines for the given hostname. + There can be defined up to fifteen certificates in each Certificate Map Entry. + Each certificate must match pattern projects/*/locations/*/certificates/*. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/certificates/{{value}}`, + where {{value}} is the `name` field of a `CertificateManagerCertificate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + description: + description: A human-readable description of the resource. + type: string + hostname: + description: |- + Immutable. A Hostname (FQDN, e.g. example.com) or a wildcard hostname expression (*.example.com) + for a set of hostnames with common suffix. Used as Server Name Indication (SNI) for + selecting a proper certificate. + type: string + mapRef: + description: A map entry that is inputted into the certificate map. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CertificateManagerCertificateMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + matcher: + description: Immutable. A predefined matcher for particular cases, + other than SNI selection. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - certificatesRefs + - mapRef + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Creation timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC "Zulu" format, + with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: A serving state of this Certificate Map Entry. + type: string + updateTime: + description: |- + Update timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC "Zulu" format, + with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificatesRefs: + items: + description: |- + A set of Certificates defines for the given hostname. + There can be defined up to fifteen certificates in each Certificate Map Entry. + Each certificate must match pattern projects/*/locations/*/certificates/*. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/certificates/{{value}}`, + where {{value}} is the `name` field of a `CertificateManagerCertificate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + description: + description: A human-readable description of the resource. + type: string + hostname: + description: |- + Immutable. A Hostname (FQDN, e.g. example.com) or a wildcard hostname expression (*.example.com) + for a set of hostnames with common suffix. Used as Server Name Indication (SNI) for + selecting a proper certificate. + type: string + mapRef: + description: A map entry that is inputted into the certificate map. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CertificateManagerCertificateMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + matcher: + description: Immutable. A predefined matcher for particular cases, + other than SNI selection. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - certificatesRefs + - mapRef + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Creation timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC "Zulu" format, + with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: A serving state of this Certificate Map Entry. + type: string + updateTime: + description: |- + Update timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC "Zulu" format, + with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: certificatemanagercertificatemaps.certificatemanager.cnrm.cloud.google.com +spec: + group: certificatemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CertificateManagerCertificateMap + plural: certificatemanagercertificatemaps + shortNames: + - gcpcertificatemanagercertificatemap + - gcpcertificatemanagercertificatemaps + singular: certificatemanagercertificatemap + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Creation timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, + accurate to nanoseconds with up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + gclbTargets: + description: A list of target proxies that use this Certificate Map. + items: + properties: + ipConfigs: + description: An IP configuration where this Certificate Map + is serving. + items: + properties: + ipAddress: + description: An external IP address. + type: string + ports: + description: A list of ports. + items: + type: integer + type: array + type: object + type: array + targetHttpsProxy: + description: |- + Proxy name must be in the format projects/*/locations/*/targetHttpsProxies/*. + This field is part of a union field 'target_proxy': Only one of 'targetHttpsProxy' or + 'targetSslProxy' may be set. + type: string + targetSslProxy: + description: |- + Proxy name must be in the format projects/*/locations/*/targetSslProxies/*. + This field is part of a union field 'target_proxy': Only one of 'targetHttpsProxy' or + 'targetSslProxy' may be set. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + Update timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, + accurate to nanoseconds with up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Creation timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, + accurate to nanoseconds with up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + gclbTargets: + description: A list of target proxies that use this Certificate Map. + items: + properties: + ipConfigs: + description: An IP configuration where this Certificate Map + is serving. + items: + properties: + ipAddress: + description: An external IP address. + type: string + ports: + description: A list of ports. + items: + type: integer + type: array + type: object + type: array + targetHttpsProxy: + description: |- + Proxy name must be in the format projects/*/locations/*/targetHttpsProxies/*. + This field is part of a union field 'target_proxy': Only one of 'targetHttpsProxy' or + 'targetSslProxy' may be set. + type: string + targetSslProxy: + description: |- + Proxy name must be in the format projects/*/locations/*/targetSslProxies/*. + This field is part of a union field 'target_proxy': Only one of 'targetHttpsProxy' or + 'targetSslProxy' may be set. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + Update timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, + accurate to nanoseconds with up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: certificatemanagercertificates.certificatemanager.cnrm.cloud.google.com +spec: + group: certificatemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CertificateManagerCertificate + plural: certificatemanagercertificates + shortNames: + - gcpcertificatemanagercertificate + - gcpcertificatemanagercertificates + singular: certificatemanagercertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. + type: string + location: + description: Immutable. The Certificate Manager location. If not specified, + "global" is used. + type: string + managed: + description: |- + Immutable. Configuration and state of a Managed Certificate. + Certificate Manager provisions and renews Managed Certificates + automatically, for as long as it's authorized to do so. + properties: + authorizationAttemptInfo: + description: |- + Detailed state of the latest authorization attempt for each domain + specified for this Managed Certificate. + items: + properties: + details: + description: |- + Human readable explanation for reaching the state. Provided to help + address the configuration issues. + Not guaranteed to be stable. For programmatic access use 'failure_reason' field. + type: string + domain: + description: Domain name of the authorization attempt. + type: string + failureReason: + description: Reason for failure of the authorization attempt + for the domain. + type: string + state: + description: State of the domain for managed certificate + issuance. + type: string + type: object + type: array + dnsAuthorizationsRefs: + items: + description: Authorizations that will be used for performing + domain authorization. Either issuanceConfig or dnsAuthorizations + should be specified, but not both. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/locations/global/dnsAuthorizations/{{value}}`, + where {{value}} is the `name` field of a `CertificateManagerDNSAuthorization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + domains: + description: |- + Immutable. The domains for which a managed SSL certificate will be generated. + Wildcard domains are only supported with DNS challenge resolution. + items: + type: string + type: array + issuanceConfigRef: + description: |- + Only the `external` field is supported to configure the reference. + + Immutable. The resource name for a CertificateIssuanceConfig used to configure private PKI certificates in the format projects/*/locations/*/certificateIssuanceConfigs/*. + If this field is not set, the certificates will instead be publicly signed as documented at https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs#caa. + Either issuanceConfig or dnsAuthorizations should be specified, but not both. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/certificateIssuanceConfigs/{{name}}`, + where {{value}} is the `name` field of a `CertificateManagerCertificateIssuanceConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + provisioningIssue: + description: Information about issues with provisioning this Managed + Certificate. + items: + properties: + details: + description: |- + Human readable explanation about the issue. Provided to help address + the configuration issues. + Not guaranteed to be stable. For programmatic access use 'reason' field. + type: string + reason: + description: Reason for provisioning failures. + type: string + type: object + type: array + state: + description: A state of this Managed Certificate. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + scope: + description: |- + Immutable. The scope of the certificate. + + DEFAULT: Certificates with default scope are served from core Google data centers. + If unsure, choose this option. + + EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, + served from non-core Google data centers. + + ALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs). + see https://cloud.google.com/compute/docs/regions-zones. + type: string + selfManaged: + description: |- + Immutable. Certificate data for a SelfManaged Certificate. + SelfManaged Certificates are uploaded by the user. Updating such + certificates before they expire remains the user's responsibility. + properties: + certificatePem: + description: |- + DEPRECATED. `certificate_pem` is deprecated. Use `pem_certificate` instead. Immutable. The certificate chain in PEM-encoded form. + + Leaf certificate comes first, followed by intermediate ones if any. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + pemCertificate: + description: |- + Immutable. The certificate chain in PEM-encoded form. + + Leaf certificate comes first, followed by intermediate ones if any. + type: string + pemPrivateKey: + description: Immutable. The private key of the leaf certificate + in PEM-encoded form. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + privateKeyPem: + description: DEPRECATED. `private_key_pem` is deprecated. Use + `pem_private_key` instead. Immutable. The private key of the + leaf certificate in PEM-encoded form. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + type: object + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. + type: string + location: + description: Immutable. The Certificate Manager location. If not specified, + "global" is used. + type: string + managed: + description: |- + Immutable. Configuration and state of a Managed Certificate. + Certificate Manager provisions and renews Managed Certificates + automatically, for as long as it's authorized to do so. + properties: + authorizationAttemptInfo: + description: |- + Detailed state of the latest authorization attempt for each domain + specified for this Managed Certificate. + items: + properties: + details: + description: |- + Human readable explanation for reaching the state. Provided to help + address the configuration issues. + Not guaranteed to be stable. For programmatic access use 'failure_reason' field. + type: string + domain: + description: Domain name of the authorization attempt. + type: string + failureReason: + description: Reason for failure of the authorization attempt + for the domain. + type: string + state: + description: State of the domain for managed certificate + issuance. + type: string + type: object + type: array + dnsAuthorizationsRefs: + items: + description: Authorizations that will be used for performing + domain authorization. Either issuanceConfig or dnsAuthorizations + should be specified, but not both. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/locations/global/dnsAuthorizations/{{value}}`, + where {{value}} is the `name` field of a `CertificateManagerDNSAuthorization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + domains: + description: |- + Immutable. The domains for which a managed SSL certificate will be generated. + Wildcard domains are only supported with DNS challenge resolution. + items: + type: string + type: array + issuanceConfigRef: + description: |- + Only the `external` field is supported to configure the reference. + + Immutable. The resource name for a CertificateIssuanceConfig used to configure private PKI certificates in the format projects/*/locations/*/certificateIssuanceConfigs/*. + If this field is not set, the certificates will instead be publicly signed as documented at https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs#caa. + Either issuanceConfig or dnsAuthorizations should be specified, but not both. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/certificateIssuanceConfigs/{{name}}`, + where {{value}} is the `name` field of a `CertificateManagerCertificateIssuanceConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + provisioningIssue: + description: Information about issues with provisioning this Managed + Certificate. + items: + properties: + details: + description: |- + Human readable explanation about the issue. Provided to help address + the configuration issues. + Not guaranteed to be stable. For programmatic access use 'reason' field. + type: string + reason: + description: Reason for provisioning failures. + type: string + type: object + type: array + state: + description: A state of this Managed Certificate. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + scope: + description: |- + Immutable. The scope of the certificate. + + DEFAULT: Certificates with default scope are served from core Google data centers. + If unsure, choose this option. + + EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, + served from non-core Google data centers. + + ALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs). + see https://cloud.google.com/compute/docs/regions-zones. + type: string + selfManaged: + description: |- + Immutable. Certificate data for a SelfManaged Certificate. + SelfManaged Certificates are uploaded by the user. Updating such + certificates before they expire remains the user's responsibility. + properties: + certificatePem: + description: |- + DEPRECATED. `certificate_pem` is deprecated. Use `pem_certificate` instead. Immutable. The certificate chain in PEM-encoded form. + + Leaf certificate comes first, followed by intermediate ones if any. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + pemCertificate: + description: |- + Immutable. The certificate chain in PEM-encoded form. + + Leaf certificate comes first, followed by intermediate ones if any. + type: string + pemPrivateKey: + description: Immutable. The private key of the leaf certificate + in PEM-encoded form. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + privateKeyPem: + description: DEPRECATED. `private_key_pem` is deprecated. Use + `pem_private_key` instead. Immutable. The private key of the + leaf certificate in PEM-encoded form. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + type: object + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: certificatemanagerdnsauthorizations.certificatemanager.cnrm.cloud.google.com +spec: + group: certificatemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CertificateManagerDNSAuthorization + listKind: CertificateManagerDNSAuthorizationList + plural: certificatemanagerdnsauthorizations + shortNames: + - gcpcertificatemanagerdnsauthorization + - gcpcertificatemanagerdnsauthorizations + singular: certificatemanagerdnsauthorization + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: CertificateManagerDNSAuthorization is the Schema for the CertificateManagerDNSAuthorization + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CertificateManagerDNSAuthorizationSpec defines the desired + state of CertificateManagerDNSAuthorization + properties: + description: + description: A human-readable description of the resource. + type: string + domain: + description: Immutable. A domain which is being authorized. A DnsAuthorization + resource covers a single domain and its wildcard, e.g. authorization + for "example.com" can be used to issue certificates for "example.com" + and "*.example.com". + type: string + x-kubernetes-validations: + - message: Domain field is immutable + rule: self == oldSelf + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + required: + - domain + - projectRef + type: object + status: + description: CertificateManagerDNSAuthorizationStatus defines the config + connector machine state of CertificateManagerDNSAuthorization + properties: + conditions: + description: Conditions represent the latest available observations + of the CertificateManagerDNSAuthorization's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + dnsResourceRecord: + description: The structure describing the DNS Resource Record that + needs to be added to DNS configuration for the authorization to + be usable by certificate. + items: + properties: + data: + description: Data of the DNS Resource Record. + type: string + name: + description: Fully qualified name of the DNS Resource Record. + E.g. '_acme-challenge.example.com'. + type: string + type: + description: Type of the DNS Resource Record. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: CertificateManagerDNSAuthorization is the Schema for the CertificateManagerDNSAuthorization + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CertificateManagerDNSAuthorizationSpec defines the desired + state of CertificateManagerDNSAuthorization + properties: + description: + description: A human-readable description of the resource. + type: string + domain: + description: Immutable. A domain which is being authorized. A DnsAuthorization + resource covers a single domain and its wildcard, e.g. authorization + for "example.com" can be used to issue certificates for "example.com" + and "*.example.com". + type: string + x-kubernetes-validations: + - message: Domain field is immutable + rule: self == oldSelf + location: + description: Immutable. Optional. Location represents the geographical + location of the DnsAuthorization. If not specified, "global" is + used. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + required: + - domain + - projectRef + type: object + status: + description: CertificateManagerDNSAuthorizationStatus defines the config + connector machine state of CertificateManagerDNSAuthorization + properties: + conditions: + description: Conditions represent the latest available observations + of the CertificateManagerDNSAuthorization's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + dnsResourceRecord: + description: The structure describing the DNS Resource Record that + needs to be added to DNS configuration for the authorization to + be usable by certificate. + items: + properties: + data: + description: Output only. Data of the DNS Resource Record. + type: string + name: + description: Output only. Fully qualified name of the DNS Resource + Record. e.g. `_acme-challenge.example.com` + type: string + type: + description: Output only. Type of the DNS Resource Record. Currently + always set to "CNAME". + type: string + type: object + type: array + externalRef: + description: A unique specifier for the CertificateManagerDNSAuthorization + resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudassetfolderfeeds.cloudasset.cnrm.cloud.google.com +spec: + group: cloudasset.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudAssetFolderFeed + plural: cloudassetfolderfeeds + shortNames: + - gcpcloudassetfolderfeed + - gcpcloudassetfolderfeeds + singular: cloudassetfolderfeed + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + assetNames: + description: |- + A list of the full names of the assets to receive updates. You must specify either or both of + assetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are + exported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1. + See https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info. + items: + type: string + type: array + assetTypes: + description: |- + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + items: + type: string + type: array + billingProject: + description: |- + Immutable. The project whose identity will be used when sending messages to the + destination pubsub topic. It also specifies the project for API + enablement check, quota, and billing. + type: string + condition: + description: |- + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: |- + String indicating the location of the expression for error reporting, e.g. a file + name and a position in the file. + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression + type: object + contentType: + description: 'Asset content type. If not specified, no content but + the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", + "RESOURCE", "IAM_POLICY", "ORG_POLICY", "OS_INVENTORY", "ACCESS_POLICY"].' + type: string + feedId: + description: Immutable. This is the client-assigned asset feed identifier + and it needs to be unique under a specific parent. + type: string + feedOutputConfig: + description: Output configuration for asset feed destination. + properties: + pubsubDestination: + description: Destination on Cloud Pubsub. + properties: + topic: + description: Destination on Cloud Pubsub topic. + type: string + required: + - topic + type: object + required: + - pubsubDestination + type: object + folder: + description: Immutable. The folder this feed should be created in. + type: string + folderRef: + description: The folder that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Folder` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - billingProject + - feedId + - feedOutputConfig + - folder + - folderRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + folderId: + description: |- + The ID of the folder where this feed has been created. Both [FOLDER_NUMBER] + and folders/[FOLDER_NUMBER] are accepted. + type: string + name: + description: The format will be folders/{folder_number}/feeds/{client-assigned_feed_identifier}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudassetorganizationfeeds.cloudasset.cnrm.cloud.google.com +spec: + group: cloudasset.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudAssetOrganizationFeed + plural: cloudassetorganizationfeeds + shortNames: + - gcpcloudassetorganizationfeed + - gcpcloudassetorganizationfeeds + singular: cloudassetorganizationfeed + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + assetNames: + description: |- + A list of the full names of the assets to receive updates. You must specify either or both of + assetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are + exported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1. + See https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info. + items: + type: string + type: array + assetTypes: + description: |- + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + items: + type: string + type: array + billingProject: + description: |- + Immutable. The project whose identity will be used when sending messages to the + destination pubsub topic. It also specifies the project for API + enablement check, quota, and billing. + type: string + condition: + description: |- + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: |- + String indicating the location of the expression for error reporting, e.g. a file + name and a position in the file. + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression + type: object + contentType: + description: 'Asset content type. If not specified, no content but + the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", + "RESOURCE", "IAM_POLICY", "ORG_POLICY", "OS_INVENTORY", "ACCESS_POLICY"].' + type: string + feedId: + description: Immutable. This is the client-assigned asset feed identifier + and it needs to be unique under a specific parent. + type: string + feedOutputConfig: + description: Output configuration for asset feed destination. + properties: + pubsubDestination: + description: Destination on Cloud Pubsub. + properties: + topic: + description: Destination on Cloud Pubsub topic. + type: string + required: + - topic + type: object + required: + - pubsubDestination + type: object + organizationRef: + description: The organization that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - billingProject + - feedId + - feedOutputConfig + - organizationRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The format will be organizations/{organization_number}/feeds/{client-assigned_feed_identifier}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudassetprojectfeeds.cloudasset.cnrm.cloud.google.com +spec: + group: cloudasset.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudAssetProjectFeed + plural: cloudassetprojectfeeds + shortNames: + - gcpcloudassetprojectfeed + - gcpcloudassetprojectfeeds + singular: cloudassetprojectfeed + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + assetNames: + description: |- + A list of the full names of the assets to receive updates. You must specify either or both of + assetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are + exported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1. + See https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info. + items: + type: string + type: array + assetTypes: + description: |- + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + items: + type: string + type: array + billingProject: + description: |- + Immutable. The project whose identity will be used when sending messages to the + destination pubsub topic. It also specifies the project for API + enablement check, quota, and billing. If not specified, the resource's + project will be used. + type: string + condition: + description: |- + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: |- + String indicating the location of the expression for error reporting, e.g. a file + name and a position in the file. + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression + type: object + contentType: + description: 'Asset content type. If not specified, no content but + the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", + "RESOURCE", "IAM_POLICY", "ORG_POLICY", "OS_INVENTORY", "ACCESS_POLICY"].' + type: string + feedId: + description: Immutable. This is the client-assigned asset feed identifier + and it needs to be unique under a specific parent. + type: string + feedOutputConfig: + description: Output configuration for asset feed destination. + properties: + pubsubDestination: + description: Destination on Cloud Pubsub. + properties: + topic: + description: Destination on Cloud Pubsub topic. + type: string + required: + - topic + type: object + required: + - pubsubDestination + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - feedId + - feedOutputConfig + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The format will be projects/{projectNumber}/feeds/{client-assigned_feed_identifier}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudbuildtriggers.cloudbuild.cnrm.cloud.google.com +spec: + group: cloudbuild.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudBuildTrigger + plural: cloudbuildtriggers + shortNames: + - gcpcloudbuildtrigger + - gcpcloudbuildtriggers + singular: cloudbuildtrigger + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + approvalConfig: + description: |- + Configuration for manual approval to start a build invocation of this BuildTrigger. + Builds created by this trigger will require approval before they execute. + Any user with a Cloud Build Approver role for the project can approve a build. + properties: + approvalRequired: + description: |- + Whether or not approval is needed. If this is set on a build, it will become pending when run, + and will need to be explicitly approved to start. + type: boolean + type: object + bitbucketServerTriggerConfig: + description: BitbucketServerTriggerConfig describes the configuration + of a trigger that creates a build whenever a Bitbucket Server event + is received. + properties: + bitbucketServerConfigResourceRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the bitbucket server config. Format: + projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildBitbucketServerConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectKey: + description: 'Key of the project that the repo is in. For example: + The key for https://mybitbucket.server/projects/TEST/repos/test-repo + is "TEST".' + type: string + pullRequest: + description: Filter to match changes in pull requests. + properties: + branch: + description: |- + Regex of branches to match. + The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + commentControl: + description: 'Configure builds to run whether a repository + owner or collaborator need to comment /gcbrun. Possible + values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + required: + - branch + type: object + push: + description: Filter to match changes in refs like branches, tags. + properties: + branch: + description: Regex of branches to match. Specify only one + of branch or tag. + type: string + invertRegex: + description: When true, only trigger a build if the revision + regex does NOT match the gitRef regex. + type: boolean + tag: + description: Regex of tags to match. Specify only one of + branch or tag. + type: string + type: object + repoSlug: + description: |- + Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL. + For example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo. + type: string + required: + - bitbucketServerConfigResourceRef + - projectKey + - repoSlug + type: object + build: + description: Contents of the build template. Either a filename or + build template must be provided. + properties: + artifacts: + description: Artifacts produced by the build that should be uploaded + upon successful completion of all build steps. + properties: + images: + description: |- + A list of images to be pushed upon the successful completion of all build steps. + + The images will be pushed using the builder service account's credentials. + + The digests of the pushed images will be stored in the Build resource's results field. + + If any of the images fail to be pushed, the build is marked FAILURE. + items: + type: string + type: array + objects: + description: |- + A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. + + Files in the workspace matching specified paths globs will be uploaded to the + Cloud Storage location using the builder service account's credentials. + + The location and generation of the uploaded objects will be stored in the Build resource's results field. + + If any objects fail to be pushed, the build is marked FAILURE. + properties: + location: + description: |- + Cloud Storage bucket and optional object path, in the form "gs://bucket/path/to/somewhere/". + + Files in the workspace matching any path pattern will be uploaded to Cloud Storage with + this location as a prefix. + type: string + paths: + description: Path globs used to match files in the build's + workspace. + items: + type: string + type: array + timing: + description: Output only. Stores timing information for + pushing all artifact objects. + items: + properties: + endTime: + description: |- + End of time span. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + startTime: + description: |- + Start of time span. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + type: array + type: object + type: object + availableSecrets: + description: Secrets and secret environment variables. + properties: + secretManager: + description: Pairs a secret environment variable with a SecretVersion + in Secret Manager. + items: + properties: + env: + description: |- + Environment variable name to associate with the secret. Secret environment + variables must be unique across all of a build's secrets, and must be used + by at least one build step. + type: string + versionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of + a `SecretManagerSecretVersion` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - env + - versionRef + type: object + type: array + required: + - secretManager + type: object + images: + description: |- + A list of images to be pushed upon the successful completion of all build steps. + The images are pushed using the builder service account's credentials. + The digests of the pushed images will be stored in the Build resource's results field. + If any of the images fail to be pushed, the build status is marked FAILURE. + items: + type: string + type: array + logsBucketRef: + description: |- + Google Cloud Storage bucket where logs should be written. Logs file + names will be of the format ${logsBucket}/log-${build_id}.txt. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `url` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + options: + description: Special options for this build. + properties: + diskSizeGb: + description: |- + Requested disk size for the VM that runs the build. Note that this is NOT "disk free"; + some of the space will be used by the operating system and build utilities. + Also note that this is the minimum disk size that will be allocated for the build -- + the build may run with a larger disk than requested. At present, the maximum disk size + is 1000GB; builds that request more than the maximum are rejected with an error. + type: integer + dynamicSubstitutions: + description: |- + Option to specify whether or not to apply bash style string operations to the substitutions. + + NOTE this is always enabled for triggered builds and cannot be overridden in the build configuration file. + type: boolean + env: + description: |- + A list of global environment variable definitions that will exist for all build steps + in this build. If a variable is defined in both globally and in a build step, + the variable will use the build step value. + + The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE". + items: + type: string + type: array + logStreamingOption: + description: 'Option to define build log streaming behavior + to Google Cloud Storage. Possible values: ["STREAM_DEFAULT", + "STREAM_ON", "STREAM_OFF"].' + type: string + logging: + description: 'Option to specify the logging mode, which determines + if and where build logs are stored. Possible values: ["LOGGING_UNSPECIFIED", + "LEGACY", "GCS_ONLY", "STACKDRIVER_ONLY", "CLOUD_LOGGING_ONLY", + "NONE"].' + type: string + machineType: + description: Compute Engine machine type on which to run the + build. + type: string + requestedVerifyOption: + description: 'Requested verifiability options. Possible values: + ["NOT_VERIFIED", "VERIFIED"].' + type: string + secretEnv: + description: |- + A list of global environment variables, which are encrypted using a Cloud Key Management + Service crypto key. These values must be specified in the build's Secret. These variables + will be available to all build steps in this build. + items: + type: string + type: array + sourceProvenanceHash: + description: 'Requested hash for SourceProvenance. Possible + values: ["NONE", "SHA256", "MD5"].' + items: + type: string + type: array + substitutionOption: + description: |- + Option to specify behavior when there is an error in the substitution checks. + + NOTE this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden + in the build configuration file. Possible values: ["MUST_MATCH", "ALLOW_LOOSE"]. + type: string + volumes: + description: |- + Global list of volumes to mount for ALL build steps + + Each volume is created as an empty volume prior to starting the build process. + Upon completion of the build, volumes and their contents are discarded. Global + volume names and paths cannot conflict with the volumes defined a build step. + + Using a global volume in a build with only one step is not valid as it is indicative + of a build request with an incorrect configuration. + items: + properties: + name: + description: |- + Name of the volume to mount. + + Volume names must be unique per build step and must be valid names for Docker volumes. + Each named volume must be used by at least two build steps. + type: string + path: + description: |- + Path at which to mount the volume. + + Paths must be absolute and cannot conflict with other volume paths on the same + build step or with certain reserved volume paths. + type: string + type: object + type: array + workerPool: + description: |- + Option to specify a WorkerPool for the build. Format projects/{project}/workerPools/{workerPool} + + This field is experimental. + type: string + type: object + queueTtl: + description: |- + TTL in queue for this build. If provided and the build is enqueued longer than this value, + the build will expire and the build status will be EXPIRED. + The TTL starts ticking from createTime. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + secret: + description: Secrets to decrypt using Cloud Key Management Service. + items: + properties: + kmsKeyRef: + description: KMS crypto key to use to decrypt these envs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + secretEnv: + additionalProperties: + type: string + description: |- + Map of environment variable name to its encrypted value. + Secret environment variables must be unique across all of a build's secrets, + and must be used by at least one build step. Values can be at most 64 KB in size. + There can be at most 100 secret values across all of a build's secrets. + type: object + required: + - kmsKeyRef + type: object + type: array + source: + description: |- + The location of the source files to build. + + One of 'storageSource' or 'repoSource' must be provided. + properties: + repoSource: + description: Location of the source in a Google Cloud Source + Repository. + properties: + branchName: + description: |- + Regex matching branches to build. Exactly one a of branch name, tag, or commit SHA must be provided. + The syntax of the regular expressions accepted is the syntax accepted by RE2 and + described at https://github.com/google/re2/wiki/Syntax. + type: string + commitSha: + description: Explicit commit SHA to build. Exactly one + a of branch name, tag, or commit SHA must be provided. + type: string + dir: + description: |- + Directory, relative to the source root, in which to run the build. + This must be a relative path. If a step's dir is specified and is an absolute path, + this value is ignored for that step's execution. + type: string + invertRegex: + description: Only trigger a build if the revision regex + does NOT match the revision regex. + type: boolean + projectId: + description: |- + ID of the project that owns the Cloud Source Repository. + If omitted, the project ID requesting the build is assumed. + type: string + repoRef: + description: |- + The desired Cloud Source Repository. If omitted, "default" is + assumed. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a + `SourceRepoRepository` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + substitutions: + additionalProperties: + type: string + description: Substitutions to use in a triggered build. + Should only be used with triggers.run. + type: object + tagName: + description: |- + Regex matching tags to build. Exactly one a of branch name, tag, or commit SHA must be provided. + The syntax of the regular expressions accepted is the syntax accepted by RE2 and + described at https://github.com/google/re2/wiki/Syntax. + type: string + required: + - repoRef + type: object + storageSource: + description: Location of the source in an archive file in + Google Cloud Storage. + properties: + bucketRef: + description: Google Cloud Storage bucket containing the + source. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a + `StorageBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + generation: + description: |- + Google Cloud Storage generation for the object. + If the generation is omitted, the latest generation will be used. + type: string + object: + description: |- + Google Cloud Storage object containing the source. + This object must be a gzipped archive file (.tar.gz) containing source to build. + type: string + required: + - bucketRef + - object + type: object + type: object + step: + description: The operations to be performed on the workspace. + items: + properties: + allowExitCodes: + description: |- + Allow this build step to fail without failing the entire build if and + only if the exit code is one of the specified codes. + + If 'allowFailure' is also specified, this field will take precedence. + items: + type: integer + type: array + allowFailure: + description: |- + Allow this build step to fail without failing the entire build. + If false, the entire build will fail if this step fails. Otherwise, the + build will succeed, but this step will still have a failure status. + Error information will be reported in the 'failureDetail' field. + + 'allowExitCodes' takes precedence over this field. + type: boolean + args: + description: |- + A list of arguments that will be presented to the step when it is started. + + If the image used to run the step's container has an entrypoint, the args + are used as arguments to that entrypoint. If the image does not define an + entrypoint, the first element in args is used as the entrypoint, and the + remainder will be used as arguments. + items: + type: string + type: array + dir: + description: |- + Working directory to use when running this step's container. + + If this value is a relative path, it is relative to the build's working + directory. If this value is absolute, it may be outside the build's working + directory, in which case the contents of the path may not be persisted + across build step executions, unless a 'volume' for that path is specified. + + If the build specifies a 'RepoSource' with 'dir' and a step with a + 'dir', + which specifies an absolute path, the 'RepoSource' 'dir' is ignored + for the step's execution. + type: string + entrypoint: + description: |- + Entrypoint to be used instead of the build step image's + default entrypoint. + If unset, the image's default entrypoint is used. + type: string + env: + description: |- + A list of environment variable definitions to be used when + running a step. + + The elements are of the form "KEY=VALUE" for the environment variable + "KEY" being given the value "VALUE". + items: + type: string + type: array + id: + description: |- + Unique identifier for this build step, used in 'wait_for' to + reference this build step as a dependency. + type: string + name: + description: |- + The name of the container image that will run this particular build step. + + If the image is available in the host's Docker daemon's cache, it will be + run directly. If not, the host will attempt to pull the image first, using + the builder service account's credentials if necessary. + + The Docker daemon's cache will already have the latest versions of all of + the officially supported build steps (see https://github.com/GoogleCloudPlatform/cloud-builders + for images and examples). + The Docker daemon will also have cached many of the layers for some popular + images, like "ubuntu", "debian", but they will be refreshed at the time + you attempt to use them. + + If you built an image in a previous build step, it will be stored in the + host's Docker daemon's cache and is available to use as the name for a + later build step. + type: string + script: + description: |- + A shell script to be executed in the step. + When script is provided, the user cannot specify the entrypoint or args. + type: string + secretEnv: + description: |- + A list of environment variables which are encrypted using + a Cloud Key + Management Service crypto key. These values must be specified in + the build's 'Secret'. + items: + type: string + type: array + timeout: + description: |- + Time limit for executing this build step. If not defined, + the step has no + time limit and will be allowed to continue to run until either it + completes or the build itself times out. + type: string + timing: + description: |- + Output only. Stores timing information for executing this + build step. + type: string + volumes: + description: |- + List of volumes to mount into the build step. + + Each volume is created as an empty volume prior to execution of the + build step. Upon completion of the build, volumes and their contents + are discarded. + + Using a named volume in only one step is not valid as it is + indicative of a build request with an incorrect configuration. + items: + properties: + name: + description: |- + Name of the volume to mount. + + Volume names must be unique per build step and must be valid names for + Docker volumes. Each named volume must be used by at least two build steps. + type: string + path: + description: |- + Path at which to mount the volume. + + Paths must be absolute and cannot conflict with other volume paths on + the same build step or with certain reserved volume paths. + type: string + required: + - name + - path + type: object + type: array + waitFor: + description: |- + The ID(s) of the step(s) that this build step depends on. + + This build step will not start until all the build steps in 'wait_for' + have completed successfully. If 'wait_for' is empty, this build step + will start when all previous build steps in the 'Build.Steps' list + have completed successfully. + items: + type: string + type: array + required: + - name + type: object + type: array + substitutions: + additionalProperties: + type: string + description: Substitutions data for Build resource. + type: object + tags: + description: Tags for annotation of a Build. These are not docker + tags. + items: + type: string + type: array + timeout: + description: |- + Amount of time that this build should be allowed to run, to second granularity. + If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT. + This timeout must be equal to or greater than the sum of the timeouts for build steps within the build. + The expected format is the number of seconds followed by s. + Default time is ten minutes (600s). + type: string + required: + - step + type: object + description: + description: Human-readable description of the trigger. + type: string + disabled: + description: Whether the trigger is disabled or not. If true, the + trigger will never result in a build. + type: boolean + filename: + description: |- + Path, from the source root, to a file whose contents is used for the template. + Either a filename or build template must be provided. Set this only when using trigger_template or github. + When using Pub/Sub, Webhook or Manual set the file name using git_file_source instead. + type: string + filter: + description: A Common Expression Language string. Used only with Pub/Sub + and Webhook. + type: string + gitFileSource: + description: The file source describing the local or remote Build + template. + properties: + bitbucketServerConfigRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the bitbucket server config. Format: + projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildBitbucketServerConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + githubEnterpriseConfigRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + path: + description: The path of the file, with the repo root as the root + of the path. + type: string + repoType: + description: |- + The type of the repo, since it may not be explicit from the repo field (e.g from a URL). + Values can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: ["UNKNOWN", "CLOUD_SOURCE_REPOSITORIES", "GITHUB", "BITBUCKET_SERVER"]. + type: string + repositoryRef: + description: |- + Only `external` field is supported to configure the reference. + + The fully qualified resource name of the Repo API repository. The fully qualified resource name of the Repo API repository. + If unspecified, the repo from which the trigger invocation originated is assumed to be the repo from which to read the specified path. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildV2Repository` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + revision: + description: |- + The branch, tag, arbitrary ref, or SHA version of the repo to use when resolving the + filename (optional). This field respects the same syntax/resolution as described here: https://git-scm.com/docs/gitrevisions + If unspecified, the revision from which the trigger invocation originated is assumed to be the revision from which to read the specified path. + type: string + uri: + description: |- + The URI of the repo (optional). If unspecified, the repo from which the trigger + invocation originated is assumed to be the repo from which to read the specified path. + type: string + required: + - path + - repoType + type: object + github: + description: |- + Describes the configuration of a trigger that creates a build whenever a GitHub event is received. + + One of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided. + properties: + enterpriseConfigResourceNameRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: |- + Name of the repository. For example: The name for + https://github.com/googlecloudplatform/cloud-builders is "cloud-builders". + type: string + owner: + description: |- + Owner of the repository. For example: The owner for + https://github.com/googlecloudplatform/cloud-builders is "googlecloudplatform". + type: string + pullRequest: + description: filter to match changes in pull requests. Specify + only one of 'pull_request' or 'push'. + properties: + branch: + description: Regex of branches to match. + type: string + commentControl: + description: 'Whether to block builds on a "/gcbrun" comment + from a repository owner or collaborator. Possible values: + ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + required: + - branch + type: object + push: + description: filter to match changes in refs, like branches or + tags. Specify only one of 'pull_request' or 'push'. + properties: + branch: + description: Regex of branches to match. Specify only one + of branch or tag. + type: string + invertRegex: + description: When true, only trigger a build if the revision + regex does NOT match the git_ref regex. + type: boolean + tag: + description: Regex of tags to match. Specify only one of + branch or tag. + type: string + type: object + type: object + ignoredFiles: + description: |- + ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match + extended with support for '**'. + + If ignoredFiles and changed files are both empty, then they are not + used to determine whether or not to trigger a build. + + If ignoredFiles is not empty, then we ignore any files that match any + of the ignored_file globs. If the change has no files that are outside + of the ignoredFiles globs, then we do not trigger a build. + items: + type: string + type: array + includeBuildLogs: + description: |- + Build logs will be sent back to GitHub as part of the checkrun + result. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or + INCLUDE_BUILD_LOGS_WITH_STATUS Possible values: ["INCLUDE_BUILD_LOGS_UNSPECIFIED", "INCLUDE_BUILD_LOGS_WITH_STATUS"]. + type: string + includedFiles: + description: |- + ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match + extended with support for '**'. + + If any of the files altered in the commit pass the ignoredFiles filter + and includedFiles is empty, then as far as this filter is concerned, we + should trigger the build. + + If any of the files altered in the commit pass the ignoredFiles filter + and includedFiles is not empty, then we make sure that at least one of + those files matches a includedFiles glob. If not, then we do not trigger + a build. + items: + type: string + type: array + location: + description: 'Immutable. The location of the Cloud Build trigger. + If not specified, "global" is used. More info: cloud.google.com/build/docs/locations.' + type: string + pubsubConfig: + description: |- + PubsubConfig describes the configuration of a trigger that creates + a build whenever a Pub/Sub message is published. + + One of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided. + properties: + serviceAccountRef: + description: Service account that will make the push request. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + state: + description: |- + Potential issues with the underlying Pub/Sub subscription configuration. + Only populated on get requests. + type: string + subscription: + description: Output only. Name of the subscription. + type: string + topicRef: + description: |- + The name of the topic from which this subscription + is receiving messages. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + repositoryEventConfig: + description: The configuration of a trigger that creates a build whenever + an event from Repo API is received. + properties: + pullRequest: + description: Contains filter properties for matching Pull Requests. + properties: + branch: + description: |- + Regex of branches to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + commentControl: + description: 'Configure builds to run whether a repository + owner or collaborator need to comment ''/gcbrun''. Possible + values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + type: object + push: + description: Contains filter properties for matching git pushes. + properties: + branch: + description: |- + Regex of branches to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + invertRegex: + description: If true, only trigger a build if the revision + regex does NOT match the git_ref regex. + type: boolean + tag: + description: |- + Regex of tags to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + type: object + repository: + description: The resource name of the Repo API resource. + type: string + type: object + serviceAccountRef: + description: |- + The service account used for all user-controlled operations including + triggers.patch, triggers.run, builds.create, and builds.cancel. + + If no service account is set, then the standard Cloud Build service account + ([PROJECT_NUM]@system.gserviceaccount.com) will be used instead. + + When populating via the external field, the following format is supported: + projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL} + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/serviceAccounts/{{value}}`, + where {{value}} is the `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceToBuild: + description: |- + The repo and ref of the repository from which to build. + This field is used only for those triggers that do not respond to SCM events. + Triggers that respond to such events build source at whatever commit caused the event. + This field is currently only used by Webhook, Pub/Sub, Manual, and Cron triggers. + + One of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided. + properties: + bitbucketServerConfigRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the bitbucket server config. Format: + projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildBitbucketServerConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + githubEnterpriseConfigRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ref: + description: The branch or tag to use. Must start with "refs/" + (required). + type: string + repoType: + description: |- + The type of the repo, since it may not be explicit from the repo field (e.g from a URL). + Values can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: ["UNKNOWN", "CLOUD_SOURCE_REPOSITORIES", "GITHUB", "BITBUCKET_SERVER"]. + type: string + repositoryRef: + description: |- + Only `external` field is supported to configure the reference. + + The qualified resource name of the Repo API repository. + Either uri or repository can be specified and is required. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildV2Repository` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + uri: + description: The URI of the repo. + type: string + required: + - ref + - repoType + type: object + substitutions: + additionalProperties: + type: string + description: Substitutions data for Build resource. + type: object + tags: + description: Tags for annotation of a BuildTrigger. + items: + type: string + type: array + triggerTemplate: + description: |- + Template describing the types of source changes to trigger a build. + + Branch and tag names in trigger templates are interpreted as regular + expressions. Any branch or tag change that matches that regular + expression will trigger a build. + + One of 'trigger_template', 'github', 'pubsub_config', 'webhook_config' or 'source_to_build' must be provided. + properties: + branchName: + description: |- + Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided. + This field is a regular expression. + type: string + commitSha: + description: Explicit commit SHA to build. Exactly one of a branch + name, tag, or commit SHA must be provided. + type: string + dir: + description: |- + Directory, relative to the source root, in which to run the build. + + This must be a relative path. If a step's dir is specified and + is an absolute path, this value is ignored for that step's + execution. + type: string + invertRegex: + description: Only trigger a build if the revision regex does NOT + match the revision regex. + type: boolean + repoRef: + description: |- + The Cloud Source Repository to build. If omitted, the repo with + name "default" is assumed. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SourceRepoRepository` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tagName: + description: |- + Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided. + This field is a regular expression. + type: string + type: object + webhookConfig: + description: |- + WebhookConfig describes the configuration of a trigger that creates + a build whenever a webhook is sent to a trigger's webhook URL. + + One of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided. + properties: + secretRef: + description: The secret required + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SecretManagerSecretVersion` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + state: + description: |- + Potential issues with the underlying Pub/Sub subscription configuration. + Only populated on get requests. + type: string + required: + - secretRef + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time when the trigger was created. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + triggerId: + description: The unique identifier for the trigger. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: beta + name: cloudbuildworkerpools.cloudbuild.cnrm.cloud.google.com +spec: + group: cloudbuild.cnrm.cloud.google.com + names: + kind: CloudBuildWorkerPool + listKind: CloudBuildWorkerPoolList + plural: cloudbuildworkerpools + singular: cloudbuildworkerpool + preserveUnknownFields: false + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: CloudBuildWorkerPool is the Schema for the CloudBuild WorkerPool + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CloudBuildWorkerPoolSpec defines the desired state of Instance + properties: + displayName: + type: string + location: + type: string + name: + type: string + privatePoolV1Config: + properties: + networkConfig: + properties: + egressOption: + type: string + peeredNetworkIPRange: + type: string + peeredNetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed Compute + Network resource. Should be in the format `projects//global/networks/`. + type: string + name: + description: The `name` field of a `ComputeNetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeNetwork` + resource. + type: string + type: object + required: + - peeredNetworkRef + type: object + workerConfig: + properties: + diskSizeGb: + format: int64 + type: integer + machineType: + type: string + type: object + required: + - workerConfig + type: object + projectRef: + description: The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + type: string + required: + - location + - privatePoolV1Config + - projectRef + type: object + status: + description: CloudBuildWorkerPoolStatus defines the observed state of + Instance + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + createTime: + description: The creation timestamp of the workerpool. + format: date-time + type: string + networkConfig: + properties: + egressOption: + type: string + peeredNetwork: + type: string + peeredNetworkIPRange: + type: string + type: object + updateTime: + description: The last update timestamp of the workerpool. + format: date-time + type: string + workerConfig: + properties: + diskSizeGb: + format: int64 + type: integer + machineType: + type: string + type: object + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: CloudBuildWorkerPool is the Schema for the CloudBuild WorkerPool + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CloudBuildWorkerPoolSpec defines the desired state of Instance + properties: + displayName: + description: A user-specified, human-readable name for the `WorkerPool`. + If provided, this value must be 1-63 characters. + type: string + location: + type: string + privatePoolV1Config: + description: Legacy Private Pool configuration. + properties: + networkConfig: + description: Network configuration for the pool. + properties: + egressOption: + description: Option to configure network egress for the workers. + type: string + peeredNetworkIPRange: + description: Immutable. Subnet IP range within the peered + network. This is specified in CIDR notation with a slash + and the subnet prefix size. You can optionally specify an + IP address before the subnet prefix value. e.g. `192.168.0.0/29` + would specify an IP range starting at 192.168.0.0 with a + prefix size of 29 bits. `/16` would specify a prefix size + of 16 bits, with an automatically determined IP within the + peered VPC. If unspecified, a value of `/24` will be used. + type: string + x-kubernetes-validations: + - message: the field is immutable + rule: self == oldSelf + peeredNetworkRef: + description: Immutable. The network definition that the workers + are peered to. If this section is left empty, the workers + will be peered to `WorkerPool.project_id` on the service + producer network. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed Compute + Network resource. Should be in the format `projects//global/networks/`. + type: string + name: + description: The `name` field of a `ComputeNetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeNetwork` + resource. + type: string + type: object + x-kubernetes-validations: + - message: the field is immutable + rule: self == oldSelf + type: object + workerConfig: + description: Machine configuration for the workers in the pool. + properties: + diskSizeGb: + description: Size of the disk attached to the worker, in GB. + See [Worker pool config file](https://cloud.google.com/build/docs/private-pools/worker-pool-config-file-schema). + Specify a value of up to 2000. If `0` is specified, Cloud + Build will use a standard disk size. + format: int64 + type: integer + machineType: + description: Machine type of a worker, such as `e2-medium`. + See [Worker pool config file](https://cloud.google.com/build/docs/private-pools/worker-pool-config-file-schema). + If left blank, Cloud Build will use a sensible default. + type: string + type: object + required: + - workerConfig + type: object + projectRef: + description: The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: The GCP resource identifier. If not given, the metadata.name + will be used. + type: string + required: + - location + - privatePoolV1Config + - projectRef + type: object + status: + description: CloudBuildWorkerPoolStatus defines the observed state of + Instance + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique Config Connector specifier for the resource + in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + createTime: + description: The creation timestamp of the workerpool. + format: date-time + type: string + etag: + description: The Checksum computed by the server, using weak indicator. + type: string + networkConfig: + description: Network configuration for the pool. + properties: + egressOption: + description: Option to configure network egress for the workers. + type: string + peeredNetwork: + description: Immutable. The network definition that the workers + are peered to. If this section is left empty, the workers + will be peered to `WorkerPool.project_id` on the service + producer network. + type: string + peeredNetworkIPRange: + description: Immutable. Subnet IP range within the peered + network. This is specified in CIDR notation with a slash + and the subnet prefix size. You can optionally specify an + IP address before the subnet prefix value. e.g. `192.168.0.0/29` + would specify an IP range starting at 192.168.0.0 with a + prefix size of 29 bits. `/16` would specify a prefix size + of 16 bits, with an automatically determined IP within the + peered VPC. If unspecified, a value of `/24` will be used. + type: string + type: object + updateTime: + description: The last update timestamp of the workerpool. + format: date-time + type: string + workerConfig: + description: Machine configuration for the workers in the pool. + properties: + diskSizeGb: + description: Size of the disk attached to the worker, in GB. + See [Worker pool config file](https://cloud.google.com/build/docs/private-pools/worker-pool-config-file-schema). + Specify a value of up to 2000. If `0` is specified, Cloud + Build will use a standard disk size. + format: int64 + type: integer + machineType: + description: Machine type of a worker, such as `e2-medium`. + See [Worker pool config file](https://cloud.google.com/build/docs/private-pools/worker-pool-config-file-schema). + If left blank, Cloud Build will use a sensible default. + type: string + type: object + required: + - workerConfig + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudfunctions2functions.cloudfunctions2.cnrm.cloud.google.com +spec: + group: cloudfunctions2.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudFunctions2Function + plural: cloudfunctions2functions + shortNames: + - gcpcloudfunctions2function + - gcpcloudfunctions2functions + singular: cloudfunctions2function + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + buildConfig: + description: |- + Describes the Build step of the function that builds a container + from the given source. + properties: + build: + description: |- + The Cloud Build name of the latest successful + deployment of the function. + type: string + dockerRepository: + description: User managed repository created in Artifact Registry + optionally with a customer managed encryption key. + type: string + entryPoint: + description: |- + The name of the function (as defined in source code) that will be executed. + Defaults to the resource name suffix, if not specified. For backward + compatibility, if function with given name is not found, then the system + will try to use function named "function". For Node.js this is name of a + function exported by the module specified in source_location. + type: string + environmentVariables: + additionalProperties: + type: string + description: User-provided build-time environment variables for + the function. + type: object + runtime: + description: |- + The runtime in which to run the function. Required when deploying a new + function, optional when updating an existing function. + type: string + source: + description: The location of the function source code. + properties: + repoSource: + description: If provided, get the source from this location + in a Cloud Source Repository. + properties: + branchName: + description: Regex matching branches to build. + type: string + commitSha: + description: Regex matching tags to build. + type: string + dir: + description: Directory, relative to the source root, in + which to run the build. + type: string + invertRegex: + description: |- + Only trigger a build if the revision regex does + NOT match the revision regex. + type: boolean + projectId: + description: |- + Immutable. ID of the project that owns the Cloud Source Repository. If omitted, the + project ID requesting the build is assumed. + type: string + repoName: + description: Name of the Cloud Source Repository. + type: string + tagName: + description: Regex matching tags to build. + type: string + type: object + storageSource: + description: If provided, get the source from this location + in Google Cloud Storage. + properties: + bucket: + description: Google Cloud Storage bucket containing the + source. + type: string + generation: + description: |- + Google Cloud Storage generation for the object. If the generation + is omitted, the latest generation will be used. + type: integer + object: + description: Google Cloud Storage object containing the + source. + type: string + type: object + type: object + workerPool: + description: Name of the Cloud Build Custom Worker Pool that should + be used to build the function. + type: string + type: object + description: + description: User-provided description of a function. + type: string + eventTrigger: + description: |- + An Eventarc trigger managed by Google Cloud Functions that fires events in + response to a condition in another service. + properties: + eventFilters: + description: Criteria used to filter events. + items: + properties: + attribute: + description: |- + 'Required. The name of a CloudEvents attribute. + Currently, only a subset of attributes are supported for filtering. Use the 'gcloud eventarc providers describe' command to learn more about events and their attributes. + Do not filter for the 'type' attribute here, as this is already achieved by the resource's 'event_type' attribute. + type: string + operator: + description: |- + Optional. The operator used for matching the events with the value of + the filter. If not specified, only events that have an exact key-value + pair specified in the filter are matched. + The only allowed value is 'match-path-pattern'. + [See documentation on path patterns here](https://cloud.google.com/eventarc/docs/path-patterns)'. + type: string + value: + description: |- + Required. The value for the attribute. + If the operator field is set as 'match-path-pattern', this value can be a path pattern instead of an exact value. + type: string + required: + - attribute + - value + type: object + type: array + eventType: + description: Required. The type of event to observe. + type: string + pubsubTopic: + description: |- + The name of a Pub/Sub topic in the same project that will be used + as the transport topic for the event delivery. + type: string + retryPolicy: + description: |- + Describes the retry policy in case of function's execution failure. + Retried execution is charged as any other execution. Possible values: ["RETRY_POLICY_UNSPECIFIED", "RETRY_POLICY_DO_NOT_RETRY", "RETRY_POLICY_RETRY"]. + type: string + serviceAccountEmail: + description: The email of the service account for this function. + type: string + trigger: + description: Output only. The resource name of the Eventarc trigger. + type: string + triggerRegion: + description: |- + The region that the trigger will be in. The trigger will only receive + events originating in this region. It can be the same + region as the function, a different region or multi-region, or the global + region. If not provided, defaults to the same region as the function. + type: string + type: object + kmsKeyName: + description: |- + Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources. + It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}. + type: string + location: + description: Immutable. The location of this cloud function. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceConfig: + description: Describes the Service being deployed. + properties: + allTrafficOnLatestRevision: + description: Whether 100% of traffic is routed to the latest revision. + Defaults to true. + type: boolean + availableCpu: + description: The number of CPUs used in a single container instance. + Default value is calculated from available memory. + type: string + availableMemory: + description: |- + The amount of memory available for a function. + Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is + supplied the value is interpreted as bytes. + type: string + environmentVariables: + additionalProperties: + type: string + description: Environment variables that shall be available during + function execution. + type: object + gcfUri: + description: URIs of the Service deployed. + type: string + ingressSettings: + description: 'Available ingress settings. Defaults to "ALLOW_ALL" + if unspecified. Default value: "ALLOW_ALL" Possible values: + ["ALLOW_ALL", "ALLOW_INTERNAL_ONLY", "ALLOW_INTERNAL_AND_GCLB"].' + type: string + maxInstanceCount: + description: |- + The limit on the maximum number of function instances that may coexist at a + given time. + type: integer + maxInstanceRequestConcurrency: + description: Sets the maximum number of concurrent requests that + each instance can receive. Defaults to 1. + type: integer + minInstanceCount: + description: |- + The limit on the minimum number of function instances that may coexist at a + given time. + type: integer + secretEnvironmentVariables: + description: Secret environment variables configuration. + items: + properties: + key: + description: Name of the environment variable. + type: string + projectId: + description: Project identifier (preferrably project number + but can also be the project ID) of the project that contains + the secret. If not set, it will be populated with the + function's project assuming that the secret exists in + the same project as of the function. + type: string + secret: + description: Name of the secret in secret manager (not the + full resource name). + type: string + version: + description: Version of the secret (version number or the + string 'latest'). It is recommended to use a numeric version + for secret environment variables as any updates to the + secret value is not reflected until new instances start. + type: string + required: + - key + - projectId + - secret + - version + type: object + type: array + secretVolumes: + description: Secret volumes configuration. + items: + properties: + mountPath: + description: 'The path within the container to mount the + secret volume. For example, setting the mountPath as /etc/secrets + would mount the secret value files under the /etc/secrets + directory. This directory will also be completely shadowed + and unavailable to mount any other secrets. Recommended + mount path: /etc/secrets.' + type: string + projectId: + description: Project identifier (preferrably project number + but can also be the project ID) of the project that contains + the secret. If not set, it will be populated with the + function's project assuming that the secret exists in + the same project as of the function. + type: string + secret: + description: Name of the secret in secret manager (not the + full resource name). + type: string + versions: + description: List of secret versions to mount for this secret. + If empty, the latest version of the secret will be made + available in a file named after the secret under the mount + point.'. + items: + properties: + path: + description: Relative path of the file under the mount + path where the secret value for this version will + be fetched and made available. For example, setting + the mountPath as '/etc/secrets' and path as secret_foo + would mount the secret value file at /etc/secrets/secret_foo. + type: string + version: + description: Version of the secret (version number + or the string 'latest'). It is preferable to use + latest version with secret volumes as secret value + changes are reflected immediately. + type: string + required: + - path + - version + type: object + type: array + required: + - mountPath + - projectId + - secret + type: object + type: array + service: + description: Name of the service associated with a Function. + type: string + serviceAccountEmail: + description: The email of the service account for this function. + type: string + timeoutSeconds: + description: |- + The function execution timeout. Execution is considered failed and + can be terminated if the function is not completed at the end of the + timeout period. Defaults to 60 seconds. + type: integer + uri: + description: URI of the Service deployed. + type: string + vpcConnector: + description: The Serverless VPC Access connector that this cloud + function can connect to. + type: string + vpcConnectorEgressSettings: + description: 'Available egress settings. Possible values: ["VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED", + "PRIVATE_RANGES_ONLY", "ALL_TRAFFIC"].' + type: string + type: object + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + environment: + description: The environment the function is hosted on. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: Describes the current state of the function. + type: string + updateTime: + description: The last update timestamp of a Cloud Function. + type: string + url: + description: Output only. The deployed url for the function. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: cloudfunctionsfunctions.cloudfunctions.cnrm.cloud.google.com +spec: + group: cloudfunctions.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudFunctionsFunction + plural: cloudfunctionsfunctions + shortNames: + - gcpcloudfunctionsfunction + - gcpcloudfunctionsfunctions + singular: cloudfunctionsfunction + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + availableMemoryMb: + description: 'Memory (in MB), available to the function. Default value + is 256MB. Allowed values are: 128MB, 256MB, 512MB, 1024MB, and 2048MB.' + format: int64 + type: integer + description: + description: User-provided description of a function. + type: string + entryPoint: + description: |- + Immutable. The name of the function (as defined in source code) that will be + executed. Defaults to the resource name suffix, if not specified. For + backward compatibility, if function with given name is not found, then the + system will try to use function named "function". + For Node.js this is name of a function exported by the module specified + in `source_location`. + type: string + environmentVariables: + additionalProperties: + type: string + description: Environment variables that shall be available during + function execution. + type: object + eventTrigger: + description: Immutable. A source that fires events in response to + a condition in another service. + properties: + eventType: + description: |- + Immutable. Required. The type of event to observe. For example: + `providers/cloud.storage/eventTypes/object.change` and + `providers/cloud.pubsub/eventTypes/topic.publish`. + + Event types match pattern `providers/*/eventTypes/*.*`. + The pattern contains: + + 1. namespace: For example, `cloud.storage` and + `google.firebase.analytics`. + 2. resource type: The type of resource on which event occurs. For + example, the Google Cloud Storage API includes the type `object`. + 3. action: The action that generates the event. For example, action for + a Google Cloud Storage Object is 'change'. + These parts are lower case. + type: string + failurePolicy: + description: Immutable. Specifies policy for failed executions. + type: boolean + resourceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: |- + Required. The resource(s) from which to observe events, for example, + `projects/_/buckets/myBucket`. + + Not all syntactically correct values are accepted by all services. For + example: + + 1. The authorization model must support it. Google Cloud Functions + only allows EventTriggers to be deployed that observe resources in the + same project as the `Function`. + 2. The resource type must match the pattern expected for an + `event_type`. For example, an `EventTrigger` that has an + `event_type` of "google.pubsub.topic.publish" should have a resource + that matches Google Cloud Pub/Sub topics. + + Additionally, some services may support short names when creating an + `EventTrigger`. These will always be returned in the normalized "long" + format. + + See each *service's* documentation for supported formats. + + Allowed values: + * The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + * The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + kind: + description: 'Kind of the referent. Allowed values: StorageBucket,PubSubTopic' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + service: + description: |- + Immutable. The hostname of the service that should be observed. + + If no string is provided, the default service implementing the API will + be used. For example, `storage.googleapis.com` is the default for all + event types in the `google.storage` namespace. + type: string + required: + - eventType + - resourceRef + type: object + httpsTrigger: + description: Immutable. An HTTPS endpoint type of source that can + be triggered via URL. + properties: + securityLevel: + description: 'Immutable. Both HTTP and HTTPS requests with URLs + that match the handler succeed without redirects. The application + can examine the request to determine which protocol was used + and respond accordingly. Possible values: SECURITY_LEVEL_UNSPECIFIED, + SECURE_ALWAYS, SECURE_OPTIONAL' + type: string + type: object + ingressSettings: + description: |- + The ingress settings for the function, controlling what traffic can reach + it. Possible values: INGRESS_SETTINGS_UNSPECIFIED, ALLOW_ALL, ALLOW_INTERNAL_ONLY, ALLOW_INTERNAL_AND_GCLB + type: string + maxInstances: + description: |- + The limit on the maximum number of function instances that may coexist at a + given time. + format: int64 + type: integer + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project id of the function. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The name of the Cloud Functions region of + the function. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + runtime: + description: | + The runtime in which to run the function. Required when deploying a new + function, optional when updating an existing function. For a complete + list of possible choices, see the + [`gcloud` command + reference](/sdk/gcloud/reference/functions/deploy#--runtime). + type: string + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The email of the function's service account. If empty, defaults to + `{project_id}@appspot.gserviceaccount.com`. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceArchiveUrl: + description: Immutable. The Google Cloud Storage URL, starting with + gs://, pointing to the zip archive which contains the function. + type: string + sourceRepository: + description: Immutable. Represents parameters related to source repository + where a function is hosted. + properties: + url: + description: |- + Immutable. The URL pointing to the hosted repository where the function is defined. + There are supported Cloud Source Repository URLs in the following + formats: + + To refer to a specific commit: + `https://source.developers.google.com/projects/*/repos/*/revisions/*/paths/*` + To refer to a moveable alias (branch): + `https://source.developers.google.com/projects/*/repos/*/moveable-aliases/*/paths/*` + In particular, to refer to HEAD use `master` moveable alias. + To refer to a specific fixed alias (tag): + `https://source.developers.google.com/projects/*/repos/*/fixed-aliases/*/paths/*` + + You may omit `paths/*` if you want to use the main directory. + type: string + required: + - url + type: object + timeout: + description: |- + The function execution timeout. Execution is considered failed and + can be terminated if the function is not completed at the end of the + timeout period. Defaults to 60 seconds. + type: string + vpcConnectorEgressSettings: + description: |- + The egress settings for the connector, controlling what traffic is diverted + through it. Possible values: VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, ALL_TRAFFIC + type: string + vpcConnectorRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The VPC Network Connector that this cloud function can connect to. It can + be either the fully-qualified URI, or the short name of the network + connector resource. The format of this field is + `projects/*/locations/*/connectors/*` + + Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + - region + - runtime + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + httpsTrigger: + properties: + url: + description: Output only. The deployed url for the function. + type: string + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + sourceRepository: + properties: + deployedUrl: + description: |- + Output only. The URL pointing to the hosted repository where the function + were defined at the time of deployment. It always points to a specific + commit in the format described above. + type: string + type: object + status: + description: 'Output only. Status of the function deployment. Possible + values: CLOUD_FUNCTION_STATUS_UNSPECIFIED, ACTIVE, OFFLINE, DEPLOY_IN_PROGRESS, + DELETE_IN_PROGRESS, UNKNOWN' + type: string + updateTime: + description: Output only. The last update timestamp of a Cloud Function + in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up + to nine fractional digits. + type: string + versionId: + description: |- + Output only. The version identifier of the Cloud Function. Each deployment attempt + results in a new version of a function being created. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudidentitygroups.cloudidentity.cnrm.cloud.google.com +spec: + group: cloudidentity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudIdentityGroup + plural: cloudidentitygroups + shortNames: + - gcpcloudidentitygroup + - gcpcloudidentitygroups + singular: cloudidentitygroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + An extended description to help users determine the purpose of a Group. + Must not be longer than 4,096 characters. + type: string + displayName: + description: The display name of the Group. + type: string + groupKey: + description: Immutable. EntityKey of the Group. + properties: + id: + description: |- + Immutable. The ID of the entity. + + For Google-managed entities, the id must be the email address of an existing + group or user. + + For external-identity-mapped entities, the id must be a string conforming + to the Identity Source's requirements. + + Must be unique within a namespace. + type: string + namespace: + description: |- + Immutable. The namespace in which the entity exists. + + If not specified, the EntityKey represents a Google-managed entity + such as a Google user or a Google Group. + + If specified, the EntityKey represents an external-identity-mapped group. + The namespace must correspond to an identity source created in Admin Console + and must be in the form of 'identitysources/{identity_source_id}'. + type: string + required: + - id + type: object + initialGroupConfig: + description: |- + Immutable. The initial configuration options for creating a Group. + + See the + [API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig) + for possible values. Default value: "EMPTY" Possible values: ["INITIAL_GROUP_CONFIG_UNSPECIFIED", "WITH_INITIAL_OWNER", "EMPTY"]. + type: string + labels: + additionalProperties: + type: string + description: |- + One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value. + + Google Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value. + + Existing Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added. + + Dynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic. + + Identity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value. + type: object + parent: + description: |- + Immutable. The resource name of the entity under which this Group resides in the + Cloud Identity resource hierarchy. + + Must be of the form identitysources/{identity_source_id} for external-identity-mapped + groups or customers/{customer_id} for Google Groups. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - groupKey + - labels + - parent + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the Group was created. + type: string + name: + description: |- + Resource name of the Group in the format: groups/{group_id}, where group_id + is the unique ID assigned to the Group. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: The time when the Group was last updated. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: cloudidentitymemberships.cloudidentity.cnrm.cloud.google.com +spec: + group: cloudidentity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudIdentityMembership + plural: cloudidentitymemberships + shortNames: + - gcpcloudidentitymembership + - gcpcloudidentitymemberships + singular: cloudidentitymembership + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + groupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The group for the resource + + Allowed value: The Google Cloud resource name of a `CloudIdentityGroup` resource (format: `groups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + memberKey: + description: Immutable. The `EntityKey` of the member. Either `member_key` + or `preferred_member_key` must be set when calling MembershipsService.CreateMembership + but not both; both shall be set when returned. + properties: + id: + description: The ID of the entity. For Google-managed entities, + the `id` must be the email address of an existing group or user. + For external-identity-mapped entities, the `id` must be a string + conforming to the Identity Source's requirements. Must be unique + within a `namespace`. + type: string + namespace: + description: The namespace in which the entity exists. If not + specified, the `EntityKey` represents a Google-managed entity + such as a Google user or a Google Group. If specified, the `EntityKey` + represents an external-identity-mapped group. The namespace + must correspond to an identity source created in Admin Console + and must be in the form of `identitysources/{identity_source_id}`. + type: string + type: object + preferredMemberKey: + description: Immutable. Required. Immutable. The `EntityKey` of the + member. + properties: + id: + description: Immutable. The ID of the entity. For Google-managed + entities, the `id` must be the email address of a group or user. + For external-identity-mapped entities, the `id` must be a string + conforming to the Identity Source's requirements. Must be unique + within a `namespace`. + type: string + namespace: + description: Immutable. The namespace in which the entity exists. + If not specified, the `EntityKey` represents a Google-managed + entity such as a Google user or a Google Group. If specified, + the `EntityKey` represents an external-identity-mapped group. + The namespace must correspond to an identity source created + in Admin Console and must be in the form of `identitysources/{identity_source_id}`. + type: string + required: + - id + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + roles: + description: The `MembershipRole`s that apply to the `Membership`. + If unspecified, defaults to a single `MembershipRole` with `name` + `MEMBER`. Must not contain duplicate `MembershipRole`s with the + same `name`. + items: + properties: + expiryDetail: + description: The expiry details of the `MembershipRole`. Expiry + details are only supported for `MEMBER` `MembershipRoles`. + May be set if `name` is `MEMBER`. Must not be set if `name` + is any other value. + properties: + expireTime: + description: The time at which the `MembershipRole` will + expire. + format: date-time + type: string + type: object + name: + type: string + restrictionEvaluations: + description: Evaluations of restrictions applied to parent group + on this membership. + properties: + memberRestrictionEvaluation: + description: Evaluation of the member restriction applied + to this membership. Empty if the user lacks permission + to view the restriction evaluation. + properties: + state: + description: 'Output only. The current state of the + restriction Possible values: ENCRYPTION_STATE_UNSPECIFIED, + UNSUPPORTED_BY_DEVICE, ENCRYPTED, NOT_ENCRYPTED' + type: string + type: object + type: object + required: + - name + type: object + type: array + required: + - groupRef + - preferredMemberKey + - roles + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when the `Membership` was created. + format: date-time + type: string + deliverySetting: + description: 'Output only. Delivery setting associated with the membership. + Possible values: DELIVERY_SETTING_UNSPECIFIED, ALL_MAIL, DIGEST, + DAILY, NONE, DISABLED' + type: string + displayName: + description: Output only. The display name of this member, if available + properties: + familyName: + description: Output only. Member's family name + type: string + fullName: + description: Output only. Localized UTF-16 full name for the member. + Localization is done based on the language in the request and + the language of the stored display name. + type: string + givenName: + description: Output only. Member's given name + type: string + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: + description: 'Output only. The type of the membership. Possible values: + OWNER_TYPE_UNSPECIFIED, OWNER_TYPE_CUSTOMER, OWNER_TYPE_PARTNER' + type: string + updateTime: + description: Output only. The time when the `Membership` was last + updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudidsendpoints.cloudids.cnrm.cloud.google.com +spec: + group: cloudids.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudIDSEndpoint + plural: cloudidsendpoints + shortNames: + - gcpcloudidsendpoint + - gcpcloudidsendpoints + singular: cloudidsendpoint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of the endpoint. + type: string + location: + description: Immutable. The location for the endpoint. + type: string + networkRef: + description: |- + Immutable. Name of the VPC network that is connected + to the IDS endpoint. This can either contain the VPC network name + itself (like "src-net") or the full URL to the network (like "projects/{project_id}/global/networks/src-net"). + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + severity: + description: 'Immutable. The minimum alert severity level that is + reported by the endpoint. Possible values: ["INFORMATIONAL", "LOW", + "MEDIUM", "HIGH", "CRITICAL"].' + type: string + threatExceptions: + description: 'Configuration for threat IDs excluded from generating + alerts. Limit: 99 IDs.' + items: + type: string + type: array + required: + - location + - networkRef + - projectRef + - severity + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + createTime: + description: Creation timestamp in RFC 3339 text format. + type: string + endpointForwardingRule: + description: URL of the endpoint's network address to which traffic + is to be sent by Packet Mirroring. + type: string + endpointIP: + description: Internal IP address of the endpoint's network entry + point. + type: string + updateTime: + description: Last update timestamp in RFC 3339 text format. + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of the endpoint. + type: string + location: + description: Immutable. The location for the endpoint. + type: string + networkRef: + description: |- + Immutable. Name of the VPC network that is connected + to the IDS endpoint. This can either contain the VPC network name + itself (like "src-net") or the full URL to the network (like "projects/{project_id}/global/networks/src-net"). + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + severity: + description: 'Immutable. The minimum alert severity level that is + reported by the endpoint. Possible values: ["INFORMATIONAL", "LOW", + "MEDIUM", "HIGH", "CRITICAL"].' + type: string + threatExceptions: + description: 'Configuration for threat IDs excluded from generating + alerts. Limit: 99 IDs.' + items: + type: string + type: array + required: + - location + - networkRef + - projectRef + - severity + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + createTime: + description: Creation timestamp in RFC 3339 text format. + type: string + endpointForwardingRule: + description: URL of the endpoint's network address to which traffic + is to be sent by Packet Mirroring. + type: string + endpointIP: + description: Internal IP address of the endpoint's network entry + point. + type: string + updateTime: + description: Last update timestamp in RFC 3339 text format. + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudiotdeviceregistries.cloudiot.cnrm.cloud.google.com +spec: + group: cloudiot.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudIOTDeviceRegistry + plural: cloudiotdeviceregistries + shortNames: + - gcpcloudiotdeviceregistry + - gcpcloudiotdeviceregistries + singular: cloudiotdeviceregistry + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + credentials: + description: List of public key certificates to authenticate devices. + items: + properties: + publicKeyCertificate: + description: A public key certificate format and data. + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - publicKeyCertificate + type: object + type: array + eventNotificationConfigs: + description: |- + List of configurations for event notifications, such as PubSub topics + to publish device events to. + items: + properties: + pubsubTopicName: + description: PubSub topic name to publish device events. + type: string + subfolderMatches: + description: |- + If the subfolder name matches this string exactly, this + configuration will be used. The string must not include the + leading '/' character. If empty, all strings are matched. Empty + value can only be used for the last 'event_notification_configs' + item. + type: string + required: + - pubsubTopicName + type: object + type: array + httpConfig: + description: Activate or deactivate HTTP. + type: object + x-kubernetes-preserve-unknown-fields: true + logLevel: + description: |- + The default logging verbosity for activity from devices in this + registry. Specifies which events should be written to logs. For + example, if the LogLevel is ERROR, only events that terminate in + errors will be logged. LogLevel is inclusive; enabling INFO logging + will also enable ERROR logging. Default value: "NONE" Possible values: ["NONE", "ERROR", "INFO", "DEBUG"]. + type: string + mqttConfig: + description: Activate or deactivate MQTT. + type: object + x-kubernetes-preserve-unknown-fields: true + project: + description: Immutable. + type: string + region: + description: |- + Immutable. The region in which the created registry should reside. + If it is not provided, the provider region is used. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + stateNotificationConfig: + description: A PubSub topic to publish device state updates. + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudiotdevices.cloudiot.cnrm.cloud.google.com +spec: + group: cloudiot.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudIOTDevice + plural: cloudiotdevices + shortNames: + - gcpcloudiotdevice + - gcpcloudiotdevices + singular: cloudiotdevice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + blocked: + description: If a device is blocked, connections or requests from + this device will fail. + type: boolean + credentials: + description: The credentials used to authenticate this device. + items: + properties: + expirationTime: + description: The time at which this credential becomes invalid. + type: string + publicKey: + description: A public key used to verify the signature of JSON + Web Tokens (JWTs). + properties: + format: + description: 'The format of the key. Possible values: ["RSA_PEM", + "RSA_X509_PEM", "ES256_PEM", "ES256_X509_PEM"].' + type: string + key: + description: The key data. + type: string + required: + - format + - key + type: object + required: + - publicKey + type: object + type: array + gatewayConfig: + description: Gateway-related configuration and state. + properties: + gatewayAuthMethod: + description: 'Indicates whether the device is a gateway. Possible + values: ["ASSOCIATION_ONLY", "DEVICE_AUTH_TOKEN_ONLY", "ASSOCIATION_AND_DEVICE_AUTH_TOKEN"].' + type: string + gatewayType: + description: 'Immutable. Indicates whether the device is a gateway. + Default value: "NON_GATEWAY" Possible values: ["GATEWAY", "NON_GATEWAY"].' + type: string + lastAccessedGatewayId: + description: The ID of the gateway the device accessed most recently. + type: string + lastAccessedGatewayTime: + description: The most recent time at which the device accessed + the gateway specified in last_accessed_gateway. + type: string + type: object + logLevel: + description: 'The logging verbosity for device activity. Possible + values: ["NONE", "ERROR", "INFO", "DEBUG"].' + type: string + metadata: + additionalProperties: + type: string + description: The metadata key-value pairs assigned to the device. + type: object + registry: + description: Immutable. The name of the device registry where this + device should be created. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - registry + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + config: + description: The most recent device configuration, which is eventually + sent from Cloud IoT Core to the device. + items: + properties: + binaryData: + description: The device configuration data. + type: string + cloudUpdateTime: + description: The time at which this configuration version was + updated in Cloud IoT Core. + type: string + deviceAckTime: + description: |- + The time at which Cloud IoT Core received the acknowledgment from the device, + indicating that the device has received this configuration version. + type: string + version: + description: The version of this update. + type: string + type: object + type: array + lastConfigAckTime: + description: The last time a cloud-to-device config version acknowledgment + was received from the device. + type: string + lastConfigSendTime: + description: The last time a cloud-to-device config version was sent + to the device. + type: string + lastErrorStatus: + description: The error message of the most recent error, such as a + failure to publish to Cloud Pub/Sub. + items: + properties: + details: + description: A list of messages that carry the error details. + items: + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + message: + description: A developer-facing error message, which should + be in English. + type: string + number: + description: The status code, which should be an enum value + of google.rpc.Code. + type: integer + type: object + type: array + lastErrorTime: + description: The time the most recent error occurred, such as a failure + to publish to Cloud Pub/Sub. + type: string + lastEventTime: + description: The last time a telemetry event was received. + type: string + lastHeartbeatTime: + description: The last time an MQTT PINGREQ was received. + type: string + lastStateTime: + description: The last time a state event was received. + type: string + numId: + description: |- + A server-defined unique numeric ID for the device. + This is a more compact way to identify devices, and it is globally unique. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The state most recently received from the device. + items: + properties: + binaryData: + description: The device state data. + type: string + updateTime: + description: The time at which this state version was updated + in Cloud IoT Core. + type: string + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: cloudschedulerjobs.cloudscheduler.cnrm.cloud.google.com +spec: + group: cloudscheduler.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudSchedulerJob + plural: cloudschedulerjobs + shortNames: + - gcpcloudschedulerjob + - gcpcloudschedulerjobs + singular: cloudschedulerjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + appEngineHttpTarget: + description: App Engine HTTP target. + properties: + appEngineRouting: + description: App Engine Routing setting for the job. + properties: + instance: + description: App instance. By default, the job is sent to + an instance which is available when the job is attempted. + Requests can only be sent to a specific instance if [manual + scaling is used in App Engine Standard](https://cloud.google.com/appengine/docs/python/an-overview-of-app-engine?hl=en_US#scaling_types_and_instance_classes). + App Engine Flex does not support instances. For more information, + see [App Engine Standard request routing](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed) + and [App Engine Flex request routing](https://cloud.google.com/appengine/docs/flexible/python/how-requests-are-routed). + type: string + service: + description: App service. By default, the job is sent to the + service which is the default service when the job is attempted. + type: string + version: + description: App version. By default, the job is sent to the + version which is the default version when the job is attempted. + type: string + type: object + body: + description: Body. HTTP request body. A request body is allowed + only if the HTTP method is POST or PUT. It will result in invalid + argument error to set a body on a job with an incompatible HttpMethod. + type: string + headers: + additionalProperties: + type: string + description: 'HTTP request headers. This map contains the header + field names and values. Headers can be set when the job is created. + Cloud Scheduler sets some headers to default values: * `User-Agent`: + By default, this header is `"App Engine-Google; (+http://code.google.com/appengine)"`. + This header can be modified, but Cloud Scheduler will append + `"App Engine-Google; (+http://code.google.com/appengine)"` to + the modified `User-Agent`. * `X-CloudScheduler`: This header + will be set to true. The headers below are output only. They + cannot be set or overridden: * `X-Google-*`: For Google internal + use only. * `X-App Engine-*`: For Google internal use only. + In addition, some App Engine headers, which contain job-specific + information, are also be sent to the job handler.' + type: object + httpMethod: + description: 'The HTTP method to use for the request. PATCH and + OPTIONS are not permitted. Possible values: HTTP_METHOD_UNSPECIFIED, + POST, GET, HEAD, PUT, DELETE, PATCH, OPTIONS' + type: string + relativeUri: + description: The relative URI. The relative URL must begin with + "/" and must be a valid HTTP relative URL. It can contain a + path, query string arguments, and `#` fragments. If the relative + URL is empty, then the root path "/" will be used. No spaces + are allowed, and the maximum length allowed is 2083 characters. + type: string + type: object + attemptDeadline: + description: 'The deadline for job attempts. If the request handler + does not respond by this deadline then the request is cancelled + and the attempt is marked as a `DEADLINE_EXCEEDED` failure. The + failed attempt can be viewed in execution logs. Cloud Scheduler + will retry the job according to the RetryConfig. The allowed duration + for this deadline is: * For HTTP targets, between 15 seconds and + 30 minutes. * For App Engine HTTP targets, between 15 seconds and + 24 hours.' + type: string + description: + description: Optionally caller-specified in CreateJob or UpdateJob. + A human-readable description for the job. This string must not contain + more than 500 characters. + type: string + httpTarget: + description: HTTP target. + properties: + body: + description: HTTP request body. A request body is allowed only + if the HTTP method is POST, PUT, or PATCH. It is an error to + set body on a job with an incompatible HttpMethod. + type: string + headers: + additionalProperties: + type: string + description: 'The user can specify HTTP request headers to send + with the job''s HTTP request. This map contains the header field + names and values. Repeated headers are not supported, but a + header value can contain commas. These headers represent a subset + of the headers that will accompany the job''s HTTP request. + Some HTTP request headers will be ignored or replaced. A partial + list of headers that will be ignored or replaced is below: - + Host: This will be computed by Cloud Scheduler and derived from + uri. * `Content-Length`: This will be computed by Cloud Scheduler. + * `User-Agent`: This will be set to `"Google-Cloud-Scheduler"`. + * `X-Google-*`: Google internal use only. * `X-appengine-*`: + Google internal use only. The total size of headers must be + less than 80KB.' + type: object + httpMethod: + description: 'Which HTTP method to use for the request. Possible + values: HTTP_METHOD_UNSPECIFIED, POST, GET, HEAD, PUT, DELETE, + PATCH, OPTIONS' + type: string + oauthToken: + description: If specified, an [OAuth token](https://developers.google.com/identity/protocols/OAuth2) + will be generated and attached as an `Authorization` header + in the HTTP request. This type of authorization should generally + only be used when calling Google APIs hosted on *.googleapis.com. + properties: + scope: + description: OAuth scope to be used for generating OAuth access + token. If not specified, "https://www.googleapis.com/auth/cloud-platform" + will be used. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OAuth token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + oidcToken: + description: If specified, an [OIDC](https://developers.google.com/identity/protocols/OpenIDConnect) + token will be generated and attached as an `Authorization` header + in the HTTP request. This type of authorization can be used + for many scenarios, including calling Cloud Run, or endpoints + where you intend to validate the token yourself. + properties: + audience: + description: Audience to be used when generating OIDC token. + If not specified, the URI specified in target will be used. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OIDC token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + uri: + description: 'Required. The full URI path that the request will + be sent to. This string must begin with either "http://" or + "https://". Some examples of valid values for uri are: `http://acme.com` + and `https://acme.com/sales:8080`. Cloud Scheduler will encode + some characters for safety and compatibility. The maximum allowed + URL length is 2083 characters after encoding.' + type: string + required: + - uri + type: object + location: + description: Immutable. The location for the resource + type: string + pubsubTarget: + description: Pub/Sub target. + properties: + attributes: + additionalProperties: + type: string + description: Attributes for PubsubMessage. Pubsub message must + contain either non-empty data, or at least one attribute. + type: object + data: + description: The message payload for PubsubMessage. Pubsub message + must contain either non-empty data, or at least one attribute. + type: string + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the Cloud Pub/Sub topic to which messages will be published when a job is delivered. The topic name must be in the same format as required by Pub/Sub's [PublishRequest.name](https://cloud.google.com/pubsub/docs/reference/rpc/google.pubsub.v1#publishrequest), for example `projects/PROJECT_ID/topics/TOPIC_ID`. The topic must be in the same project as the Cloud Scheduler job. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retryConfig: + description: Settings that determine the retry behavior. + properties: + maxBackoffDuration: + description: The maximum amount of time to wait before retrying + a job after it fails. The default value of this field is 1 hour. + type: string + maxDoublings: + description: The time between retries will double `max_doublings` + times. A job's retry interval starts at min_backoff_duration, + then doubles `max_doublings` times, then increases linearly, + and finally retries at intervals of max_backoff_duration up + to retry_count times. For example, if min_backoff_duration is + 10s, max_backoff_duration is 300s, and `max_doublings` is 3, + then the a job will first be retried in 10s. The retry interval + will double three times, and then increase linearly by 2^3 * + 10s. Finally, the job will retry at intervals of max_backoff_duration + until the job has been attempted retry_count times. Thus, the + requests will retry at 10s, 20s, 40s, 80s, 160s, 240s, 300s, + 300s, .... The default value of this field is 5. + format: int64 + type: integer + maxRetryDuration: + description: The time limit for retrying a failed job, measured + from time when an execution was first attempted. If specified + with retry_count, the job will be retried until both limits + are reached. The default value for max_retry_duration is zero, + which means retry duration is unlimited. + type: string + minBackoffDuration: + description: The minimum amount of time to wait before retrying + a job after it fails. The default value of this field is 5 seconds. + type: string + retryCount: + description: The number of attempts that the system will make + to run a job using the exponential backoff procedure described + by max_doublings. The default value of retry_count is zero. + If retry_count is zero, a job attempt will *not* be retried + if it fails. Instead the Cloud Scheduler system will wait for + the next scheduled execution time. If retry_count is set to + a non-zero number then Cloud Scheduler will retry failed attempts, + using exponential backoff, retry_count times, or until the next + scheduled execution time, whichever comes first. Values greater + than 5 and negative values are not allowed. + format: int64 + type: integer + type: object + schedule: + description: 'Required, except when used with UpdateJob. Describes + the schedule on which the job will be executed. The schedule can + be either of the following types: * [Crontab](http://en.wikipedia.org/wiki/Cron#Overview) + * English-like [schedule](https://cloud.google.com/scheduler/docs/configuring/cron-job-schedules) + As a general rule, execution `n + 1` of a job will not begin until + execution `n` has finished. Cloud Scheduler will never allow two + simultaneously outstanding executions. For example, this implies + that if the `n+1`th execution is scheduled to run at 16:00 but the + `n`th execution takes until 16:15, the `n+1`th execution will not + start until `16:15`. A scheduled start time will be delayed if the + previous execution has not ended when its scheduled time occurs. + If retry_count > 0 and a job attempt fails, the job will be tried + a total of retry_count times, with exponential backoff, until the + next scheduled start time.' + type: string + timeZone: + description: Specifies the time zone to be used in interpreting schedule. + The value of this field must be a time zone name from the [tz database](http://en.wikipedia.org/wiki/Tz_database). + Note that some time zones include a provision for daylight savings + time. The rules for daylight saving time are determined by the chosen + tz. For UTC use the string "utc". If a time zone is not specified, + the default will be in UTC (also known as GMT). + type: string + required: + - location + type: object + status: + properties: + appEngineHttpTarget: + properties: + appEngineRouting: + properties: + host: + description: 'Output only. The host that the job is sent to. + For more information about how App Engine requests are routed, + see [here](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed). + The host is constructed as: * `host = [application_domain_name]` + `| [service] + ''.'' + [application_domain_name]` `| [version] + + ''.'' + [application_domain_name]` `| [version_dot_service]+ + ''.'' + [application_domain_name]` `| [instance] + ''.'' + + [application_domain_name]` `| [instance_dot_service] + + ''.'' + [application_domain_name]` `| [instance_dot_version] + + ''.'' + [application_domain_name]` `| [instance_dot_version_dot_service] + + ''.'' + [application_domain_name]` * `application_domain_name` + = The domain name of the app, for example .appspot.com, + which is associated with the job''s project ID. * `service + =` service * `version =` version * `version_dot_service + =` version `+ ''.'' +` service * `instance =` instance * + `instance_dot_service =` instance `+ ''.'' +` service * + `instance_dot_version =` instance `+ ''.'' +` version * + `instance_dot_version_dot_service =` instance `+ ''.'' +` + version `+ ''.'' +` service If service is empty, then the + job will be sent to the service which is the default service + when the job is attempted. If version is empty, then the + job will be sent to the version which is the default version + when the job is attempted. If instance is empty, then the + job will be sent to an instance which is available when + the job is attempted. If service, version, or instance is + invalid, then the job will be sent to the default version + of the default service when the job is attempted.' + type: string + type: object + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + lastAttemptTime: + description: Output only. The time the last job attempt started. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + scheduleTime: + description: Output only. The next time the job is scheduled. Note + that this may be a retry of a previously failed attempt or the next + execution time according to the schedule. + format: date-time + type: string + state: + description: 'Output only. State of the job. Possible values: STATE_UNSPECIFIED, + ENABLED, PAUSED, DISABLED, UPDATE_FAILED' + type: string + status: + description: Output only. The response from the target for the last + attempted execution. + properties: + code: + description: The status code, which should be an enum value of + google.rpc.Code. + format: int64 + type: integer + details: + description: A list of messages that carry the error details. + There is a common set of message types for APIs to use. + items: + properties: + typeUrl: + description: 'A URL/resource name that uniquely identifies + the type of the serialized protocol buffer message. This + string must contain at least one "/" character. The last + segment of the URL''s path must represent the fully qualified + name of the type (as in `path/google.protobuf.Duration`). + The name should be in a canonical form (e.g., leading + "." is not accepted). In practice, teams usually precompile + into the binary all types that they expect it to use in + the context of Any. However, for URLs which use the scheme + `http`, `https`, or no scheme, one can optionally set + up a type server that maps type URLs to message definitions + as follows: * If no scheme is provided, `https` is assumed. + * An HTTP GET on the URL must yield a google.protobuf.Type + value in binary format, or produce an error. * Applications + are allowed to cache lookup results based on the URL, + or have them precompiled into a binary to avoid any lookup. + Therefore, binary compatibility needs to be preserved + on changes to types. (Use versioned type names to manage + breaking changes.) Note: this functionality is not currently + available in the official protobuf release, and it is + not used for type URLs beginning with type.googleapis.com. + Schemes other than `http`, `https` (or the empty scheme) + might be used with implementation specific semantics.' + type: string + value: + description: Must be a valid serialized protocol buffer + of the above specified type. + type: string + type: object + type: array + message: + description: A developer-facing error message, which should be + in English. Any user-facing error message should be localized + and sent in the google.rpc.Status.details field, or localized + by the client. + type: string + type: object + userUpdateTime: + description: Output only. The creation time of the job. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudtasksqueues.cloudtasks.cnrm.cloud.google.com +spec: + group: cloudtasks.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudTasksQueue + plural: cloudtasksqueues + shortNames: + - gcpcloudtasksqueue + - gcpcloudtasksqueues + singular: cloudtasksqueue + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + appEngineRoutingOverride: + description: |- + Overrides for task-level appEngineRouting. These settings apply only + to App Engine tasks in this queue. + properties: + host: + description: The host that the task is sent to. + type: string + instance: + description: |- + App instance. + + By default, the task is sent to an instance which is available when the task is attempted. + type: string + service: + description: |- + App service. + + By default, the task is sent to the service which is the default service when the task is attempted. + type: string + version: + description: |- + App version. + + By default, the task is sent to the version which is the default version when the task is attempted. + type: string + type: object + location: + description: Immutable. The location of the queue. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rateLimits: + description: |- + Rate limits for task dispatches. + + The queue's actual dispatch rate is the result of: + + * Number of tasks in the queue + * User-specified throttling: rateLimits, retryConfig, and the queue's state. + * System throttling due to 429 (Too Many Requests) or 503 (Service + Unavailable) responses from the worker, high error rates, or to + smooth sudden large traffic spikes. + properties: + maxBurstSize: + description: |- + The max burst size. + + Max burst size limits how fast tasks in queue are processed when many tasks are + in the queue and the rate is high. This field allows the queue to have a high + rate so processing starts shortly after a task is enqueued, but still limits + resource usage when many tasks are enqueued in a short period of time. + type: integer + maxConcurrentDispatches: + description: |- + The maximum number of concurrent tasks that Cloud Tasks allows to + be dispatched for this queue. After this threshold has been + reached, Cloud Tasks stops dispatching tasks until the number of + concurrent requests decreases. + type: integer + maxDispatchesPerSecond: + description: |- + The maximum rate at which tasks are dispatched from this queue. + + If unspecified when the queue is created, Cloud Tasks will pick the default. + type: number + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retryConfig: + description: Settings that determine the retry behavior. + properties: + maxAttempts: + description: |- + Number of attempts per task. + + Cloud Tasks will attempt the task maxAttempts times (that is, if + the first attempt fails, then there will be maxAttempts - 1 + retries). Must be >= -1. + + If unspecified when the queue is created, Cloud Tasks will pick + the default. + + -1 indicates unlimited attempts. + type: integer + maxBackoff: + description: |- + A task will be scheduled for retry between minBackoff and + maxBackoff duration after it fails, if the queue's RetryConfig + specifies that the task should be retried. + type: string + maxDoublings: + description: |- + The time between retries will double maxDoublings times. + + A task's retry interval starts at minBackoff, then doubles maxDoublings times, + then increases linearly, and finally retries retries at intervals of maxBackoff + up to maxAttempts times. + type: integer + maxRetryDuration: + description: |- + If positive, maxRetryDuration specifies the time limit for + retrying a failed task, measured from when the task was first + attempted. Once maxRetryDuration time has passed and the task has + been attempted maxAttempts times, no further attempts will be + made and the task will be deleted. + + If zero, then the task age is unlimited. + type: string + minBackoff: + description: |- + A task will be scheduled for retry between minBackoff and + maxBackoff duration after it fails, if the queue's RetryConfig + specifies that the task should be retried. + type: string + type: object + stackdriverLoggingConfig: + description: Configuration options for writing logs to Stackdriver + Logging. + properties: + samplingRatio: + description: |- + Specifies the fraction of operations to write to Stackdriver Logging. + This field may contain any value between 0.0 and 1.0, inclusive. 0.0 is the + default and means that no operations are logged. + type: number + required: + - samplingRatio + type: object + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeaddresses.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeAddress + plural: computeaddresses + shortNames: + - gcpcomputeaddress + - gcpcomputeaddresses + singular: computeaddress + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + address: + description: |- + Immutable. The static external IP address represented by this resource. + The IP address must be inside the specified subnetwork, + if any. Set by the API if undefined. + type: string + addressType: + description: |- + Immutable. The type of address to reserve. + Note: if you set this argument's value as 'INTERNAL' you need to leave the 'network_tier' argument unset in that resource block. Default value: "EXTERNAL" Possible values: ["INTERNAL", "EXTERNAL"]. + type: string + description: + description: Immutable. An optional description of this resource. + type: string + ipVersion: + description: 'Immutable. The IP Version that will be used by this + address. The default value is ''IPV4''. Possible values: ["IPV4", + "IPV6"].' + type: string + ipv6EndpointType: + description: |- + Immutable. The endpoint type of this address, which should be VM or NETLB. This is + used for deciding which type of endpoint this address can be used after + the external IPv6 address reservation. Possible values: ["VM", "NETLB"]. + type: string + location: + description: 'Location represents the geographical location of the + ComputeAddress. Specify a region name or "global" for global resources. + Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + networkRef: + description: |- + The network in which to reserve the address. If global, the address + must be within the RFC1918 IP space. The network cannot be deleted + if there are any reserved IP ranges referring to it. This field can + only be used with INTERNAL type with the VPC_PEERING and + IPSEC_INTERCONNECT purposes. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkTier: + description: |- + Immutable. The networking tier used for configuring this address. If this field is not + specified, it is assumed to be PREMIUM. + This argument should not be used when configuring Internal addresses, because [network tier cannot be set for internal traffic; it's always Premium](https://cloud.google.com/network-tiers/docs/overview). Possible values: ["PREMIUM", "STANDARD"]. + type: string + prefixLength: + description: Immutable. The prefix length if the resource represents + an IP range. + type: integer + purpose: + description: |- + Immutable. The purpose of this resource, which can be one of the following values. + + * GCE_ENDPOINT for addresses that are used by VM instances, alias IP + ranges, load balancers, and similar resources. + + * SHARED_LOADBALANCER_VIP for an address that can be used by multiple + internal load balancers. + + * VPC_PEERING for addresses that are reserved for VPC peer networks. + + * IPSEC_INTERCONNECT for addresses created from a private IP range that + are reserved for a VLAN attachment in an HA VPN over Cloud Interconnect + configuration. These addresses are regional resources. + + * PRIVATE_SERVICE_CONNECT for a private network address that is used to + configure Private Service Connect. Only global internal addresses can use + this purpose. + + + This should only be set when using an Internal address. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnetworkRef: + description: |- + The subnetwork in which to reserve the address. If an IP address is + specified, it must be within the subnetwork's IP range. This field + can only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER + purposes. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + address: + description: |- + Immutable. The static external IP address represented by this resource. + The IP address must be inside the specified subnetwork, + if any. Set by the API if undefined. + type: string + type: object + selfLink: + type: string + users: + description: The URLs of the resources that are using this address. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeautoscalers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeAutoscaler + plural: computeautoscalers + shortNames: + - gcpcomputeautoscaler + - gcpcomputeautoscalers + singular: computeautoscaler + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscalingPolicy: + description: |- + The configuration parameters for the autoscaling algorithm. You can + define one or more of the policies for an autoscaler: cpuUtilization, + customMetricUtilizations, and loadBalancingUtilization. + + If none of these are specified, the default will be to autoscale based + on cpuUtilization to 0.6 or 60%. + properties: + cooldownPeriod: + description: |- + The number of seconds that the autoscaler should wait before it + starts collecting information from a new instance. This prevents + the autoscaler from collecting information when the instance is + initializing, during which the collected usage would not be + reliable. The default time autoscaler waits is 60 seconds. + + Virtual machine initialization times might vary because of + numerous factors. We recommend that you test how long an + instance may take to initialize. To do this, create an instance + and time the startup process. + type: integer + cpuUtilization: + description: |- + Defines the CPU utilization policy that allows the autoscaler to + scale based on the average CPU utilization of a managed instance + group. + properties: + predictiveMethod: + description: |- + Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are: + + - NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics. + + - OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand. + type: string + target: + description: |- + The target CPU utilization that the autoscaler should maintain. + Must be a float value in the range (0, 1]. If not specified, the + default is 0.6. + + If the CPU level is below the target utilization, the autoscaler + scales down the number of instances until it reaches the minimum + number of instances you specified or until the average CPU of + your instances reaches the target utilization. + + If the average CPU is above the target utilization, the autoscaler + scales up until it reaches the maximum number of instances you + specified or until the average utilization reaches the target + utilization. + type: number + required: + - target + type: object + loadBalancingUtilization: + description: Configuration parameters of autoscaling based on + a load balancer. + properties: + target: + description: |- + Fraction of backend capacity utilization (set in HTTP(s) load + balancing configuration) that autoscaler should maintain. Must + be a positive float value. If not defined, the default is 0.8. + type: number + required: + - target + type: object + maxReplicas: + description: |- + The maximum number of instances that the autoscaler can scale up + to. This is required when creating or updating an autoscaler. The + maximum number of replicas should not be lower than minimal number + of replicas. + type: integer + metric: + description: Configuration parameters of autoscaling based on + a custom metric. + items: + properties: + filter: + description: |- + A filter string to be used as the filter string for + a Stackdriver Monitoring TimeSeries.list API call. + This filter is used to select a specific TimeSeries for + the purpose of autoscaling and to determine whether the metric + is exporting per-instance or per-group data. + + You can only use the AND operator for joining selectors. + You can only use direct equality comparison operator (=) without + any functions for each selector. + You can specify the metric in both the filter string and in the + metric field. However, if specified in both places, the metric must + be identical. + + The monitored resource type determines what kind of values are + expected for the metric. If it is a gce_instance, the autoscaler + expects the metric to include a separate TimeSeries for each + instance in a group. In such a case, you cannot filter on resource + labels. + + If the resource type is any other value, the autoscaler expects + this metric to contain values that apply to the entire autoscaled + instance group and resource label filtering can be performed to + point autoscaler at the correct TimeSeries to scale upon. + This is called a per-group metric for the purpose of autoscaling. + + If not specified, the type defaults to gce_instance. + + You should provide a filter that is selective enough to pick just + one TimeSeries for the autoscaled group or for each of the instances + (if you are using gce_instance resource type). If multiple + TimeSeries are returned upon the query execution, the autoscaler + will sum their respective values to obtain its scaling value. + type: string + name: + description: |- + The identifier (type) of the Stackdriver Monitoring metric. + The metric cannot have negative values. + + The metric must have a value type of INT64 or DOUBLE. + type: string + singleInstanceAssignment: + description: |- + If scaling is based on a per-group metric value that represents the + total amount of work to be done or resource usage, set this value to + an amount assigned for a single instance of the scaled group. + The autoscaler will keep the number of instances proportional to the + value of this metric, the metric itself should not change value due + to group resizing. + + For example, a good metric to use with the target is + 'pubsub.googleapis.com/subscription/num_undelivered_messages' + or a custom metric exporting the total number of requests coming to + your instances. + + A bad example would be a metric exporting an average or median + latency, since this value can't include a chunk assignable to a + single instance, it could be better used with utilization_target + instead. + type: number + target: + description: |- + The target value of the metric that autoscaler should + maintain. This must be a positive value. A utilization + metric scales number of virtual machines handling requests + to increase or decrease proportionally to the metric. + + For example, a good metric to use as a utilizationTarget is + www.googleapis.com/compute/instance/network/received_bytes_count. + The autoscaler will work to keep this value constant for each + of the instances. + type: number + type: + description: |- + Defines how target utilization value is expressed for a + Stackdriver Monitoring metric. Possible values: ["GAUGE", "DELTA_PER_SECOND", "DELTA_PER_MINUTE"]. + type: string + required: + - name + type: object + type: array + minReplicas: + description: |- + The minimum number of replicas that the autoscaler can scale down + to. This cannot be less than 0. If not provided, autoscaler will + choose a default value depending on maximum number of instances + allowed. + type: integer + mode: + description: Defines operating mode for this policy. + type: string + scaleDownControl: + description: |- + Defines scale down controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledDownReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scaleInControl: + description: |- + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledInReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scalingSchedules: + description: Scaling schedules defined for an autoscaler. Multiple + schedules can be set on an autoscaler and they can overlap. + items: + properties: + description: + description: A description of a scaling schedule. + type: string + disabled: + description: A boolean value that specifies if a scaling + schedule can influence autoscaler recommendations. If + set to true, then a scaling schedule has no effect. + type: boolean + durationSec: + description: The duration of time intervals (in seconds) + for which this scaling schedule will be running. The minimum + allowed value is 300. + type: integer + minRequiredReplicas: + description: Minimum number of VM instances that autoscaler + will recommend in time intervals starting according to + schedule. + type: integer + name: + type: string + schedule: + description: The start timestamps of time intervals when + this scaling schedule should provide a scaling signal. + This field uses the extended cron format (with an optional + year field). + type: string + timeZone: + description: 'The time zone to be used when interpreting + the schedule. The value of this field must be a time zone + name from the tz database: http://en.wikipedia.org/wiki/Tz_database.' + type: string + required: + - durationSec + - minRequiredReplicas + - name + - schedule + type: object + type: array + required: + - maxReplicas + - minReplicas + type: object + description: + description: An optional description of this resource. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + targetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstanceGroupManager` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + zone: + description: Immutable. URL of the zone where the instance group resides. + type: string + required: + - autoscalingPolicy + - projectRef + - targetRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computebackendbuckets.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeBackendBucket + plural: computebackendbuckets + shortNames: + - gcpcomputebackendbucket + - gcpcomputebackendbuckets + singular: computebackendbucket + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bucketRef: + description: Reference to the bucket. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + cdnPolicy: + description: Cloud CDN configuration for this Backend Bucket. + properties: + bypassCacheOnRequestHeaders: + description: Bypass the cache when the specified request headers + are matched - e.g. Pragma or Authorization headers. Up to 5 + headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode + settings. + items: + properties: + headerName: + description: The header field name to match on when bypassing + cache. Values are case-insensitive. + type: string + type: object + type: array + cacheKeyPolicy: + description: The CacheKeyPolicy for this CdnPolicy. + properties: + includeHttpHeaders: + description: |- + Allows HTTP request headers (by name) to be used in the + cache key. + items: + type: string + type: array + queryStringWhitelist: + description: |- + Names of query string parameters to include in cache keys. + Default parameters are always included. '&' and '=' will + be percent encoded and not treated as delimiters. + items: + type: string + type: array + type: object + cacheMode: + description: |- + Specifies the cache setting for all responses from this backend. + The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. + type: string + clientTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + defaultTtl: + description: |- + Specifies the default TTL for cached content served by this origin for responses + that do not have an existing valid TTL (max-age or s-max-age). + type: integer + maxTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + negativeCaching: + description: Negative caching allows per-status code TTLs to be + set, in order to apply fine-grained caching for common errors + or redirects. + type: boolean + negativeCachingPolicy: + description: |- + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. + items: + properties: + code: + description: |- + The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 + can be specified as values, and you cannot specify a status code more than once. + type: integer + ttl: + description: |- + The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s + (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + type: integer + type: object + type: array + requestCoalescing: + description: If true then Cloud CDN will combine multiple concurrent + cache fill requests into a small number of requests to the origin. + type: boolean + serveWhileStale: + description: Serve existing content from the cache (if available) + when revalidating content with the origin, or when an error + is encountered when refreshing the cache. + type: integer + signedUrlCacheMaxAgeSec: + description: |- + Maximum number of seconds the response to a signed URL request will + be considered fresh. After this time period, + the response will be revalidated before being served. + When serving responses to signed URL requests, + Cloud CDN will internally behave as though + all responses from this backend had a "Cache-Control: public, + max-age=[TTL]" header, regardless of any existing Cache-Control + header. The actual headers served in responses will not be altered. + type: integer + type: object + compressionMode: + description: 'Compress text responses using Brotli or gzip compression, + based on the client''s Accept-Encoding header. Possible values: + ["AUTOMATIC", "DISABLED"].' + type: string + customResponseHeaders: + description: Headers that the HTTP/S load balancer should add to proxied + responses. + items: + type: string + type: array + description: + description: |- + An optional textual description of the resource; provided by the + client when the resource is created. + type: string + edgeSecurityPolicy: + description: The security policy associated with this backend bucket. + type: string + enableCdn: + description: If true, enable Cloud CDN for this BackendBucket. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - bucketRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computebackendbucketsignedurlkeys.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeBackendBucketSignedURLKey + plural: computebackendbucketsignedurlkeys + shortNames: + - gcpcomputebackendbucketsignedurlkey + - gcpcomputebackendbucketsignedurlkeys + singular: computebackendbucketsignedurlkey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeBackendBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + keyValue: + description: |- + Immutable. 128-bit key value used for signing the URL. The key value must be a + valid RFC 4648 Section 5 base64url encoded string. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - backendBucketRef + - keyValue + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computebackendservices.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeBackendService + plural: computebackendservices + shortNames: + - gcpcomputebackendservice + - gcpcomputebackendservices + singular: computebackendservice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + affinityCookieTtlSec: + description: |- + Lifetime of cookies in seconds if session_affinity is + GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts + only until the end of the browser session (or equivalent). The + maximum allowed value for TTL is one day. + + When the load balancing scheme is INTERNAL, this field is not used. + type: integer + backend: + description: The set of backends that serve this BackendService. + items: + properties: + balancingMode: + description: |- + Specifies the balancing mode for this backend. + + For global HTTP(S) or TCP/SSL load balancing, the default is + UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)) + and CONNECTION (for TCP/SSL). + + See the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode) + for an explanation of load balancing modes. Default value: "UTILIZATION" Possible values: ["UTILIZATION", "RATE", "CONNECTION"]. + type: string + capacityScaler: + description: |- + A multiplier applied to the group's maximum servicing capacity + (based on UTILIZATION, RATE or CONNECTION). + + Default value is 1, which means the group will serve up to 100% + of its configured capacity (depending on balancingMode). A + setting of 0 means the group is completely drained, offering + 0% of its available Capacity. Valid range is [0.0,1.0]. + type: number + description: + description: |- + An optional description of this resource. + Provide this property when you create the resource. + type: string + failover: + description: |- + This field designates whether this is a failover backend. More + than one failover backend can be configured for a given RegionBackendService. + type: boolean + group: + description: |- + Reference to a ComputeInstanceGroup or ComputeNetworkEndpointGroup + resource. In case of instance group this defines the list of + instances that serve traffic. Member virtual machine instances from + each instance group must live in the same zone as the instance + group itself. No two backends in a backend service are allowed to + use same Instance Group resource. + + For Network Endpoint Groups this defines list of endpoints. All + endpoints of Network Endpoint Group must be hosted on instances + located in the same zone as the Network Endpoint Group. + + Backend services cannot mix Instance Group and Network Endpoint + Group backends. + + When the 'load_balancing_scheme' is INTERNAL, only instance groups + are supported. + oneOf: + - required: + - instanceGroupRef + - required: + - networkEndpointGroupRef + properties: + instanceGroupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeInstanceGroup` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkEndpointGroupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeNetworkEndpointGroup` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + maxConnections: + description: |- + The max number of simultaneous connections for the group. Can + be used with either CONNECTION or UTILIZATION balancing modes. + + For CONNECTION mode, either maxConnections or one + of maxConnectionsPerInstance or maxConnectionsPerEndpoint, + as appropriate for group type, must be set. + type: integer + maxConnectionsPerEndpoint: + description: |- + The max number of simultaneous connections that a single backend + network endpoint can handle. This is used to calculate the + capacity of the group. Can be used in either CONNECTION or + UTILIZATION balancing modes. + + For CONNECTION mode, either + maxConnections or maxConnectionsPerEndpoint must be set. + type: integer + maxConnectionsPerInstance: + description: |- + The max number of simultaneous connections that a single + backend instance can handle. This is used to calculate the + capacity of the group. Can be used in either CONNECTION or + UTILIZATION balancing modes. + + For CONNECTION mode, either maxConnections or + maxConnectionsPerInstance must be set. + type: integer + maxRate: + description: |- + The max requests per second (RPS) of the group. + + Can be used with either RATE or UTILIZATION balancing modes, + but required if RATE mode. For RATE mode, either maxRate or one + of maxRatePerInstance or maxRatePerEndpoint, as appropriate for + group type, must be set. + type: integer + maxRatePerEndpoint: + description: |- + The max requests per second (RPS) that a single backend network + endpoint can handle. This is used to calculate the capacity of + the group. Can be used in either balancing mode. For RATE mode, + either maxRate or maxRatePerEndpoint must be set. + type: number + maxRatePerInstance: + description: |- + The max requests per second (RPS) that a single backend + instance can handle. This is used to calculate the capacity of + the group. Can be used in either balancing mode. For RATE mode, + either maxRate or maxRatePerInstance must be set. + type: number + maxUtilization: + description: |- + Used when balancingMode is UTILIZATION. This ratio defines the + CPU utilization target for the group. Valid range is [0.0, 1.0]. + type: number + required: + - group + type: object + type: array + cdnPolicy: + description: Cloud CDN configuration for this BackendService. + properties: + bypassCacheOnRequestHeaders: + description: |- + Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. + The cache is bypassed for all cdnPolicy.cacheMode settings. + items: + properties: + headerName: + description: The header field name to match on when bypassing + cache. Values are case-insensitive. + type: string + required: + - headerName + type: object + type: array + cacheKeyPolicy: + description: The CacheKeyPolicy for this CdnPolicy. + properties: + includeHost: + description: If true requests to different hosts will be cached + separately. + type: boolean + includeHttpHeaders: + description: |- + Allows HTTP request headers (by name) to be used in the + cache key. + items: + type: string + type: array + includeNamedCookies: + description: Names of cookies to include in cache keys. + items: + type: string + type: array + includeProtocol: + description: If true, http and https requests will be cached + separately. + type: boolean + includeQueryString: + description: |- + If true, include query string parameters in the cache key + according to query_string_whitelist and + query_string_blacklist. If neither is set, the entire query + string will be included. + + If false, the query string will be excluded from the cache + key entirely. + type: boolean + queryStringBlacklist: + description: |- + Names of query string parameters to exclude in cache keys. + + All other parameters will be included. Either specify + query_string_whitelist or query_string_blacklist, not both. + '&' and '=' will be percent encoded and not treated as + delimiters. + items: + type: string + type: array + queryStringWhitelist: + description: |- + Names of query string parameters to include in cache keys. + + All other parameters will be excluded. Either specify + query_string_whitelist or query_string_blacklist, not both. + '&' and '=' will be percent encoded and not treated as + delimiters. + items: + type: string + type: array + type: object + cacheMode: + description: |- + Specifies the cache setting for all responses from this backend. + The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. + type: string + clientTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + defaultTtl: + description: |- + Specifies the default TTL for cached content served by this origin for responses + that do not have an existing valid TTL (max-age or s-max-age). + type: integer + maxTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + negativeCaching: + description: Negative caching allows per-status code TTLs to be + set, in order to apply fine-grained caching for common errors + or redirects. + type: boolean + negativeCachingPolicy: + description: |- + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. + items: + properties: + code: + description: |- + The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 + can be specified as values, and you cannot specify a status code more than once. + type: integer + ttl: + description: |- + The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s + (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + type: integer + type: object + type: array + serveWhileStale: + description: Serve existing content from the cache (if available) + when revalidating content with the origin, or when an error + is encountered when refreshing the cache. + type: integer + signedUrlCacheMaxAgeSec: + description: |- + Maximum number of seconds the response to a signed URL request + will be considered fresh, defaults to 1hr (3600s). After this + time period, the response will be revalidated before + being served. + + When serving responses to signed URL requests, Cloud CDN will + internally behave as though all responses from this backend had a + "Cache-Control: public, max-age=[TTL]" header, regardless of any + existing Cache-Control header. The actual headers served in + responses will not be altered. + type: integer + type: object + circuitBreakers: + description: |- + Settings controlling the volume of connections to a backend service. This field + is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. + properties: + connectTimeout: + description: The timeout for new network connections to hosts. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + maxConnections: + description: |- + The maximum number of connections to the backend cluster. + Defaults to 1024. + type: integer + maxPendingRequests: + description: |- + The maximum number of pending requests to the backend cluster. + Defaults to 1024. + type: integer + maxRequests: + description: |- + The maximum number of parallel requests to the backend cluster. + Defaults to 1024. + type: integer + maxRequestsPerConnection: + description: |- + Maximum requests for a single backend connection. This parameter + is respected by both the HTTP/1.1 and HTTP/2 implementations. If + not specified, there is no limit. Setting this parameter to 1 + will effectively disable keep alive. + type: integer + maxRetries: + description: |- + The maximum number of parallel retries to the backend cluster. + Defaults to 3. + type: integer + type: object + compressionMode: + description: 'Compress text responses using Brotli or gzip compression, + based on the client''s Accept-Encoding header. Possible values: + ["AUTOMATIC", "DISABLED"].' + type: string + connectionDrainingTimeoutSec: + description: |- + Time for which instance will be drained (not accept new + connections, but still work to finish started). + type: integer + connectionTrackingPolicy: + description: |- + Connection Tracking configuration for this BackendService. + This is available only for Layer 4 Internal Load Balancing and + Network Load Balancing. + properties: + connectionPersistenceOnUnhealthyBackends: + description: |- + Specifies connection persistence when backends are unhealthy. + + If set to 'DEFAULT_FOR_PROTOCOL', the existing connections persist on + unhealthy backends only for connection-oriented protocols (TCP and SCTP) + and only if the Tracking Mode is PER_CONNECTION (default tracking mode) + or the Session Affinity is configured for 5-tuple. They do not persist + for UDP. + + If set to 'NEVER_PERSIST', after a backend becomes unhealthy, the existing + connections on the unhealthy backend are never persisted on the unhealthy + backend. They are always diverted to newly selected healthy backends + (unless all backends are unhealthy). + + If set to 'ALWAYS_PERSIST', existing connections always persist on + unhealthy backends regardless of protocol and session affinity. It is + generally not recommended to use this mode overriding the default. Default value: "DEFAULT_FOR_PROTOCOL" Possible values: ["DEFAULT_FOR_PROTOCOL", "NEVER_PERSIST", "ALWAYS_PERSIST"]. + type: string + enableStrongAffinity: + description: Enable Strong Session Affinity for Network Load Balancing. + This option is not available publicly. + type: boolean + idleTimeoutSec: + description: |- + Specifies how long to keep a Connection Tracking entry while there is + no matching traffic (in seconds). + + For L4 ILB the minimum(default) is 10 minutes and maximum is 16 hours. + + For NLB the minimum(default) is 60 seconds and the maximum is 16 hours. + type: integer + trackingMode: + description: |- + Specifies the key used for connection tracking. There are two options: + 'PER_CONNECTION': The Connection Tracking is performed as per the + Connection Key (default Hash Method) for the specific protocol. + + 'PER_SESSION': The Connection Tracking is performed as per the + configured Session Affinity. It matches the configured Session Affinity. Default value: "PER_CONNECTION" Possible values: ["PER_CONNECTION", "PER_SESSION"]. + type: string + type: object + consistentHash: + description: |- + Consistent Hash-based load balancing can be used to provide soft session + affinity based on HTTP headers, cookies or other properties. This load balancing + policy is applicable only for HTTP connections. The affinity to a particular + destination host will be lost when one or more hosts are added/removed from the + destination service. This field specifies parameters that control consistent + hashing. This field only applies if the load_balancing_scheme is set to + INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is + set to MAGLEV or RING_HASH. + properties: + httpCookie: + description: |- + Hash is based on HTTP Cookie. This field describes a HTTP cookie + that will be used as the hash key for the consistent hash load + balancer. If the cookie is not present, it will be generated. + This field is applicable if the sessionAffinity is set to HTTP_COOKIE. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: Lifetime of the cookie. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + type: object + httpHeaderName: + description: |- + The hash based on the value of the specified header field. + This field is applicable if the sessionAffinity is set to HEADER_FIELD. + type: string + minimumRingSize: + description: |- + The minimum number of virtual nodes to use for the hash ring. + Larger ring sizes result in more granular load + distributions. If the number of hosts in the load balancing pool + is larger than the ring size, each host will be assigned a single + virtual node. + Defaults to 1024. + type: integer + type: object + customRequestHeaders: + description: |- + Headers that the HTTP/S load balancer should add to proxied + requests. + items: + type: string + type: array + customResponseHeaders: + description: |- + Headers that the HTTP/S load balancer should add to proxied + responses. + items: + type: string + type: array + description: + description: An optional description of this resource. + type: string + edgeSecurityPolicyRef: + description: |- + The resource URL for the edge security policy associated with this + backend service. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + enableCdn: + description: If true, enable Cloud CDN for this BackendService. + type: boolean + failoverPolicy: + description: Policy for failovers. + properties: + disableConnectionDrainOnFailover: + description: |- + On failover or failback, this field indicates whether connection drain + will be honored. Setting this to true has the following effect: connections + to the old active pool are not drained. Connections to the new active pool + use the timeout of 10 min (currently fixed). Setting to false has the + following effect: both old and new connections will have a drain timeout + of 10 min. + This can be set to true only if the protocol is TCP. + The default is false. + type: boolean + dropTrafficIfUnhealthy: + description: |- + This option is used only when no healthy VMs are detected in the primary + and backup instance groups. When set to true, traffic is dropped. When + set to false, new connections are sent across all VMs in the primary group. + The default is false. + type: boolean + failoverRatio: + description: |- + The value of the field must be in [0, 1]. If the ratio of the healthy + VMs in the primary backend is at or below this number, traffic arriving + at the load-balanced IP will be directed to the failover backend. + In case where 'failoverRatio' is not set or all the VMs in the backup + backend are unhealthy, the traffic will be directed back to the primary + backend in the "force" mode, where traffic will be spread to the healthy + VMs with the best effort, or to all VMs when no VM is healthy. + This field is only used with l4 load balancing. + type: number + type: object + healthChecks: + items: + description: |- + The health check resources for health checking this + ComputeBackendService. Currently at most one health check can be + specified, and a health check is required. + oneOf: + - required: + - healthCheckRef + - required: + - httpHealthCheckRef + properties: + healthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + httpHealthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + iap: + description: Settings for enabling Cloud Identity Aware Proxy. + oneOf: + - required: + - oauth2ClientId + - required: + - oauth2ClientIdRef + properties: + oauth2ClientId: + description: DEPRECATED. Although this field is still available, + there is limited support. We recommend that you use `spec.iap.oauth2ClientIdRef` + instead. + type: string + oauth2ClientIdRef: + description: OAuth2 Client ID for IAP. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `IAPIdentityAwareProxyClient` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + oauth2ClientSecret: + description: OAuth2 Client Secret for IAP. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - key + - name + type: object + type: object + type: object + oauth2ClientSecretSha256: + description: OAuth2 Client Secret SHA-256 for IAP. + type: string + type: object + loadBalancingScheme: + description: |- + Immutable. Indicates whether the backend service will be used with internal or + external load balancing. A backend service created for one type of + load balancing cannot be used with the other. For more information, refer to + [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: "EXTERNAL" Possible values: ["EXTERNAL", "INTERNAL_SELF_MANAGED", "INTERNAL_MANAGED", "EXTERNAL_MANAGED"]. + type: string + localityLbPolicies: + description: |- + A list of locality load balancing policies to be used in order of + preference. Either the policy or the customPolicy field should be set. + Overrides any value set in the localityLbPolicy field. + + localityLbPolicies is only supported when the BackendService is referenced + by a URL Map that is referenced by a target gRPC proxy that has the + validateForProxyless field set to true. + items: + properties: + customPolicy: + description: |- + The configuration for a custom policy implemented by the user and + deployed with the client. + properties: + data: + description: |- + An optional, arbitrary JSON object with configuration data, understood + by a locally installed custom policy implementation. + type: string + name: + description: |- + Identifies the custom policy. + + The value should match the type the custom implementation is registered + with on the gRPC clients. It should follow protocol buffer + message naming conventions and include the full path (e.g. + myorg.CustomLbPolicy). The maximum length is 256 characters. + + Note that specifying the same custom policy more than once for a + backend is not a valid configuration and will be rejected. + type: string + required: + - name + type: object + policy: + description: The configuration for a built-in load balancing + policy. + properties: + name: + description: |- + The name of a locality load balancer policy to be used. The value + should be one of the predefined ones as supported by localityLbPolicy, + although at the moment only ROUND_ROBIN is supported. + + This field should only be populated when the customPolicy field is not + used. + + Note that specifying the same policy more than once for a backend is + not a valid configuration and will be rejected. + + The possible values are: + + * 'ROUND_ROBIN': This is a simple policy in which each healthy backend + is selected in round robin order. + + * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy + hosts and picks the host which has fewer active requests. + + * 'RING_HASH': The ring/modulo hash load balancer implements consistent + hashing to backends. The algorithm has the property that the + addition/removal of a host from a set of N hosts only affects + 1/N of the requests. + + * 'RANDOM': The load balancer selects a random healthy host. + + * 'ORIGINAL_DESTINATION': Backend host is selected based on the client + connection metadata, i.e., connections are opened + to the same address as the destination address of + the incoming connection before the connection + was redirected to the load balancer. + + * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. + Maglev is not as stable as ring hash but has faster table lookup + build times and host selection times. For more information about + Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"]. + type: string + required: + - name + type: object + type: object + type: array + localityLbPolicy: + description: |- + The load balancing algorithm used within the scope of the locality. + The possible values are: + + * 'ROUND_ROBIN': This is a simple policy in which each healthy backend + is selected in round robin order. + + * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy + hosts and picks the host which has fewer active requests. + + * 'RING_HASH': The ring/modulo hash load balancer implements consistent + hashing to backends. The algorithm has the property that the + addition/removal of a host from a set of N hosts only affects + 1/N of the requests. + + * 'RANDOM': The load balancer selects a random healthy host. + + * 'ORIGINAL_DESTINATION': Backend host is selected based on the client + connection metadata, i.e., connections are opened + to the same address as the destination address of + the incoming connection before the connection + was redirected to the load balancer. + + * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. + Maglev is not as stable as ring hash but has faster table lookup + build times and host selection times. For more information about + Maglev, refer to https://ai.google/research/pubs/pub44824 + + * 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check + reported weights. If set, the Backend Service must + configure a non legacy HTTP-based Health Check, and + health check replies are expected to contain + non-standard HTTP response header field + X-Load-Balancing-Endpoint-Weight to specify the + per-instance weights. If set, Load Balancing is weight + based on the per-instance weights reported in the last + processed health check replies, as long as every + instance either reported a valid weight or had + UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains + equal-weight. + + + This field is applicable to either: + + * A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, + and loadBalancingScheme set to INTERNAL_MANAGED. + * A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. + * A regional backend service with loadBalancingScheme set to EXTERNAL (External Network + Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External + Network Load Balancing. The default is MAGLEV. + + + If session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV, + or RING_HASH, session affinity settings will not take effect. + + Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced + by a URL map that is bound to target gRPC proxy that has validate_for_proxyless + field set to true. Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV", "WEIGHTED_MAGLEV"]. + type: string + location: + description: 'Location represents the geographical location of the + ComputeBackendService. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + logConfig: + description: |- + This field denotes the logging options for the load balancer traffic served by this backend service. + If logging is enabled, logs will be exported to Stackdriver. + properties: + enable: + description: Whether to enable logging for the load balancer traffic + served by this backend service. + type: boolean + sampleRate: + description: |- + This field can only be specified if logging is enabled for this backend service. The value of + the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer + where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. + The default value is 1.0. + type: number + type: object + networkRef: + description: |- + The network to which this backend service belongs. This field can + only be specified when the load balancing scheme is set to + INTERNAL. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + outlierDetection: + description: |- + Settings controlling eviction of unhealthy hosts from the load balancing pool. + This field is applicable only when the load_balancing_scheme is set + to INTERNAL_SELF_MANAGED. + properties: + baseEjectionTime: + description: |- + The base time that a host is ejected for. The real time is equal to the base + time multiplied by the number of times the host has been ejected. Defaults to + 30000ms or 30s. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: integer + required: + - seconds + type: object + consecutiveErrors: + description: |- + Number of errors before a host is ejected from the connection pool. When the + backend host is accessed over HTTP, a 5xx return code qualifies as an error. + Defaults to 5. + type: integer + consecutiveGatewayFailure: + description: |- + The number of consecutive gateway failures (502, 503, 504 status or connection + errors that are mapped to one of those status codes) before a consecutive + gateway failure ejection occurs. Defaults to 5. + type: integer + enforcingConsecutiveErrors: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through consecutive 5xx. This setting can be used to disable + ejection or to ramp it up slowly. Defaults to 100. + type: integer + enforcingConsecutiveGatewayFailure: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through consecutive gateway failures. This setting can be + used to disable ejection or to ramp it up slowly. Defaults to 0. + type: integer + enforcingSuccessRate: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through success rate statistics. This setting can be used to + disable ejection or to ramp it up slowly. Defaults to 100. + type: integer + interval: + description: |- + Time interval between ejection sweep analysis. This can result in both new + ejections as well as hosts being returned to service. Defaults to 10 seconds. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: integer + required: + - seconds + type: object + maxEjectionPercent: + description: |- + Maximum percentage of hosts in the load balancing pool for the backend service + that can be ejected. Defaults to 10%. + type: integer + successRateMinimumHosts: + description: |- + The number of hosts in a cluster that must have enough request volume to detect + success rate outliers. If the number of hosts is less than this setting, outlier + detection via success rate statistics is not performed for any host in the + cluster. Defaults to 5. + type: integer + successRateRequestVolume: + description: |- + The minimum number of total requests that must be collected in one interval (as + defined by the interval duration above) to include this host in success rate + based outlier detection. If the volume is lower than this setting, outlier + detection via success rate statistics is not performed for that host. Defaults + to 100. + type: integer + successRateStdevFactor: + description: |- + This factor is used to determine the ejection threshold for success rate outlier + ejection. The ejection threshold is the difference between the mean success + rate, and the product of this factor and the standard deviation of the mean + success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided + by a thousand to get a double. That is, if the desired factor is 1.9, the + runtime value should be 1900. Defaults to 1900. + type: integer + type: object + portName: + description: |- + Name of backend port. The same name should appear in the instance + groups referenced by this service. Required when the load balancing + scheme is EXTERNAL. + type: string + protocol: + description: |- + The protocol this BackendService uses to communicate with backends. + The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer + types and may result in errors if used with the GA API. **NOTE**: With protocol “UNSPECIFIED”, + the backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing + with TCP/UDP/L3_DEFAULT Forwarding Rule protocol. Possible values: ["HTTP", "HTTPS", "HTTP2", "TCP", "SSL", "GRPC", "UNSPECIFIED"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + securityPolicy: + description: The security policy associated with this backend service. + type: string + securityPolicyRef: + description: The security policy associated with this backend service. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + securitySettings: + description: |- + The security settings that apply to this backend service. This field is applicable to either + a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and + load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the + load_balancing_scheme set to INTERNAL_SELF_MANAGED. + properties: + clientTLSPolicyRef: + description: |- + ClientTlsPolicy is a resource that specifies how a client should + authenticate connections to backends of a service. This resource itself + does not affect configuration unless it is attached to a backend + service resource. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `//networksecurity.googleapis.com/projects/{{project}}/locations/{{location}}/clientTlsPolicies/{{value}}`, + where {{value}} is the `name` field of a `NetworkSecurityClientTLSPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subjectAltNames: + description: |- + A list of alternate names to verify the subject identity in the certificate. + If specified, the client will verify that the server certificate's subject + alt name matches one of the specified values. + items: + type: string + type: array + required: + - clientTLSPolicyRef + - subjectAltNames + type: object + sessionAffinity: + description: |- + Type of session affinity to use. The default is NONE. Session affinity is + not applicable if the protocol is UDP. Possible values: ["NONE", "CLIENT_IP", "CLIENT_IP_PORT_PROTO", "CLIENT_IP_PROTO", "GENERATED_COOKIE", "HEADER_FIELD", "HTTP_COOKIE"]. + type: string + subsetting: + description: Subsetting configuration for this BackendService. Currently + this is applicable only for Internal TCP/UDP load balancing and + Internal HTTP(S) load balancing. + properties: + policy: + description: 'The algorithm used for subsetting. Possible values: + ["CONSISTENT_HASH_SUBSETTING"].' + type: string + required: + - policy + type: object + timeoutSec: + description: |- + How many seconds to wait for the backend before considering it a + failed request. Default is 30 seconds. Valid range is [1, 86400]. + type: integer + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + fingerprint: + description: |- + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. + type: string + generatedId: + description: The unique identifier for the resource. This identifier + is defined by the server. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computebackendservicesignedurlkeys.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeBackendServiceSignedURLKey + plural: computebackendservicesignedurlkeys + shortNames: + - gcpcomputebackendservicesignedurlkey + - gcpcomputebackendservicesignedurlkeys + singular: computebackendservicesignedurlkey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + keyValue: + description: |- + Immutable. 128-bit key value used for signing the URL. The key value must be a + valid RFC 4648 Section 5 base64url encoded string. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - backendServiceRef + - keyValue + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computediskresourcepolicyattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeDiskResourcePolicyAttachment + plural: computediskresourcepolicyattachments + shortNames: + - gcpcomputediskresourcepolicyattachment + - gcpcomputediskresourcepolicyattachments + singular: computediskresourcepolicyattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + diskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. A reference to the zone where the disk resides. + type: string + required: + - diskRef + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computedisks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeDisk + plural: computedisks + shortNames: + - gcpcomputedisk + - gcpcomputedisks + singular: computedisk + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + asyncPrimaryDisk: + description: Immutable. A nested object resource. + properties: + diskRef: + description: Immutable. Primary disk for asynchronous disk replication. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - diskRef + type: object + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + diskEncryptionKey: + description: |- + Immutable. Encrypts the disk using a customer-supplied encryption key. + + After you encrypt a disk with a customer-supplied key, you must + provide the same key if you use the disk later (e.g. to create a disk + snapshot or an image, or to attach the disk to a virtual machine). + + Customer-supplied encryption keys do not protect access to metadata of + the disk. + + If you do not provide an encryption key when creating the disk, then + the disk will be encrypted using an automatically generated key and + you do not need to provide a key to use the disk later. + properties: + kmsKeyRef: + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - key + - name + type: object + type: object + type: object + rsaEncryptedKey: + description: |- + Immutable. Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit + customer-supplied encryption key to either encrypt or decrypt + this resource. You can provide either the rawKey or the rsaEncryptedKey. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + enableConfidentialCompute: + description: |- + Immutable. Whether this disk is using confidential compute mode. + Note: Only supported on hyperdisk skus, disk_encryption_key is required when setting to true. + type: boolean + guestOsFeatures: + description: |- + Immutable. A list of features to enable on the guest operating system. + Applicable only for bootable disks. + items: + properties: + type: + description: 'Immutable. The type of supported feature. Read + [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) + to see a list of available options. Possible values: ["MULTI_IP_SUBNET", + "SECURE_BOOT", "SEV_CAPABLE", "UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", + "WINDOWS", "GVNIC", "SEV_LIVE_MIGRATABLE", "SEV_SNP_CAPABLE", + "SUSPEND_RESUME_COMPATIBLE", "TDX_CAPABLE"].' + type: string + required: + - type + type: object + type: array + imageRef: + description: The image from which to initialize this disk. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeImage` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + interface: + description: DEPRECATED. `interface` is deprecated. This field is + no longer used and can be safely removed from your configurations; + disk interfaces are automatically determined on attachment. Immutable. + Specifies the disk interface to use for attaching this disk, which + is either SCSI or NVME. The default is SCSI. + type: string + licenses: + description: Immutable. Any applicable license URI. + items: + type: string + type: array + location: + description: 'Location represents the geographical location of the + ComputeDisk. Specify a region name or a zone name. Reference: GCP + definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + multiWriter: + description: Immutable. Indicates whether or not the disk can be read/write + attached to more than one instance. + type: boolean + physicalBlockSizeBytes: + description: |- + Immutable. Physical block size of the persistent disk, in bytes. If not present + in a request, a default value is used. Currently supported sizes + are 4096 and 16384, other sizes may be added in the future. + If an unsupported value is requested, the error message will list + the supported values for the caller's project. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + provisionedIops: + description: |- + Indicates how many IOPS must be provisioned for the disk. + Note: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk + allows for an update of IOPS every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it. + type: integer + provisionedThroughput: + description: |- + Indicates how much Throughput must be provisioned for the disk. + Note: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk + allows for an update of Throughput every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it. + type: integer + replicaZones: + description: Immutable. URLs of the zones where the disk should be + replicated to. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + description: |- + Resource policies applied to this disk for automatic snapshot creations. + This field only applies for zonal compute disk resources. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + size: + description: |- + Size of the persistent disk, specified in GB. You can specify this + field when creating a persistent disk using the 'image' or + 'snapshot' parameter, or specify it alone to create an empty + persistent disk. + + If you specify this field along with 'image' or 'snapshot', + the value must not be less than the size of the image + or the size of the snapshot. + + Upsizing the disk is mutable, but downsizing the disk + requires re-creating the resource. + type: integer + snapshotRef: + description: The source snapshot used to create this disk. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceDiskRef: + description: The source disk used to create this disk. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceImageEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source image. Required if + the source image is protected by a customer-supplied encryption key. + properties: + kmsKeyRef: + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + type: string + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + sourceSnapshotEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source snapshot. Required + if the source snapshot is protected by a customer-supplied encryption + key. + properties: + kmsKeyRef: + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + type: string + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + type: + description: |- + Immutable. URL of the disk type resource describing which disk type to use to + create the disk. Provide this when creating the disk. + type: string + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + lastAttachTimestamp: + description: Last attach timestamp in RFC3339 text format. + type: string + lastDetachTimestamp: + description: Last detach timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + sourceDiskId: + description: |- + The ID value of the disk used to create this image. This value may + be used to determine whether the image was taken from the current + or a previous instance of a given disk name. + type: string + sourceImageId: + description: |- + The ID value of the image used to create this disk. This value + identifies the exact image that was used to create this persistent + disk. For example, if you created the persistent disk from an image + that was later deleted and recreated under the same name, the source + image ID would identify the exact version of the image that was used. + type: string + sourceSnapshotId: + description: |- + The unique ID of the snapshot used to create this disk. This value + identifies the exact snapshot that was used to create this persistent + disk. For example, if you created the persistent disk from a snapshot + that was later deleted and recreated under the same name, the source + snapshot ID would identify the exact version of the snapshot that was + used. + type: string + users: + description: |- + Links to the users of the disk (attached instances) in form: + project/zones/zone/instances/instance. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeexternalvpngateways.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeExternalVPNGateway + plural: computeexternalvpngateways + shortNames: + - gcpcomputeexternalvpngateway + - gcpcomputeexternalvpngateways + singular: computeexternalvpngateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + interface: + description: Immutable. A list of interfaces on this external VPN + gateway. + items: + properties: + id: + description: |- + Immutable. The numeric ID for this interface. Allowed values are based on the redundancy type + of this external VPN gateway + * '0 - SINGLE_IP_INTERNALLY_REDUNDANT' + * '0, 1 - TWO_IPS_REDUNDANCY' + * '0, 1, 2, 3 - FOUR_IPS_REDUNDANCY'. + type: integer + ipAddress: + description: |- + Immutable. IP address of the interface in the external VPN gateway. + Only IPv4 is supported. This IP address can be either from + your on-premise gateway or another Cloud provider's VPN gateway, + it cannot be an IP address from Google Compute Engine. + type: string + type: object + type: array + redundancyType: + description: 'Immutable. Indicates the redundancy type of this external + VPN gateway Possible values: ["FOUR_IPS_REDUNDANCY", "SINGLE_IP_INTERNALLY_REDUNDANT", + "TWO_IPS_REDUNDANCY"].' + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computefirewallpolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeFirewallPolicy + plural: computefirewallpolicies + shortNames: + - gcpcomputefirewallpolicy + - gcpcomputefirewallpolicies + singular: computefirewallpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef + properties: + description: + description: An optional description of this resource. Provide this + property when you create the resource. + type: string + folderRef: + description: Immutable. The Folder that this resource belongs to. + Only one of [folderRef, organizationRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Folder` resource (format: `folders/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [folderRef, organizationRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + shortName: + description: Immutable. User-provided name of the Organization firewall + policy. The name should be unique in the organization in which the + firewall policy is created. The name must be 1-63 characters long, + and comply with RFC1035. Specifically, the name must be 1-63 characters + long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? + which means the first character must be a lowercase letter, and + all following characters must be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. + type: string + required: + - shortName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + fingerprint: + description: Fingerprint of the resource. This field is used internally + during updates of this resource. + type: string + id: + description: The unique identifier for the resource. This identifier + is defined by the server. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + ruleTupleCount: + description: Total count of all firewall policy rule tuples. A firewall + policy can not exceed a set number of tuples. + format: int64 + type: integer + selfLink: + description: Server-defined URL for the resource. + type: string + selfLinkWithId: + description: Server-defined URL for this resource with the resource + id. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computefirewallpolicyassociations.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeFirewallPolicyAssociation + plural: computefirewallpolicyassociations + shortNames: + - gcpcomputefirewallpolicyassociation + - gcpcomputefirewallpolicyassociations + singular: computefirewallpolicyassociation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attachmentTargetRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: |- + The target that the firewall policy is attached to. + + Allowed values: + * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). + * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). + type: string + kind: + description: 'Kind of the referent. Allowed values: Folder' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + firewallPolicyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The firewall policy ID of the association. + + Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - attachmentTargetRef + - firewallPolicyRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + shortName: + description: The short name of the firewall policy of the association. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computefirewallpolicyrules.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeFirewallPolicyRule + listKind: ComputeFirewallPolicyRuleList + plural: computefirewallpolicyrules + shortNames: + - gcpcomputefirewallpolicyrule + - gcpcomputefirewallpolicyrules + singular: computefirewallpolicyrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: ComputeFirewallPolicyRule is the Schema for the compute API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: The Action to perform when the client connection triggers + the rule. Valid actions are "allow", "deny" and "goto_next". + type: string + description: + description: An optional description for this resource. + type: string + direction: + description: 'The direction in which this rule applies. Possible values: + INGRESS, EGRESS' + type: string + disabled: + description: Denotes whether the firewall policy rule is disabled. + When set to true, the firewall policy rule is not enforced and traffic + behaves as if it did not exist. If this is unspecified, the firewall + policy rule will be enabled. + type: boolean + enableLogging: + description: 'Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the configured export + destination in Stackdriver. Logs may be exported to BigQuery or + Pub/Sub. Note: you cannot enable logging on "goto_next" rules.' + type: boolean + firewallPolicyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed ComputeFirewallPolicy + resource. Should be in the format `locations/global/firewallPolicies/{{firewallPolicyID}}`. + type: string + name: + description: The `name` field of a `ComputeFirewallPolicy` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeFirewallPolicy` + resource. + type: string + type: object + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding 'action' is + enforced. + properties: + destAddressGroups: + description: Address groups which should be matched against the + traffic destination. Maximum number of destination address groups + is 10. Destination address groups is only supported in Egress + rules. + items: + type: string + type: array + destFqdns: + description: Domain names that will be used to match against the + resolved domain name of destination of traffic. Can only be + specified if DIRECTION is egress. + items: + type: string + type: array + destIPRanges: + description: CIDR IP address range. Maximum number of destination + CIDR IP ranges allowed is 256. + items: + type: string + type: array + destRegionCodes: + description: The Unicode country codes whose IP addresses will + be used to match against the source of traffic. Can only be + specified if DIRECTION is egress. + items: + type: string + type: array + destThreatIntelligences: + description: Name of the Google Cloud Threat Intelligence list. + items: + type: string + type: array + layer4Configs: + description: Pairs of IP protocols and ports that the rule should + match. + items: + properties: + ipProtocol: + description: The IP protocol to which this rule applies. + The protocol type is required when creating a firewall + rule. This value can either be one of the following well + known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, + `ipip`, `sctp`), or the IP protocol number. + type: string + ports: + description: 'An optional list of ports to which this rule + applies. This field is only applicable for UDP or TCP + protocol. Each entry must be either an integer or a range. + If not specified, this rule applies to connections through + any port. Example inputs include: ``.' + items: + type: string + type: array + required: + - ipProtocol + type: object + type: array + srcAddressGroups: + description: Address groups which should be matched against the + traffic source. Maximum number of source address groups is 10. + Source address groups is only supported in Ingress rules. + items: + type: string + type: array + srcFqdns: + description: Domain names that will be used to match against the + resolved domain name of source of traffic. Can only be specified + if DIRECTION is ingress. + items: + type: string + type: array + srcIPRanges: + description: CIDR IP address range. Maximum number of source CIDR + IP ranges allowed is 256. + items: + type: string + type: array + srcRegionCodes: + description: The Unicode country codes whose IP addresses will + be used to match against the source of traffic. Can only be + specified if DIRECTION is ingress. + items: + type: string + type: array + srcThreatIntelligences: + description: Name of the Google Cloud Threat Intelligence list. + items: + type: string + type: array + required: + - layer4Configs + type: object + priority: + description: Immutable. An integer indicating the priority of a rule + in the list. The priority must be a positive value between 0 and + 2147483647. Rules are evaluated from highest to lowest priority + where 0 is the highest priority and 2147483647 is the lowest prority. + format: int64 + type: integer + targetResources: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed Compute Network + resource. Should be in the format `projects//global/networks/`. + type: string + name: + description: The `name` field of a `ComputeNetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeNetwork` resource. + type: string + type: object + type: array + targetServiceAccounts: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - action + - direction + - firewallPolicyRef + - match + - priority + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique Config Connector specifier for the resource + in GCP. + type: string + kind: + description: Type of the resource. Always `compute#firewallPolicyRule` + for firewall policy rules + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + ruleTupleCount: + description: Calculation of the complexity of a single firewall policy + rule. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computefirewalls.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeFirewall + plural: computefirewalls + shortNames: + - gcpcomputefirewall + - gcpcomputefirewalls + singular: computefirewall + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + allow: + description: |- + The list of ALLOW rules specified by this firewall. Each rule + specifies a protocol and port-range tuple that describes a permitted + connection. + items: + properties: + ports: + description: |- + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + items: + type: string + type: array + protocol: + description: |- + The IP protocol to which this rule applies. The protocol type is + required when creating a firewall rule. This value can either be + one of the following well known protocol strings (tcp, udp, + icmp, esp, ah, sctp, ipip, all), or the IP protocol number. + type: string + required: + - protocol + type: object + type: array + deny: + description: |- + The list of DENY rules specified by this firewall. Each rule specifies + a protocol and port-range tuple that describes a denied connection. + items: + properties: + ports: + description: |- + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + items: + type: string + type: array + protocol: + description: |- + The IP protocol to which this rule applies. The protocol type is + required when creating a firewall rule. This value can either be + one of the following well known protocol strings (tcp, udp, + icmp, esp, ah, sctp, ipip, all), or the IP protocol number. + type: string + required: + - protocol + type: object + type: array + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + destinationRanges: + description: |- + If destination ranges are specified, the firewall will apply only to + traffic that has destination IP address in these ranges. These ranges + must be expressed in CIDR format. IPv4 or IPv6 ranges are supported. + items: + type: string + type: array + direction: + description: |- + Immutable. Direction of traffic to which this firewall applies; default is + INGRESS. Note: For INGRESS traffic, one of 'source_ranges', + 'source_tags' or 'source_service_accounts' is required. Possible values: ["INGRESS", "EGRESS"]. + type: string + disabled: + description: |- + Denotes whether the firewall rule is disabled, i.e not applied to the + network it is associated with. When set to true, the firewall rule is + not enforced and the network behaves as if it did not exist. If this + is unspecified, the firewall rule will be enabled. + type: boolean + enableLogging: + description: DEPRECATED. Deprecated in favor of log_config. This field + denotes whether to enable logging for a particular firewall rule. + If logging is enabled, logs will be exported to Stackdriver. + type: boolean + logConfig: + description: |- + This field denotes the logging options for a particular firewall rule. + If defined, logging is enabled, and logs will be exported to Cloud Logging. + properties: + metadata: + description: 'This field denotes whether to include or exclude + metadata for firewall logs. Possible values: ["EXCLUDE_ALL_METADATA", + "INCLUDE_ALL_METADATA"].' + type: string + required: + - metadata + type: object + networkRef: + description: The network to attach this firewall to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + priority: + description: |- + Priority for this rule. This is an integer between 0 and 65535, both + inclusive. When not specified, the value assumed is 1000. Relative + priorities determine precedence of conflicting rules. Lower value of + priority implies higher precedence (eg, a rule with priority 0 has + higher precedence than a rule with priority 1). DENY rules take + precedence over ALLOW rules having equal priority. + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceRanges: + description: |- + If source ranges are specified, the firewall will apply only to + traffic that has source IP address in these ranges. These ranges must + be expressed in CIDR format. One or both of sourceRanges and + sourceTags may be set. If both properties are set, the firewall will + apply to traffic that has source IP address within sourceRanges OR the + source IP that belongs to a tag listed in the sourceTags property. The + connection does not need to match both properties for the firewall to + apply. IPv4 or IPv6 ranges are supported. For INGRESS traffic, one of + 'source_ranges', 'source_tags' or 'source_service_accounts' is required. + items: + type: string + type: array + sourceServiceAccounts: + items: + description: |- + If source service accounts are specified, the firewall will apply only + to traffic originating from an instance with a service account in this + list. Source service accounts cannot be used to control traffic to an + instance's external IP address because service accounts are associated + with an instance, not an IP address. sourceRanges can be set at the + same time as sourceServiceAccounts. If both are set, the firewall will + apply to traffic that has source IP address within sourceRanges OR the + source IP belongs to an instance with service account listed in + sourceServiceAccount. The connection does not need to match both + properties for the firewall to apply. sourceServiceAccounts cannot be + used at the same time as sourceTags or targetTags. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceTags: + description: |- + If source tags are specified, the firewall will apply only to traffic + with source IP that belongs to a tag listed in source tags. Source + tags cannot be used to control traffic to an instance's external IP + address. Because tags are associated with an instance, not an IP + address. One or both of sourceRanges and sourceTags may be set. If + both properties are set, the firewall will apply to traffic that has + source IP address within sourceRanges OR the source IP that belongs to + a tag listed in the sourceTags property. The connection does not need + to match both properties for the firewall to apply. For INGRESS traffic, + one of 'source_ranges', 'source_tags' or 'source_service_accounts' is required. + items: + type: string + type: array + targetServiceAccounts: + items: + description: |- + A list of service accounts indicating sets of instances located in the + network that may make network connections as specified in allowed[]. + targetServiceAccounts cannot be used at the same time as targetTags or + sourceTags. If neither targetServiceAccounts nor targetTags are + specified, the firewall rule applies to all instances on the specified + network. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + targetTags: + description: |- + A list of instance tags indicating sets of instances located in the + network that may make network connections as specified in allowed[]. + If no targetTags are specified, the firewall rule applies to all + instances on the specified network. + items: + type: string + type: array + required: + - networkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeforwardingrules.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeForwardingRule + listKind: ComputeForwardingRuleList + plural: computeforwardingrules + shortNames: + - gcpcomputeforwardingrule + - gcpcomputeforwardingrules + singular: computeforwardingrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: ComputeForwardingRule is the Schema for the compute API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + allPorts: + description: |- + Immutable. This field can only be used: + * If 'IPProtocol' is one of TCP, UDP, or SCTP. + * By internal TCP/UDP load balancers, backend service-based network load + balancers, and internal and external protocol forwarding. + + This option should be set to TRUE when the Forwarding Rule + IPProtocol is set to L3_DEFAULT. + + Set this field to true to allow packets addressed to any port or packets + lacking destination port information (for example, UDP fragments after the + first fragment) to be forwarded to the backends configured with this + forwarding rule. + + The 'ports', 'port_range', and + 'allPorts' fields are mutually exclusive. + type: boolean + allowGlobalAccess: + description: |- + This field is used along with the 'backend_service' field for + internal load balancing or with the 'target' field for internal + TargetInstance. + + If the field is set to 'TRUE', clients can access ILB from all + regions. + + Otherwise only allows access from clients in the same region as the + internal load balancer. + type: boolean + allowPscGlobalAccess: + description: This is used in PSC consumer ForwardingRule to control + whether the PSC endpoint can be accessed from another region. + type: boolean + backendServiceRef: + description: A ComputeBackendService to receive the matched traffic. + This is used only for internal load balancing. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The ComputeBackendService selflink in the form "projects/{{project}}/global/backendServices/{{name}}" + or "projects/{{project}}/regions/{{region}}/backendServices/{{name}}" + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `ComputeBackendService` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeBackendService` + resource. + type: string + type: object + description: + description: Immutable. An optional description of this resource. + Provide this property when you create the resource. + type: string + ipAddress: + description: |- + The IP address that this forwarding rule is serving on behalf of. + + Addresses are restricted based on the forwarding rule's load + balancing scheme (EXTERNAL or INTERNAL) and scope (global or + regional). + + When the load balancing scheme is EXTERNAL, for global forwarding + rules, the address must be a global IP, and for regional forwarding + rules, the address must live in the same region as the forwarding + rule. If this field is empty, an ephemeral IPv4 address from the + same scope (global or regional) will be assigned. A regional + forwarding rule supports IPv4 only. A global forwarding rule + supports either IPv4 or IPv6. + + When the load balancing scheme is INTERNAL, this can only be an RFC + 1918 IP address belonging to the network/subnet configured for the + forwarding rule. By default, if this field is empty, an ephemeral + internal IP address will be automatically allocated from the IP + range of the subnet or network configured for this forwarding rule. + properties: + addressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The ComputeAddress selflink in the form "projects/{{project}}/regions/{{region}}/addresses/{{name}}" + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `ComputeAddress` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeAddress` resource. + type: string + type: object + ip: + type: string + type: object + ipProtocol: + description: |- + Immutable. The IP protocol to which this rule applies. + + For protocol forwarding, valid + options are 'TCP', 'UDP', 'ESP', + 'AH', 'SCTP', 'ICMP' and + 'L3_DEFAULT'. + + The valid IP protocols are different for different load balancing products + as described in [Load balancing + features](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends). + + A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or + backend service with UNSPECIFIED protocol. + A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values: ["TCP", "UDP", "ESP", "AH", "SCTP", "ICMP", "L3_DEFAULT"]. + type: string + ipVersion: + description: |- + Immutable. The IP address version that will be used by this forwarding rule. + Valid options are IPV4 and IPV6. + + If not set, the IPv4 address will be used by default. Possible values: ["IPV4", "IPV6"]. + type: string + isMirroringCollector: + description: |- + Immutable. Indicates whether or not this load balancer can be used as a collector for + packet mirroring. To prevent mirroring loops, instances behind this + load balancer will not have their traffic mirrored even if a + 'PacketMirroring' rule applies to them. + + This can only be set to true for load balancers that have their + 'loadBalancingScheme' set to 'INTERNAL'. + type: boolean + loadBalancingScheme: + description: |- + Immutable. Specifies the forwarding rule type. + + Must set to empty for private service connect forwarding rule. For more information about forwarding rules, refer to + [Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value: "EXTERNAL" Possible values: ["EXTERNAL", "EXTERNAL_MANAGED", "INTERNAL", "INTERNAL_MANAGED", ""]. + type: string + location: + description: 'Location represents the geographical location of the + ComputeForwardingRule. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + metadataFilters: + description: |- + Immutable. Opaque filter criteria used by Loadbalancer to restrict routing + configuration to a limited set xDS compliant clients. In their xDS + requests to Loadbalancer, xDS clients present node metadata. If a + match takes place, the relevant routing configuration is made available + to those proxies. + + For each metadataFilter in this list, if its filterMatchCriteria is set + to MATCH_ANY, at least one of the filterLabels must match the + corresponding label provided in the metadata. If its filterMatchCriteria + is set to MATCH_ALL, then all of its filterLabels must match with + corresponding labels in the provided metadata. + + metadataFilters specified here can be overridden by those specified in + the UrlMap that this ForwardingRule references. + + metadataFilters only applies to Loadbalancers that have their + loadBalancingScheme set to INTERNAL_SELF_MANAGED. + items: + properties: + filterLabels: + description: |- + Immutable. The list of label value pairs that must match labels in the + provided metadata based on filterMatchCriteria + + This list must not be empty and can have at the most 64 entries. + items: + properties: + name: + description: Immutable. Name of the metadata label. The + length must be between 1 and 1024 characters, inclusive. + type: string + value: + description: Immutable. The value that the label must + match. The value has a maximum length of 1024 characters. + type: string + required: + - name + - value + type: object + type: array + filterMatchCriteria: + description: |- + Immutable. Specifies how individual filterLabel matches within the list of + filterLabels contribute towards the overall metadataFilter match. + + MATCH_ANY - At least one of the filterLabels must have a matching + label in the provided metadata. + MATCH_ALL - All filterLabels must have matching labels in the + provided metadata. Possible values: ["MATCH_ANY", "MATCH_ALL"]. + type: string + required: + - filterLabels + - filterMatchCriteria + type: object + type: array + networkRef: + description: This field is not used for external load balancing. For + internal load balancing, this field identifies the network that + the load balanced IP should belong to for this forwarding rule. + If this field is not specified, the default network will be used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed Compute Network + resource. Should be in the format `projects//global/networks/`. + type: string + name: + description: The `name` field of a `ComputeNetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeNetwork` resource. + type: string + type: object + networkTier: + description: |- + Immutable. This signifies the networking tier used for configuring + this load balancer and can only take the following values: + 'PREMIUM', 'STANDARD'. + + For regional ForwardingRule, the valid values are 'PREMIUM' and + 'STANDARD'. For GlobalForwardingRule, the valid value is + 'PREMIUM'. + + If this field is not specified, it is assumed to be 'PREMIUM'. + If 'IPAddress' is specified, this value must be equal to the + networkTier of the Address. Possible values: ["PREMIUM", "STANDARD"]. + type: string + noAutomateDnsZone: + description: Immutable. This is used in PSC consumer ForwardingRule + to control whether it should try to auto-generate a DNS zone or + not. Non-PSC forwarding rules do not use this field. + type: boolean + portRange: + description: |- + Immutable. This field can only be used: + + * If 'IPProtocol' is one of TCP, UDP, or SCTP. + * By backend service-based network load balancers, target pool-based + network load balancers, internal proxy load balancers, external proxy load + balancers, Traffic Director, external protocol forwarding, and Classic VPN. + Some products have restrictions on what ports can be used. See + [port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications) + for details. + + Only packets addressed to ports in the specified range will be forwarded to + the backends configured with this forwarding rule. + + The 'ports' and 'port_range' fields are mutually exclusive. + + For external forwarding rules, two or more forwarding rules cannot use the + same '[IPAddress, IPProtocol]' pair, and cannot have + overlapping 'portRange's. + + For internal forwarding rules within the same VPC network, two or more + forwarding rules cannot use the same '[IPAddress, IPProtocol]' + pair, and cannot have overlapping 'portRange's. + type: string + ports: + description: |- + Immutable. This field can only be used: + + * If 'IPProtocol' is one of TCP, UDP, or SCTP. + * By internal TCP/UDP load balancers, backend service-based network load + balancers, internal protocol forwarding and when protocol is not L3_DEFAULT. + + You can specify a list of up to five ports by number, separated by commas. + The ports can be contiguous or discontiguous. Only packets addressed to + these ports will be forwarded to the backends configured with this + forwarding rule. + + For external forwarding rules, two or more forwarding rules cannot use the + same '[IPAddress, IPProtocol]' pair, and cannot share any values + defined in 'ports'. + + For internal forwarding rules within the same VPC network, two or more + forwarding rules cannot use the same '[IPAddress, IPProtocol]' + pair, and cannot share any values defined in 'ports'. + + The 'ports' and 'port_range' fields are mutually exclusive. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceDirectoryRegistrations: + description: |- + Immutable. Service Directory resources to register this forwarding rule with. + + Currently, only supports a single Service Directory resource. + items: + properties: + namespace: + description: Immutable. Service Directory namespace to register + the forwarding rule under. + type: string + service: + description: Immutable. Service Directory service to register + the forwarding rule under. + type: string + type: object + type: array + serviceLabel: + description: |- + Immutable. An optional prefix to the service name for this Forwarding Rule. + If specified, will be the first label of the fully qualified service + name. + + The label must be 1-63 characters long, and comply with RFC1035. + Specifically, the label must be 1-63 characters long and match the + regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first + character must be a lowercase letter, and all following characters + must be a dash, lowercase letter, or digit, except the last + character, which cannot be a dash. + + This field is only used for INTERNAL load balancing. + type: string + sourceIpRanges: + description: Immutable. If not empty, this Forwarding Rule will only + forward the traffic when the source IP address matches one of the + IP addresses or CIDR ranges set here. Note that a Forwarding Rule + can only have up to 64 source IP ranges, and this field can only + be used with a regional Forwarding Rule whose scheme is EXTERNAL. + Each sourceIpRange entry should be either an IP address (for example, + 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24). + items: + type: string + type: array + subnetworkRef: + description: |- + Immutable. The subnetwork that the load balanced IP should belong to for this + forwarding rule. This field is only used for internal load + balancing. + + If the network specified is in auto subnet mode, this field is + optional. However, if the network is in custom subnet mode, a + subnetwork must be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The ComputeSubnetwork selflink of form "projects/{{project}}/regions/{{region}}/subnetworks/{{name}}", + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `ComputeSubnetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeSubnetwork` resource. + type: string + type: object + target: + description: The target resource to receive the matched traffic. The + forwarded traffic must be of a type appropriate to the target object. + For INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets + are valid. + properties: + googleAPIsBundle: + type: string + serviceAttachmentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The ComputeServiceAttachment selflink in the + form "projects/{{project}}/regions/{{region}}/serviceAttachments/{{name}}" + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `ComputeServiceAttachment` + resource. + type: string + namespace: + description: The `namespace` field of a `ComputeServiceAttachment` + resource. + type: string + type: object + targetGRPCProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The ComputeTargetGrpcProxy selflink in the form + "projects/{{project}}/global/targetGrpcProxies/{{name}}" + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `ComputeTargetGrpcProxy` + resource. + type: string + namespace: + description: The `namespace` field of a `ComputeTargetGrpcProxy` + resource. + type: string + type: object + targetHTTPProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The ComputeTargetHTTPProxy selflink in the form + "projects/{{project}}/global/targetHttpProxies/{{name}}" + or "projects/{{project}}/regions/{{region}}/targetHttpProxies/{{name}}" + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `ComputeTargetHTTPProxy` + resource. + type: string + namespace: + description: The `namespace` field of a `ComputeTargetHTTPProxy` + resource. + type: string + type: object + targetHTTPSProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The ComputeTargetHTTPSProxy selflink in the form + "projects/{{project}}/global/targetHttpProxies/{{name}}" + or "projects/{{project}}/regions/{{region}}/targetHttpProxies/{{name}}" + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `ComputeTargetHTTPSProxy` + resource. + type: string + namespace: + description: The `namespace` field of a `ComputeTargetHTTPSProxy` + resource. + type: string + type: object + targetSSLProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The ComputeTargetSSLProxy selflink in the form + "projects/{{project}}/global/targetSslProxies/{{name}}" + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `ComputeTargetSSLProxy` + resource. + type: string + namespace: + description: The `namespace` field of a `ComputeTargetSSLProxy` + resource. + type: string + type: object + targetTCPProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The ComputeTargetTCPProxy selflink in the form + "projects/{{project}}/global/targetTcpProxies/{{name}}" + or "projects/{{project}}/regions/{{region}}/targetTcpProxies/{{name}}" + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `ComputeTargetTCPProxy` + resource. + type: string + namespace: + description: The `namespace` field of a `ComputeTargetTCPProxy` + resource. + type: string + type: object + targetVPNGatewayRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The ComputeTargetVPNGateway selflink in the form + "projects/{{project}}/regions/{{region}}/targetVpnGateways/{{name}}" + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `ComputeTargetVPNGateway` + resource. + type: string + namespace: + description: The `namespace` field of a `ComputeTargetVPNGateway` + resource. + type: string + type: object + type: object + required: + - location + type: object + status: + properties: + baseForwardingRule: + description: '[Output Only] The URL for the corresponding base Forwarding + Rule. By base Forwarding Rule, we mean the Forwarding Rule that + has the same IP address, protocol, and port settings with the current + Forwarding Rule, but without sourceIPRanges specified. Always empty + if the current Forwarding Rule does not have sourceIPRanges specified.' + type: string + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + externalRef: + description: A unique Config Connector specifier for the resource + in GCP. + type: string + labelFingerprint: + description: The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + pscConnectionId: + description: The PSC connection id of the PSC Forwarding Rule. + type: string + pscConnectionStatus: + description: 'The PSC connection status of the PSC Forwarding Rule. + Possible values: ''STATUS_UNSPECIFIED'', ''PENDING'', ''ACCEPTED'', + ''REJECTED'', ''CLOSED''.' + type: string + selfLink: + type: string + serviceName: + description: |- + The internal fully qualified service name for this Forwarding Rule. + + This field is only used for INTERNAL load balancing. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeglobalnetworkendpointgroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeGlobalNetworkEndpointGroup + plural: computeglobalnetworkendpointgroups + shortNames: + - gcpcomputeglobalnetworkendpointgroup + - gcpcomputeglobalnetworkendpointgroups + singular: computeglobalnetworkendpointgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultPort: + description: |- + Immutable. The default port used if the port number is not specified in the + network endpoint. + type: integer + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + networkEndpointType: + description: 'Immutable. Type of network endpoints in this network + endpoint group. Possible values: ["INTERNET_IP_PORT", "INTERNET_FQDN_PORT"].' + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkEndpointType + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeglobalnetworkendpoints.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeGlobalNetworkEndpoint + plural: computeglobalnetworkendpoints + shortNames: + - gcpcomputeglobalnetworkendpoint + - gcpcomputeglobalnetworkendpoints + singular: computeglobalnetworkendpoint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + fqdn: + description: |- + Immutable. Fully qualified domain name of network endpoint. + This can only be specified when network_endpoint_type of the NEG is INTERNET_FQDN_PORT. + type: string + globalNetworkEndpointGroup: + description: Immutable. The global network endpoint group this endpoint + is part of. + type: string + ipAddress: + description: Immutable. IPv4 address external endpoint. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The port of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - globalNetworkEndpointGroup + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computehealthchecks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeHealthCheck + plural: computehealthchecks + shortNames: + - gcpcomputehealthcheck + - gcpcomputehealthchecks + singular: computehealthcheck + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + grpcHealthCheck: + description: A nested object resource. + properties: + grpcServiceName: + description: |- + The gRPC service name for the health check. + The value of grpcServiceName has the following meanings by convention: + - Empty serviceName means the overall status of all services at the backend. + - Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service. + The grpcServiceName can only be ASCII. + type: string + port: + description: |- + The port number for the health check request. + Must be specified if portName and portSpecification are not set + or if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, gRPC health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + type: object + healthyThreshold: + description: |- + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + http2HealthCheck: + description: A nested object resource. + properties: + host: + description: |- + The value of the host header in the HTTP2 health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTP2 health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTP2 health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTP2 health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + httpHealthCheck: + description: A nested object resource. + properties: + host: + description: |- + The value of the host header in the HTTP health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTP health check request. + The default value is 80. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTP health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTP health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + httpsHealthCheck: + description: A nested object resource. + properties: + host: + description: |- + The value of the host header in the HTTPS health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTPS health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTPS health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTPS health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + location: + description: 'Location represents the geographical location of the + ComputeHealthCheck. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + logConfig: + description: Configure logging on this health check. + properties: + enable: + description: |- + Indicates whether or not to export logs. This is false by default, + which means no health check logging will be done. + type: boolean + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslHealthCheck: + description: A nested object resource. + properties: + port: + description: |- + The TCP port number for the SSL health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, SSL health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + request: + description: |- + The application data to send once the SSL connection has been + established (default value is empty). If both request and response are + empty, the connection establishment alone will indicate health. The request + data can only be ASCII. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + tcpHealthCheck: + description: A nested object resource. + properties: + port: + description: |- + The TCP port number for the TCP health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, TCP health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + request: + description: |- + The application data to send once the TCP connection has been + established (default value is empty). If both request and response are + empty, the connection establishment alone will indicate health. The request + data can only be ASCII. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: + description: The type of the health check. One of HTTP, HTTPS, TCP, + or SSL. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computehttphealthchecks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeHTTPHealthCheck + plural: computehttphealthchecks + shortNames: + - gcpcomputehttphealthcheck + - gcpcomputehttphealthchecks + singular: computehttphealthcheck + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + healthyThreshold: + description: |- + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + host: + description: |- + The value of the host header in the HTTP health check request. If + left empty (default value), the public IP on behalf of which this + health check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTP health check request. + The default value is 80. + type: integer + requestPath: + description: |- + The request path of the HTTP health check request. + The default value is /. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computehttpshealthchecks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeHTTPSHealthCheck + plural: computehttpshealthchecks + shortNames: + - gcpcomputehttpshealthcheck + - gcpcomputehttpshealthchecks + singular: computehttpshealthcheck + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + healthyThreshold: + description: |- + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + host: + description: |- + The value of the host header in the HTTPS health check request. If + left empty (default value), the public IP on behalf of which this + health check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTPS health check request. + The default value is 443. + type: integer + requestPath: + description: |- + The request path of the HTTPS health check request. + The default value is /. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeimages.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeImage + plural: computeimages + shortNames: + - gcpcomputeimage + - gcpcomputeimages + singular: computeimage + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + diskRef: + description: |- + The source disk to create this image based on. + You must provide either this property or the + rawDisk.source property but not both to create an image. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + diskSizeGb: + description: Immutable. Size of the image when restored onto a persistent + disk (in GB). + type: integer + family: + description: |- + Immutable. The name of the image family to which this image belongs. You can + create disks by specifying an image family instead of a specific + image name. The image family always returns its latest image that is + not deprecated. The name of the image family must comply with + RFC1035. + type: string + guestOsFeatures: + description: |- + Immutable. A list of features to enable on the guest operating system. + Applicable only for bootable images. + items: + properties: + type: + description: 'Immutable. The type of supported feature. Read + [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) + to see a list of available options. Possible values: ["MULTI_IP_SUBNET", + "SECURE_BOOT", "SEV_CAPABLE", "UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", + "WINDOWS", "GVNIC", "SEV_LIVE_MIGRATABLE", "SEV_SNP_CAPABLE", + "SUSPEND_RESUME_COMPATIBLE", "TDX_CAPABLE"].' + type: string + required: + - type + type: object + type: array + imageEncryptionKey: + description: |- + Immutable. Encrypts the image using a customer-supplied encryption key. + + After you encrypt an image with a customer-supplied key, you must + provide the same key if you use the image later (e.g. to create a + disk from the image). + properties: + kmsKeySelfLinkRef: + description: |- + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + licenses: + description: Immutable. Any applicable license URI. + items: + type: string + type: array + rawDisk: + description: Immutable. The parameters of the raw disk image. + properties: + containerType: + description: |- + Immutable. The format used to encode and transmit the block device, which + should be TAR. This is just a container and transmission format + and not a runtime format. Provided by the client when the disk + image is created. Default value: "TAR" Possible values: ["TAR"]. + type: string + sha1: + description: |- + Immutable. An optional SHA1 checksum of the disk image before unpackaging. + This is provided by the client when the disk image is created. + type: string + source: + description: |- + Immutable. The full Google Cloud Storage URL where disk storage is stored + You must provide either this property or the sourceDisk property + but not both. + type: string + required: + - source + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceImageRef: + description: The source image used to create this image. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeImage` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceSnapshotRef: + description: The source snapshot used to create this image. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + storageLocations: + description: |- + Immutable. Cloud Storage bucket storage location of the image + (regional or multi-regional). + Reference link: https://cloud.google.com/compute/docs/reference/rest/v1/images. + items: + type: string + type: array + type: object + status: + properties: + archiveSizeBytes: + description: |- + Size of the image tar.gz archive stored in Google Cloud Storage (in + bytes). + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computeinstancegroupmanagers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceGroupManager + plural: computeinstancegroupmanagers + shortNames: + - gcpcomputeinstancegroupmanager + - gcpcomputeinstancegroupmanagers + singular: computeinstancegroupmanager + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoHealingPolicies: + description: The autohealing policy for this managed instance group. + You can specify only one value. + items: + properties: + healthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL for the health check that signals autohealing. + + Allowed value: The `selfLink` field of a `ComputeHealthCheck` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + initialDelaySec: + description: The number of seconds that the managed instance + group waits before it applies autohealing policies to new + instances or recently recreated instances. This initial delay + allows instances to initialize and run their startup scripts + before the instance group determines that they are UNHEALTHY. + This prevents the managed instance group from recreating its + instances prematurely. This value must be from range [0, 3600]. + format: int64 + type: integer + type: object + type: array + baseInstanceName: + description: The base instance name to use for instances in this group. + The value must be 1-58 characters long. Instances are named by appending + a hyphen and a random four-character string to the base instance + name. The base instance name must comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + type: string + description: + description: Immutable. An optional description of this resource. + type: string + distributionPolicy: + description: Policy specifying the intended distribution of managed + instances across zones in a regional managed instance group. + properties: + targetShape: + description: 'The distribution shape to which the group converges + either proactively or on resize events (depending on the value + set in `updatePolicy.instanceRedistributionType`). Possible + values: TARGET_SHAPE_UNSPECIFIED, ANY, BALANCED, ANY_SINGLE_ZONE' + type: string + zones: + description: Immutable. Zones where the regional managed instance + group will create and manage its instances. + items: + properties: + zone: + description: Immutable. The URL of the [zone](/compute/docs/regions-zones/#available). + The zone must exist in the region where the managed instance + group is located. + type: string + type: object + type: array + type: object + failoverAction: + description: 'The action to perform in case of zone failure. Only + one value is supported, `NO_FAILOVER`. The default is `NO_FAILOVER`. + Possible values: UNKNOWN, NO_FAILOVER' + type: string + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of the instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`. + + Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Immutable. The location of this resource. + type: string + namedPorts: + description: Immutable. Named ports configured for the Instance Groups + complementary to this Instance Group Manager. + items: + properties: + name: + description: Immutable. The name for this named port. The name + must be 1-63 characters long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + type: string + port: + description: Immutable. The port number, which can be a value + between 1 and 65535. + format: int64 + type: integer + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The service account to be used as credentials for all operations performed by the managed instance group on instances. The service accounts needs all permissions required to create and delete instances. By default, the service account: {projectNumber}@cloudservices.gserviceaccount.com is used. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + statefulPolicy: + description: Stateful configuration for this Instanced Group Manager + properties: + preservedState: + properties: + disks: + additionalProperties: + properties: + autoDelete: + description: 'These stateful disks will never be deleted + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + disk should be deleted after it is no longer used + by the group, e.g. when the given instance or the + whole group is deleted. Note: disks attached in READ_ONLY + mode cannot be auto-deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string + type: object + description: Disks created on the instances that will be preserved + on instance delete, update, etc. This map is keyed with + the device names of the disks. + type: object + externalIps: + additionalProperties: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + IP reservation should be deleted after it is no longer + used by the group, e.g. when the given instance or + the whole group is deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string + type: object + description: External network IPs assigned to the instances + that will be preserved on instance delete, update, etc. + This map is keyed with the network interface name. + type: object + internalIps: + additionalProperties: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + IP reservation should be deleted after it is no longer + used by the group, e.g. when the given instance or + the whole group is deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string + type: object + description: Internal network IPs assigned to the instances + that will be preserved on instance delete, update, etc. + This map is keyed with the network interface name. + type: object + type: object + type: object + targetPools: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + targetSize: + description: The target number of running instances for this managed + instance group. You can reduce this number by using the instanceGroupManager + deleteInstances or abandonInstances methods. Resizing the group + also changes this number. + format: int64 + type: integer + updatePolicy: + description: The update policy for this managed instance group. + properties: + instanceRedistributionType: + description: 'The [instance redistribution policy](/compute/docs/instance-groups/regional-migs#proactive_instance_redistribution) + for regional managed instance groups. Valid values are: - `PROACTIVE` + (default): The group attempts to maintain an even distribution + of VM instances across zones in the region. - `NONE`: For non-autoscaled + groups, proactive redistribution is disabled.' + type: string + maxSurge: + description: The maximum number of instances that can be created + above the specified `targetSize` during the update process. + This value can be either a fixed number or, if the group has + 10 or more instances, a percentage. If you set a percentage, + the number of instances is rounded if necessary. The default + value for `maxSurge` is a fixed value equal to the number of + zones in which the managed instance group operates. At least + one of either `maxSurge` or `maxUnavailable` must be greater + than 0. Learn more about [`maxSurge`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_surge). + properties: + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between 0 + to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer + type: object + maxUnavailable: + description: 'The maximum number of instances that can be unavailable + during the update process. An instance is considered available + if all of the following conditions are satisfied: - The instance''s + [status](/compute/docs/instances/checking-instance-status) is + `RUNNING`. - If there is a [health check](/compute/docs/instance-groups/autohealing-instances-in-migs) + on the instance group, the instance''s health check status must + be `HEALTHY` at least once. If there is no health check on the + group, then the instance only needs to have a status of `RUNNING` + to be considered available. This value can be either a fixed + number or, if the group has 10 or more instances, a percentage. + If you set a percentage, the number of instances is rounded + if necessary. The default value for `maxUnavailable` is a fixed + value equal to the number of zones in which the managed instance + group operates. At least one of either `maxSurge` or `maxUnavailable` + must be greater than 0. Learn more about [`maxUnavailable`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_unavailable).' + properties: + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between 0 + to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer + type: object + minReadySec: + description: Minimum number of seconds to wait for after a newly + created instance becomes available. This value must be from + range [0, 3600]. + format: int64 + type: integer + minimalAction: + description: Minimal action to be taken on an instance. You can + specify either `RESTART` to restart existing instances or `REPLACE` + to delete and create new instances from the target template. + If you specify a `RESTART`, the Updater will attempt to perform + that action only. However, if the Updater determines that the + minimal action you specify is not enough to perform the update, + it might perform a more disruptive action. + type: string + mostDisruptiveAllowedAction: + description: Most disruptive action that is allowed to be taken + on an instance. You can specify either `NONE` to forbid any + actions, `REFRESH` to allow actions that do not need instance + restart, `RESTART` to allow actions that can be applied without + instance replacing or `REPLACE` to allow all possible actions. + If the Updater determines that the minimal update action needed + is more disruptive than most disruptive allowed action you specify + it will not perform the update at all. + type: string + replacementMethod: + description: 'What action should be used to replace instances. + See minimal_action.REPLACE Possible values: SUBSTITUTE, RECREATE' + type: string + type: + description: The type of update process. You can specify either + `PROACTIVE` so that the instance group manager proactively executes + actions in order to bring instances to their target versions + or `OPPORTUNISTIC` so that no action is proactively executed + but the update will be performed as part of other actions (for + example, resizes or `recreateInstances` calls). + type: string + type: object + versions: + description: Specifies the instance templates used by this managed + instance group to create instances. Each version is defined by an + `instanceTemplate` and a `name`. Every version can appear at most + once per instance group. This field overrides the top-level `instanceTemplate` + field. Read more about the [relationships between these fields](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#relationship_between_versions_and_instancetemplate_properties_for_a_managed_instance_group). + Exactly one `version` must leave the `targetSize` field unset. That + version will be applied to all remaining instances. For more information, + read about [canary updates](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update). + items: + properties: + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of the instance template that is specified for this managed instance group. The group uses this template to create new instances in the managed instance group until the `targetSize` for this version is reached. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`; in those cases, existing instances are updated until the `targetSize` for this version is reached. + + Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: Name of the version. Unique among all versions + in the scope of this managed instance group. + type: string + targetSize: + description: 'Specifies the intended number of instances to + be created from the `instanceTemplate`. The final number of + instances created from the template will be equal to: - If + expressed as a fixed number, the minimum of either `targetSize.fixed` + or `instanceGroupManager.targetSize` is used. - if expressed + as a `percent`, the `targetSize` would be `(targetSize.percent/100 + * InstanceGroupManager.targetSize)` If there is a remainder, + the number is rounded. If unset, this version will update + any remaining instances not updated by another `version`. + Read [Starting a canary update](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update) + for more information.' + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value + is `fixed`, then the `calculated` value is equal to the + `fixed` value. - If the value is a `percent`, then the + `calculated` value is `percent`/100 * `targetSize`. For + example, the `calculated` value of a 80% of a managed + instance group with 150 instances would be (80/100 * 150) + = 120 VM instances. If there is a remainder, the number + is rounded.' + format: int64 + type: integer + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between + 0 to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer + type: object + type: object + type: array + required: + - projectRef + - targetSize + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: The creation timestamp for this managed instance group + in \[RFC3339\](https://www.ietf.org/rfc/rfc3339.txt) text format. + type: string + currentActions: + description: '[Output Only] The list of instance actions and the number + of instances in this managed instance group that are scheduled for + each of those actions.' + properties: + abandoning: + description: '[Output Only] The total number of instances in the + managed instance group that are scheduled to be abandoned. Abandoning + an instance removes it from the managed instance group without + deleting it.' + format: int64 + type: integer + creating: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be created or are currently + being created. If the group fails to create any of these instances, + it tries again until it creates the instance successfully. If + you have disabled creation retries, this field will not be populated; + instead, the `creatingWithoutRetries` field will be populated.' + format: int64 + type: integer + creatingWithoutRetries: + description: '[Output Only] The number of instances that the managed + instance group will attempt to create. The group attempts to + create each instance only once. If the group fails to create + any of these instances, it decreases the group''s `targetSize` + value accordingly.' + format: int64 + type: integer + deleting: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be deleted or are currently + being deleted.' + format: int64 + type: integer + none: + description: '[Output Only] The number of instances in the managed + instance group that are running and have no scheduled actions.' + format: int64 + type: integer + recreating: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be recreated or are currently + being being recreated. Recreating an instance deletes the existing + root persistent disk and creates a new disk from the image that + is defined in the instance template.' + format: int64 + type: integer + refreshing: + description: '[Output Only] The number of instances in the managed + instance group that are being reconfigured with properties that + do not require a restart or a recreate action. For example, + setting or removing target pools for the instance.' + format: int64 + type: integer + restarting: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be restarted or are currently + being restarted.' + format: int64 + type: integer + verifying: + description: '[Output Only] The number of instances in the managed + instance group that are being verified. See the `managedInstances[].currentAction` + property in the `listManagedInstances` method documentation.' + format: int64 + type: integer + type: object + fingerprint: + description: Fingerprint of this resource. This field may be used + in optimistic locking. It will be ignored when inserting an InstanceGroupManager. + An up-to-date fingerprint must be provided in order to update the + InstanceGroupManager, otherwise the request will fail with error + `412 conditionNotMet`. To see the latest fingerprint, make a `get()` + request to retrieve an InstanceGroupManager. + type: string + id: + description: '[Output Only] A unique identifier for this resource + type. The server generates this identifier.' + format: int64 + type: integer + instanceGroup: + description: '[Output Only] The URL of the Instance Group resource.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: '[Output Only] The URL of the [region](/compute/docs/regions-zones/#available) + where the managed instance group resides (for regional resources).' + type: string + selfLink: + description: '[Output Only] The URL for this managed instance group. + The server defines this URL.' + type: string + status: + description: '[Output Only] The status of this managed instance group.' + properties: + autoscaler: + description: '[Output Only] The URL of the [Autoscaler](/compute/docs/autoscaler/) + that targets this instance group manager.' + type: string + isStable: + description: '[Output Only] A bit indicating whether the managed + instance group is in a stable state. A stable state means that: + none of the instances in the managed instance group is currently + undergoing any type of change (for example, creation, restart, + or deletion); no future changes are scheduled for instances + in the managed instance group; and the managed instance group + itself is not being modified.' + type: boolean + stateful: + description: '[Output Only] Stateful status of the given Instance + Group Manager.' + properties: + hasStatefulConfig: + description: '[Output Only] A bit indicating whether the managed + instance group has stateful configuration, that is, if you + have configured any items in a stateful policy or in per-instance + configs. The group might report that it has no stateful + config even when there is still some preserved state on + a managed instance, for example, if you have deleted all + PICs but not yet applied those deletions.' + type: boolean + isStateful: + description: '[Output Only] A bit indicating whether the managed + instance group has stateful configuration, that is, if you + have configured any items in a stateful policy or in per-instance + configs. The group might report that it has no stateful + config even when there is still some preserved state on + a managed instance, for example, if you have deleted all + PICs but not yet applied those deletions. This field is + deprecated in favor of has_stateful_config.' + type: boolean + perInstanceConfigs: + description: '[Output Only] Status of per-instance configs + on the instance.' + properties: + allEffective: + description: A bit indicating if all of the group's per-instance + configs (listed in the output of a listPerInstanceConfigs + API call) have status `EFFECTIVE` or there are no per-instance-configs. + type: boolean + type: object + type: object + versionTarget: + description: '[Output Only] A status of consistency of Instances'' + versions with their target version specified by `version` field + on Instance Group Manager.' + properties: + isReached: + description: '[Output Only] A bit indicating whether version + target has been reached in this managed instance group, + i.e. all instances are in their target version. Instances'' + target version are specified by `version` field on Instance + Group Manager.' + type: boolean + type: object + type: object + updatePolicy: + properties: + maxSurge: + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value is + `fixed`, then the `calculated` value is equal to the `fixed` + value. - If the value is a `percent`, then the `calculated` + value is `percent`/100 * `targetSize`. For example, the + `calculated` value of a 80% of a managed instance group + with 150 instances would be (80/100 * 150) = 120 VM instances. + If there is a remainder, the number is rounded.' + format: int64 + type: integer + type: object + maxUnavailable: + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value is + `fixed`, then the `calculated` value is equal to the `fixed` + value. - If the value is a `percent`, then the `calculated` + value is `percent`/100 * `targetSize`. For example, the + `calculated` value of a 80% of a managed instance group + with 150 instances would be (80/100 * 150) = 120 VM instances. + If there is a remainder, the number is rounded.' + format: int64 + type: integer + type: object + type: object + zone: + description: '[Output Only] The URL of a [zone](/compute/docs/regions-zones/#available) + where the managed instance group is located (for zonal resources).' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstancegroupnamedports.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceGroupNamedPort + plural: computeinstancegroupnamedports + shortNames: + - gcpcomputeinstancegroupnamedport + - gcpcomputeinstancegroupnamedports + singular: computeinstancegroupnamedport + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + groupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInstanceGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + port: + description: Immutable. The port number, which can be a value between + 1 and 65535. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. The zone of the instance group. + type: string + required: + - groupRef + - port + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstancegroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceGroup + plural: computeinstancegroups + shortNames: + - gcpcomputeinstancegroup + - gcpcomputeinstancegroups + singular: computeinstancegroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional textual description of the instance + group. + type: string + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + namedPort: + description: The named port configuration. + items: + properties: + name: + description: The name which the port will be mapped to. + type: string + port: + description: The port number to map the name to. + type: integer + required: + - name + - port + type: object + type: array + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. The zone that this instance group should be + created in. + type: string + required: + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + size: + description: The number of instances in the group. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstances.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstance + plural: computeinstances + shortNames: + - gcpcomputeinstance + - gcpcomputeinstances + singular: computeinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + anyOf: + - required: + - bootDisk + - machineType + - networkInterface + - zone + - required: + - instanceTemplateRef + - zone + properties: + advancedMachineFeatures: + description: Controls for advanced machine-related behavior features. + properties: + enableNestedVirtualization: + description: Whether to enable nested virtualization or not. + type: boolean + threadsPerCore: + description: The number of threads per physical core. To disable + simultaneous multithreading (SMT) set this to 1. If unset, the + maximum number of threads supported per core by the underlying + processor is assumed. + type: integer + visibleCoreCount: + description: The number of physical cores to expose to an instance. + Multiply by the number of threads per core to compute the total + number of virtual CPUs to expose to the instance. If unset, + the number of cores is inferred from the instance\'s nominal + CPU count and the underlying platform\'s SMT width. + type: integer + type: object + attachedDisk: + description: List of disks attached to the instance. + items: + properties: + deviceName: + description: Name with which the attached disk is accessible + under /dev/disk/by-id/. + type: string + diskEncryptionKeyRaw: + description: A 256-bit customer-supplied encryption key, encoded + in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link + and disk_encryption_key_raw may be set. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be + extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + diskEncryptionKeySha256: + description: The RFC 4648 base64 encoded SHA-256 hash of the + customer-supplied encryption key that protects this resource. + type: string + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + mode: + description: Read/write mode for the disk. One of "READ_ONLY" + or "READ_WRITE". + type: string + sourceDiskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - sourceDiskRef + type: object + type: array + bootDisk: + description: Immutable. The boot disk for the instance. + properties: + autoDelete: + description: Immutable. Whether the disk will be auto-deleted + when the instance is deleted. + type: boolean + deviceName: + description: Immutable. Name with which attached disk will be + accessible under /dev/disk/by-id/. + type: string + diskEncryptionKeyRaw: + description: Immutable. A 256-bit customer-supplied encryption + key, encoded in RFC 4648 base64 to encrypt this disk. Only one + of kms_key_self_link and disk_encryption_key_raw may be set. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + diskEncryptionKeySha256: + description: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + initializeParams: + description: Immutable. Parameters with which a disk was created + alongside the instance. + properties: + labels: + description: Immutable. A set of key/value label pairs assigned + to the disk. + type: object + x-kubernetes-preserve-unknown-fields: true + resourceManagerTags: + description: Immutable. A map of resource manager tags. Resource + manager tag keys and values have the same definition as + resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, + and values are in the format tagValues/456. The field is + ignored (both PUT & PATCH) when empty. + type: object + x-kubernetes-preserve-unknown-fields: true + size: + description: Immutable. The size of the image in gigabytes. + type: integer + sourceImageRef: + description: Immutable. The image from which to initialize + this disk. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeImage` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: Immutable. The Google Compute Engine disk type. + Such as pd-standard, pd-ssd or pd-balanced. + type: string + type: object + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + mode: + description: Immutable. Read/write mode for the disk. One of "READ_ONLY" + or "READ_WRITE". + type: string + sourceDiskRef: + description: Immutable. The source disk used to create this disk. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + canIpForward: + description: Whether sending and receiving of packets with non-matching + source or destination IPs is allowed. + type: boolean + confidentialInstanceConfig: + description: Immutable. The Confidential VM config being used by the + instance. on_host_maintenance has to be set to TERMINATE or this + will fail to create. + properties: + enableConfidentialCompute: + description: Defines whether the instance should have confidential + compute enabled. + type: boolean + required: + - enableConfidentialCompute + type: object + deletionProtection: + description: Whether deletion protection is enabled on this instance. + type: boolean + description: + description: Immutable. A brief description of the resource. + type: string + desiredStatus: + description: Desired status of the instance. Either "RUNNING" or "TERMINATED". + type: string + enableDisplay: + description: Whether the instance has virtual displays enabled. + type: boolean + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the guest accelerator + cards exposed to this instance. + type: integer + type: + description: Immutable. The accelerator type resource exposed + to this instance. E.g. nvidia-tesla-t4. + type: string + required: + - count + - type + type: object + type: array + hostname: + description: Immutable. A custom hostname for the instance. Must be + a fully qualified DNS name and RFC-1035-valid. Valid format is a + series of labels 1-63 characters long matching the regular expression + [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire + hostname must not exceed 253 characters. Changing this forces a + new resource to be created. + type: string + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: The machine type to create. + type: string + metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + metadataStartupScript: + description: Immutable. Metadata startup scripts made available within + the instance. + type: string + minCpuPlatform: + description: The minimum CPU platform specified for the VM instance. + type: string + networkInterface: + description: Immutable. The networks attached to the instance. + items: + not: + required: + - networkIp + - networkIpRef + properties: + accessConfig: + description: Access configurations, i.e. IPs via which this + instance can be accessed via the Internet. + items: + properties: + natIpRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of + a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkTier: + description: The networking tier used for configuring + this instance. One of PREMIUM or STANDARD. + type: string + publicPtrDomainName: + description: The DNS domain name for the public PTR record. + type: string + type: object + type: array + aliasIpRange: + description: An array of alias IP ranges for this network interface. + items: + properties: + ipCidrRange: + description: The IP CIDR range represented by this alias + IP range. + type: string + subnetworkRangeName: + description: The subnetwork secondary range name specifying + the secondary range from which to allocate the IP CIDR + range for this alias IP range. + type: string + required: + - ipCidrRange + type: object + type: array + internalIpv6PrefixLength: + description: The prefix length of the primary internal IPv6 + range. + type: integer + ipv6AccessConfig: + description: An array of IPv6 access configurations for this + interface. Currently, only one IPv6 access config, DIRECT_IPV6, + is supported. If there is no ipv6AccessConfig specified, then + this instance will have no external IPv6 Internet access. + items: + properties: + externalIpv6: + description: Immutable. The first IPv6 address of the + external IPv6 range associated with this instance, prefix + length is stored in externalIpv6PrefixLength in ipv6AccessConfig. + To use a static external IP address, it must be unused + and in the same region as the instance's zone. If not + specified, Google Cloud will automatically assign an + external IPv6 address from the instance's subnetwork. + type: string + externalIpv6PrefixLength: + description: Immutable. The prefix length of the external + IPv6 range. + type: string + name: + description: Immutable. The name of this access configuration. + In ipv6AccessConfigs, the recommended name is External + IPv6. + type: string + networkTier: + description: The service-level to be provided for IPv6 + traffic when the subnet has an external subnet. Only + PREMIUM tier is valid for IPv6. + type: string + publicPtrDomainName: + description: The domain name to be used when creating + DNSv6 records for the external IPv6 ranges. + type: string + required: + - networkTier + type: object + type: array + ipv6AccessType: + description: One of EXTERNAL, INTERNAL to indicate whether the + IP can be accessed from the Internet. This field is always + inherited from its subnetwork. + type: string + ipv6Address: + description: An IPv6 internal network address for this network + interface. If not specified, Google Cloud will automatically + assign an internal IPv6 address from the instance's subnetwork. + type: string + name: + description: The name of the interface. + type: string + networkIp: + description: DEPRECATED. Although this field is still available, + there is limited support. We recommend that you use `spec.networkInterface.networkIpRef` + instead. + type: string + networkIpRef: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + kind: + description: 'Kind of the referent. Allowed values: ComputeAddress' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nicType: + description: Immutable. The type of vNIC to be used on this + interface. Possible values:GVNIC, VIRTIO_NET. + type: string + queueCount: + description: Immutable. The networking queue count that's specified + by users for the network interface. Both Rx and Tx queues + will be set to this number. It will be empty if not specified. + type: integer + stackType: + description: The stack type for this network interface to identify + whether the IPv6 feature is enabled or not. If not specified, + IPV4_ONLY will be used. + type: string + subnetworkProject: + description: The project in which the subnetwork belongs. + type: string + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + networkPerformanceConfig: + description: Immutable. Configures network performance settings for + the instance. If not specified, the instance will be created with + its default network performance configuration. + properties: + totalEgressBandwidthTier: + description: Immutable. The egress bandwidth tier to enable. Possible + values:TIER_1, DEFAULT. + type: string + required: + - totalEgressBandwidthTier + type: object + params: + description: Immutable. Stores additional params passed with the request, + but not persisted as part of resource payload. + properties: + resourceManagerTags: + description: Immutable. A map of resource manager tags. Resource + manager tag keys and values have the same definition as resource + manager tags. Keys must be in the format tagKeys/{tag_key_id}, + and values are in the format tagValues/456. The field is ignored + (both PUT & PATCH) when empty. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + reservationAffinity: + description: Immutable. Specifies the reservations that this instance + can consume from. + properties: + specificReservation: + description: Immutable. Specifies the label selector for the reservation + to use. + properties: + key: + description: Immutable. Corresponds to the label key of a + reservation resource. To target a SPECIFIC_RESERVATION by + name, specify compute.googleapis.com/reservation-name as + the key and specify the name of your reservation as the + only value. + type: string + values: + description: Immutable. Corresponds to the label values of + a reservation resource. + items: + type: string + type: array + required: + - key + - values + type: object + type: + description: Immutable. The type of reservation from which this + instance can consume resources. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + scheduling: + description: The scheduling strategy being used by the instance. + properties: + automaticRestart: + description: Specifies if the instance should be restarted if + it was terminated by Compute Engine (not a user). + type: boolean + instanceTerminationAction: + description: Specifies the action GCE should take when SPOT VM + is preempted. + type: string + localSsdRecoveryTimeout: + description: |- + Immutable. Specifies the maximum amount of time a Local Ssd Vm should wait while + recovery of the Local Ssd state is attempted. Its value should be in + between 0 and 168 hours with hour granularity and the default value being 1 + hour. + properties: + nanos: + description: |- + Immutable. Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Immutable. Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + maintenanceInterval: + description: 'Specifies the frequency of planned maintenance events. + The accepted values are: PERIODIC.' + type: string + maxRunDuration: + description: Immutable. The timeout for new network connections + to hosts. + properties: + nanos: + description: |- + Immutable. Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Immutable. Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + minNodeCpus: + type: integer + nodeAffinities: + items: + properties: + value: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + onHostMaintenance: + description: Describes maintenance behavior for the instance. + One of MIGRATE or TERMINATE,. + type: string + preemptible: + description: Immutable. Whether the instance is preemptible. + type: boolean + provisioningModel: + description: Immutable. Whether the instance is spot. If this + is set as SPOT. + type: string + type: object + scratchDisk: + description: Immutable. The scratch disks attached to the instance. + items: + properties: + interface: + description: The disk interface used for attaching this disk. + One of SCSI or NVME. + type: string + size: + description: Immutable. The size of the disk in gigabytes. One + of 375 or 3000. + type: integer + required: + - interface + type: object + type: array + serviceAccount: + description: The service account to attach to the instance. + properties: + scopes: + description: A list of service scopes. + items: + type: string + type: array + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - scopes + type: object + shieldedInstanceConfig: + description: The shielded vm config being used by the instance. + properties: + enableIntegrityMonitoring: + description: Whether integrity monitoring is enabled for the instance. + type: boolean + enableSecureBoot: + description: Whether secure boot is enabled for the instance. + type: boolean + enableVtpm: + description: Whether the instance uses vTPM. + type: boolean + type: object + tags: + description: The list of tags attached to the instance. + items: + type: string + type: array + zone: + description: Immutable. The zone of the instance. If self_link is + provided, this value is ignored. If neither self_link nor zone are + provided, the provider zone is used. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + cpuPlatform: + description: The CPU platform used by this instance. + type: string + currentStatus: + description: "\n\t\t\t\t\tCurrent status of the instance.\n\t\t\t\t\tThis + could be one of the following values: PROVISIONING, STAGING, RUNNING, + STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED.\n\t\t\t\t\tFor + more information about the status of the instance, see [Instance + life cycle](https://cloud.google.com/compute/docs/instances/instance-life-cycle)." + type: string + instanceId: + description: The server-assigned unique identifier of this instance. + type: string + labelFingerprint: + description: The unique fingerprint of the labels. + type: string + metadataFingerprint: + description: The unique fingerprint of the metadata. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + tagsFingerprint: + description: The unique fingerprint of the tags. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstancetemplates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceTemplate + plural: computeinstancetemplates + shortNames: + - gcpcomputeinstancetemplate + - gcpcomputeinstancetemplates + singular: computeinstancetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + advancedMachineFeatures: + description: Immutable. Controls for advanced machine-related behavior + features. + properties: + enableNestedVirtualization: + description: Immutable. Whether to enable nested virtualization + or not. + type: boolean + threadsPerCore: + description: Immutable. The number of threads per physical core. + To disable simultaneous multithreading (SMT) set this to 1. + If unset, the maximum number of threads supported per core by + the underlying processor is assumed. + type: integer + visibleCoreCount: + description: Immutable. The number of physical cores to expose + to an instance. Multiply by the number of threads per core to + compute the total number of virtual CPUs to expose to the instance. + If unset, the number of cores is inferred from the instance\'s + nominal CPU count and the underlying platform\'s SMT width. + type: integer + type: object + canIpForward: + description: Immutable. Whether to allow sending and receiving of + packets with non-matching source or destination IPs. This defaults + to false. + type: boolean + confidentialInstanceConfig: + description: Immutable. The Confidential VM config being used by the + instance. on_host_maintenance has to be set to TERMINATE or this + will fail to create. + properties: + enableConfidentialCompute: + description: Immutable. Defines whether the instance should have + confidential compute enabled. + type: boolean + required: + - enableConfidentialCompute + type: object + description: + description: Immutable. A brief description of this resource. + type: string + disk: + description: Immutable. Disks to attach to instances created from + this template. This can be specified multiple times for multiple + disks. + items: + properties: + autoDelete: + description: Immutable. Whether or not the disk should be auto-deleted. + This defaults to true. + type: boolean + boot: + description: Immutable. Indicates that this is a boot disk. + type: boolean + deviceName: + description: Immutable. A unique device name that is reflected + into the /dev/ tree of a Linux operating system running within + the instance. If not specified, the server chooses a default + device name to apply to this disk. + type: string + diskEncryptionKey: + description: Immutable. Encrypts or decrypts a disk using a + customer-supplied encryption key. + properties: + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + diskName: + description: Immutable. Name of the disk. When not provided, + this defaults to the name of the instance. + type: string + diskSizeGb: + description: Immutable. The size of the image in gigabytes. + If not specified, it will inherit the size of its base image. + For SCRATCH disks, the size must be one of 375 or 3000 GB, + with a default of 375 GB. + type: integer + diskType: + description: Immutable. The Google Compute Engine disk type. + Such as "pd-ssd", "local-ssd", "pd-balanced" or "pd-standard". + type: string + interface: + description: Immutable. Specifies the disk interface to use + for attaching this disk. + type: string + labels: + additionalProperties: + type: string + description: Immutable. A set of key/value label pairs to assign + to disks,. + type: object + mode: + description: Immutable. The mode in which to attach this disk, + either READ_WRITE or READ_ONLY. If you are attaching or creating + a boot disk, this must read-write mode. + type: string + provisionedIops: + description: Immutable. Indicates how many IOPS to provision + for the disk. This sets the number of I/O operations per second + that the disk can handle. Values must be between 10,000 and + 120,000. For more details, see the [Extreme persistent disk + documentation](https://cloud.google.com/compute/docs/disks/extreme-persistent-disk). + type: integer + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeResourcePolicy` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceDiskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceImageEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source + image. Required if the source image is protected by a + customer-supplied encryption key. + + Instance templates do not store customer-supplied + encryption keys, so you cannot create disks for + instances in a managed instance group if the source + images are encrypted with your own keys. + properties: + kmsKeySelfLinkRef: + description: |- + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an + `IAMServiceAccount` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeySelfLinkRef + type: object + sourceImageRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeImage` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceSnapshotEncryptionKey: + description: Immutable. The customer-supplied encryption key + of the source snapshot. + properties: + kmsKeySelfLinkRef: + description: |- + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an + `IAMServiceAccount` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeySelfLinkRef + type: object + sourceSnapshotRef: + description: |- + The source snapshot to create this disk. When creating a new + instance, one of initializeParams.sourceSnapshot, + initializeParams.sourceImage, or disks.source is required except for + local SSD. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: Immutable. The type of Google Compute Engine disk, + can be either "SCRATCH" or "PERSISTENT". + type: string + type: object + type: array + enableDisplay: + description: 'Immutable. Enable Virtual Displays on this instance. + Note: allow_stopping_for_update must be set to true in order to + update this field.' + type: boolean + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the guest accelerator + cards exposed to this instance. + type: integer + type: + description: Immutable. The accelerator type resource to expose + to this instance. E.g. nvidia-tesla-t4. + type: string + required: + - count + - type + type: object + type: array + instanceDescription: + description: Immutable. A description of the instance. + type: string + machineType: + description: Immutable. The machine type to create. To create a machine + with a custom type (such as extended memory), format the value like + custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of + RAM. + type: string + metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + metadataStartupScript: + description: Immutable. An alternative to using the startup-script + metadata key, mostly to match the compute_instance resource. This + replaces the startup-script metadata key on the created instance + and thus the two mechanisms are not allowed to be used simultaneously. + type: string + minCpuPlatform: + description: Immutable. Specifies a minimum CPU platform. Applicable + values are the friendly names of CPU platforms, such as Intel Haswell + or Intel Skylake. + type: string + namePrefix: + description: Immutable. Creates a unique name beginning with the specified + prefix. Conflicts with name. + type: string + networkInterface: + description: Immutable. Networks to attach to instances created from + this template. This can be specified multiple times for multiple + networks. + items: + properties: + accessConfig: + items: + properties: + natIpRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of + a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkTier: + description: 'Immutable. The networking tier used for + configuring this instance template. This field can take + the following values: PREMIUM, STANDARD, FIXED_STANDARD. + If this field is not specified, it is assumed to be + PREMIUM.' + type: string + publicPtrDomainName: + description: The DNS domain name for the public PTR record.The + DNS domain name for the public PTR record. + type: string + type: object + type: array + aliasIpRange: + description: Immutable. An array of alias IP ranges for this + network interface. Can only be specified for network interfaces + on subnet-mode networks. + items: + properties: + ipCidrRange: + description: Immutable. The IP CIDR range represented + by this alias IP range. This IP CIDR range must belong + to the specified subnetwork and cannot contain IP addresses + reserved by system or used by other network interfaces. + At the time of writing only a netmask (e.g. /24) may + be supplied, with a CIDR format resulting in an API + error. + type: string + subnetworkRangeName: + description: Immutable. The subnetwork secondary range + name specifying the secondary range from which to allocate + the IP CIDR range for this alias IP range. If left unspecified, + the primary range of the subnetwork will be used. + type: string + required: + - ipCidrRange + type: object + type: array + internalIpv6PrefixLength: + description: The prefix length of the primary internal IPv6 + range. + type: integer + ipv6AccessConfig: + description: An array of IPv6 access configurations for this + interface. Currently, only one IPv6 access config, DIRECT_IPV6, + is supported. If there is no ipv6AccessConfig specified, then + this instance will have no external IPv6 Internet access. + items: + properties: + externalIpv6: + description: The first IPv6 address of the external IPv6 + range associated with this instance, prefix length is + stored in externalIpv6PrefixLength in ipv6AccessConfig. + The field is output only, an IPv6 address from a subnetwork + associated with the instance will be allocated dynamically. + type: string + externalIpv6PrefixLength: + description: The prefix length of the external IPv6 range. + type: string + name: + description: The name of this access configuration. + type: string + networkTier: + description: The service-level to be provided for IPv6 + traffic when the subnet has an external subnet. Only + PREMIUM tier is valid for IPv6. + type: string + publicPtrDomainName: + description: The domain name to be used when creating + DNSv6 records for the external IPv6 ranges. + type: string + required: + - networkTier + type: object + type: array + ipv6AccessType: + description: One of EXTERNAL, INTERNAL to indicate whether the + IP can be accessed from the Internet. This field is always + inherited from its subnetwork. + type: string + ipv6Address: + description: An IPv6 internal network address for this network + interface. If not specified, Google Cloud will automatically + assign an internal IPv6 address from the instance's subnetwork. + type: string + name: + description: The name of the network_interface. + type: string + networkAttachment: + description: 'Immutable. The URL of the network attachment that + this interface should connect to in the following format: + projects/{projectNumber}/regions/{region_name}/networkAttachments/{network_attachment_name}.' + type: string + networkIp: + description: Immutable. The private IP address to assign to + the instance. If empty, the address will be automatically + assigned. + type: string + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nicType: + description: Immutable. The type of vNIC to be used on this + interface. Possible values:GVNIC, VIRTIO_NET. + type: string + queueCount: + description: Immutable. The networking queue count that's specified + by users for the network interface. Both Rx and Tx queues + will be set to this number. It will be empty if not specified. + type: integer + stackType: + description: The stack type for this network interface to identify + whether the IPv6 feature is enabled or not. If not specified, + IPV4_ONLY will be used. + type: string + subnetworkProject: + description: Immutable. The ID of the project in which the subnetwork + belongs. If it is not provided, the provider project is used. + type: string + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + networkPerformanceConfig: + description: Immutable. Configures network performance settings for + the instance. If not specified, the instance will be created with + its default network performance configuration. + properties: + totalEgressBandwidthTier: + description: Immutable. The egress bandwidth tier to enable. Possible + values:TIER_1, DEFAULT. + type: string + required: + - totalEgressBandwidthTier + type: object + region: + description: Immutable. An instance template is a global resource + that is not bound to a zone or a region. However, you can still + specify some regional resources in an instance template, which restricts + the template to the region where that resource resides. For example, + a custom subnetwork resource is tied to a specific region. Defaults + to the region of the Provider if no value is given. + type: string + reservationAffinity: + description: Immutable. Specifies the reservations that this instance + can consume from. + properties: + specificReservation: + description: Immutable. Specifies the label selector for the reservation + to use. + properties: + key: + description: Immutable. Corresponds to the label key of a + reservation resource. To target a SPECIFIC_RESERVATION by + name, specify compute.googleapis.com/reservation-name as + the key and specify the name of your reservation as the + only value. + type: string + values: + description: Immutable. Corresponds to the label values of + a reservation resource. + items: + type: string + type: array + required: + - key + - values + type: object + type: + description: Immutable. The type of reservation from which this + instance can consume resources. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + scheduling: + description: Immutable. The scheduling strategy to use. + properties: + automaticRestart: + description: Immutable. Specifies whether the instance should + be automatically restarted if it is terminated by Compute Engine + (not terminated by a user). This defaults to true. + type: boolean + instanceTerminationAction: + description: Immutable. Specifies the action GCE should take when + SPOT VM is preempted. + type: string + localSsdRecoveryTimeout: + description: |- + Specifies the maximum amount of time a Local Ssd Vm should wait while + recovery of the Local Ssd state is attempted. Its value should be in + between 0 and 168 hours with hour granularity and the default value being 1 + hour. + items: + properties: + nanos: + description: |- + Immutable. Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Immutable. Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + type: array + maintenanceInterval: + description: 'Specifies the frequency of planned maintenance events. + The accepted values are: PERIODIC.' + type: string + maxRunDuration: + description: Immutable. The timeout for new network connections + to hosts. + properties: + nanos: + description: |- + Immutable. Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Immutable. Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + minNodeCpus: + description: Minimum number of cpus for the instance. + type: integer + nodeAffinities: + items: + properties: + value: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + onHostMaintenance: + description: Immutable. Defines the maintenance behavior for this + instance. + type: string + preemptible: + description: Immutable. Allows instance to be preempted. This + defaults to false. + type: boolean + provisioningModel: + description: Immutable. Whether the instance is spot. If this + is set as SPOT. + type: string + type: object + serviceAccount: + description: Immutable. Service account to attach to the instance. + properties: + scopes: + description: Immutable. A list of service scopes. Both OAuth2 + URLs and gcloud short names are supported. To allow full access + to all Cloud APIs, use the cloud-platform scope. + items: + type: string + type: array + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - scopes + type: object + shieldedInstanceConfig: + description: 'Immutable. Enable Shielded VM on this instance. Shielded + VM provides verifiable integrity to prevent against malware and + rootkits. Defaults to disabled. Note: shielded_instance_config can + only be used with boot images with shielded vm support.' + properties: + enableIntegrityMonitoring: + description: Immutable. Compare the most recent boot measurements + to the integrity policy baseline and return a pair of pass/fail + results depending on whether they match or not. Defaults to + true. + type: boolean + enableSecureBoot: + description: Immutable. Verify the digital signature of all boot + components, and halt the boot process if signature verification + fails. Defaults to false. + type: boolean + enableVtpm: + description: Immutable. Use a virtualized trusted platform module, + which is a specialized computer chip you can use to encrypt + objects like keys and certificates. Defaults to true. + type: boolean + type: object + tags: + description: Immutable. Tags to attach to the instance. + items: + type: string + type: array + required: + - disk + - machineType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + metadataFingerprint: + description: The unique fingerprint of the metadata. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + selfLinkUnique: + description: A special URI of the created resource that uniquely identifies + this instance template. + type: string + tagsFingerprint: + description: The unique fingerprint of the tags. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinterconnectattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInterconnectAttachment + plural: computeinterconnectattachments + shortNames: + - gcpcomputeinterconnectattachment + - gcpcomputeinterconnectattachments + singular: computeinterconnectattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + adminEnabled: + description: |- + Whether the VLAN attachment is enabled or disabled. When using + PARTNER type this will Pre-Activate the interconnect attachment. + type: boolean + bandwidth: + description: |- + Provisioned bandwidth capacity for the interconnect attachment. + For attachments of type DEDICATED, the user can set the bandwidth. + For attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth. + Output only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED, + Defaults to BPS_10G Possible values: ["BPS_50M", "BPS_100M", "BPS_200M", "BPS_300M", "BPS_400M", "BPS_500M", "BPS_1G", "BPS_2G", "BPS_5G", "BPS_10G", "BPS_20G", "BPS_50G"]. + type: string + candidateSubnets: + description: |- + Immutable. Up to 16 candidate prefixes that can be used to restrict the allocation + of cloudRouterIpAddress and customerRouterIpAddress for this attachment. + All prefixes must be within link-local address space (169.254.0.0/16) + and must be /29 or shorter (/28, /27, etc). Google will attempt to select + an unused /29 from the supplied candidate prefix(es). The request will + fail if all possible /29s are in use on Google's edge. If not supplied, + Google will randomly select an unused /29 from all of link-local space. + items: + type: string + type: array + description: + description: An optional description of this resource. + type: string + edgeAvailabilityDomain: + description: |- + Immutable. Desired availability domain for the attachment. Only available for type + PARTNER, at creation time. For improved reliability, customers should + configure a pair of attachments with one per availability domain. The + selected availability domain will be provided to the Partner via the + pairing key so that the provisioned circuit will lie in the specified + domain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY. + type: string + encryption: + description: |- + Immutable. Indicates the user-supplied encryption option of this interconnect + attachment. Can only be specified at attachment creation for PARTNER or + DEDICATED attachments. + + * NONE - This is the default value, which means that the VLAN attachment + carries unencrypted traffic. VMs are able to send traffic to, or receive + traffic from, such a VLAN attachment. + + * IPSEC - The VLAN attachment carries only encrypted traffic that is + encrypted by an IPsec device, such as an HA VPN gateway or third-party + IPsec VPN. VMs cannot directly send traffic to, or receive traffic from, + such a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN + attachment must be created with this option. Default value: "NONE" Possible values: ["NONE", "IPSEC"]. + type: string + interconnect: + description: |- + Immutable. URL of the underlying Interconnect object that this attachment's + traffic will traverse through. Required if type is DEDICATED, must not + be set if type is PARTNER. + type: string + ipsecInternalAddresses: + items: + description: |- + Immutable. The addresses that have been reserved for the + interconnect attachment. Used only for interconnect attachment that + has the encryption option as IPSEC. + + The addresses must be RFC 1918 IP address ranges. When creating HA + VPN gateway over the interconnect attachment, if the attachment is + configured to use an RFC 1918 IP address, then the VPN gateway's IP + address will be allocated from the IP address range specified + here. + + For example, if the HA VPN gateway's interface 0 is paired to this + interconnect attachment, then an RFC 1918 IP address for the VPN + gateway interface 0 will be allocated from the IP address specified + for this interconnect attachment. + + If this field is not specified for interconnect attachment that has + encryption option as IPSEC, later on when creating HA VPN gateway on + this interconnect attachment, the HA VPN gateway's IP address will + be allocated from regional external IP address pool. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + mtu: + description: |- + Maximum Transmission Unit (MTU), in bytes, of packets passing through + this interconnect attachment. Currently, only 1440 and 1500 are allowed. If not specified, the value will default to 1440. + type: string + region: + description: Region where the regional interconnect attachment resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + description: |- + The Cloud Router to be used for dynamic routing. This router must + be in the same region as this ComputeInterconnectAttachment. The + ComputeInterconnectAttachment will automatically connect the + interconnect to the network & region within which the Cloud Router + is configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: |- + Immutable. The type of InterconnectAttachment you wish to create. Defaults to + DEDICATED. Possible values: ["DEDICATED", "PARTNER", "PARTNER_PROVIDER"]. + type: string + vlanTag8021q: + description: |- + Immutable. The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When + using PARTNER type this will be managed upstream. + type: integer + required: + - region + - routerRef + type: object + status: + properties: + cloudRouterIpAddress: + description: |- + IPv4 address + prefix length to be configured on Cloud Router + Interface for this interconnect attachment. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + customerRouterIpAddress: + description: |- + IPv4 address + prefix length to be configured on the customer + router subinterface for this interconnect attachment. + type: string + googleReferenceId: + description: |- + Google reference ID, to be used when raising support tickets with + Google or otherwise to debug backend connectivity issues. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pairingKey: + description: |- + [Output only for type PARTNER. Not present for DEDICATED]. The opaque + identifier of an PARTNER attachment used to initiate provisioning with + a selected partner. Of the form "XXXXX/region/domain". + type: string + partnerAsn: + description: |- + [Output only for type PARTNER. Not present for DEDICATED]. Optional + BGP ASN for the router that should be supplied by a layer 3 Partner if + they configured BGP on behalf of the customer. + type: string + privateInterconnectInfo: + description: |- + Information specific to an InterconnectAttachment. This property + is populated if the interconnect that this is attached to is of type DEDICATED. + properties: + tag8021q: + description: |- + 802.1q encapsulation tag to be used for traffic between + Google and the customer, going to and from this network and region. + type: integer + type: object + selfLink: + type: string + state: + description: '[Output Only] The current state of this attachment''s + functionality.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computemachineimages.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeMachineImage + plural: computemachineimages + shortNames: + - gcpcomputemachineimage + - gcpcomputemachineimages + singular: computemachineimage + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. A text description of the resource. + type: string + guestFlush: + description: |- + Immutable. Specify this to create an application consistent machine image by informing the OS to prepare for the snapshot process. + Currently only supported on Windows instances using the Volume Shadow Copy Service (VSS). + type: boolean + machineImageEncryptionKey: + description: |- + Immutable. Encrypts the machine image using a customer-supplied encryption key. + + After you encrypt a machine image with a customer-supplied key, you must + provide the same key if you use the machine image later (e.g. to create a + instance from the image). + properties: + kmsKeyName: + description: Immutable. The name of the encryption key that is + stored in Google Cloud KMS. + type: string + kmsKeyServiceAccount: + description: |- + Immutable. The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + type: string + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + type: string + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the + customer-supplied encryption key that protects this resource. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceInstanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + - sourceInstanceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + storageLocations: + description: The regional or multi-regional Cloud Storage bucket location + where the machine image is stored. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computemanagedsslcertificates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeManagedSSLCertificate + plural: computemanagedsslcertificates + shortNames: + - gcpcomputemanagedsslcertificate + - gcpcomputemanagedsslcertificates + singular: computemanagedsslcertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + managed: + description: |- + Immutable. Properties relevant to a managed certificate. These will be used if the + certificate is managed (as indicated by a value of 'MANAGED' in 'type'). + properties: + domains: + description: |- + Immutable. Domains for which a managed SSL certificate will be valid. Currently, + there can be up to 100 domains in this list. + items: + type: string + type: array + required: + - domains + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. Enum field whose value is always 'MANAGED' - used to signal to the API + which type this is. Default value: "MANAGED" Possible values: ["MANAGED"]. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + certificateID: + description: The unique identifier for the resource. + type: integer + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + expireTime: + description: Expire time of the certificate in RFC3339 text format. + type: string + selfLink: + type: string + subjectAlternativeNames: + description: Domains associated with the certificate via Subject + Alternative Name. + items: + type: string + type: array + type: object + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + managed: + description: |- + Immutable. Properties relevant to a managed certificate. These will be used if the + certificate is managed (as indicated by a value of 'MANAGED' in 'type'). + properties: + domains: + description: |- + Immutable. Domains for which a managed SSL certificate will be valid. Currently, + there can be up to 100 domains in this list. + items: + type: string + type: array + required: + - domains + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. Enum field whose value is always 'MANAGED' - used to signal to the API + which type this is. Default value: "MANAGED" Possible values: ["MANAGED"]. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + certificateID: + description: The unique identifier for the resource. + type: integer + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + expireTime: + description: Expire time of the certificate in RFC3339 text format. + type: string + selfLink: + type: string + subjectAlternativeNames: + description: Domains associated with the certificate via Subject + Alternative Name. + items: + type: string + type: array + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkendpointgroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkEndpointGroup + plural: computenetworkendpointgroups + shortNames: + - gcpcomputenetworkendpointgroup + - gcpcomputenetworkendpointgroups + singular: computenetworkendpointgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultPort: + description: |- + Immutable. The default port used if the port number is not specified in the + network endpoint. + type: integer + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeNetworkEndpointGroup. Specify a zone name. Reference: GCP + definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + networkEndpointType: + description: |- + Immutable. Type of network endpoints in this network endpoint group. + NON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network + endpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid). + Note that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services + that 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED, + INTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or + CONNECTION balancing modes. + + Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, and NON_GCP_PRIVATE_IP_PORT. Default value: "GCE_VM_IP_PORT" Possible values: ["GCE_VM_IP", "GCE_VM_IP_PORT", "NON_GCP_PRIVATE_IP_PORT"]. + type: string + networkRef: + description: |- + The network to which all network endpoints in the NEG belong. Uses + "default" project network if unspecified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnetworkRef: + description: Optional subnetwork to which all network endpoints in + the NEG belong. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - networkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + size: + description: Number of network endpoints in the network endpoint group. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkendpoints.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkEndpoint + plural: computenetworkendpoints + shortNames: + - gcpcomputenetworkendpoint + - gcpcomputenetworkendpoints + singular: computenetworkendpoint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + instanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipAddress: + description: |- + Immutable. IPv4 address of network endpoint. The IP address must belong + to a VM in GCE (either the primary IP or as part of an aliased IP + range). + type: string + networkEndpointGroupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNetworkEndpointGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The port of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. Zone where the containing network endpoint + group is located. + type: string + required: + - ipAddress + - networkEndpointGroupRef + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkfirewallpolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkFirewallPolicy + plural: computenetworkfirewallpolicies + shortNames: + - gcpcomputenetworkfirewallpolicy + - gcpcomputenetworkfirewallpolicies + singular: computenetworkfirewallpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional description of this resource. Provide this + property when you create the resource. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + fingerprint: + description: Fingerprint of the resource. This field is used internally + during updates of this resource. + type: string + networkFirewallPolicyId: + description: The unique identifier for the resource. This identifier + is defined by the server. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + ruleTupleCount: + description: Total count of all firewall policy rule tuples. A firewall + policy can not exceed a set number of tuples. + type: integer + selfLink: + description: Server-defined URL for the resource. + type: string + selfLinkWithId: + description: Server-defined URL for this resource with the resource + id. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkfirewallpolicyassociations.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkFirewallPolicyAssociation + plural: computenetworkfirewallpolicyassociations + shortNames: + - gcpcomputenetworkfirewallpolicyassociation + - gcpcomputenetworkfirewallpolicyassociations + singular: computenetworkfirewallpolicyassociation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attachmentTargetRef: + description: The target that the firewall policy is attached to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + firewallPolicyRef: + description: The firewall policy ID of the association. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `networkFirewallPolicyId` field + of a `ComputeNetworkFirewallPolicy` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - attachmentTargetRef + - firewallPolicyRef + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + shortName: + description: The short name of the firewall policy of the association. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkfirewallpolicyrules.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkFirewallPolicyRule + plural: computenetworkfirewallpolicyrules + shortNames: + - gcpcomputenetworkfirewallpolicyrule + - gcpcomputenetworkfirewallpolicyrules + singular: computenetworkfirewallpolicyrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: The Action to perform when the client connection triggers + the rule. Valid actions are "allow", "deny" and "goto_next". + type: string + description: + description: An optional description for this resource. + type: string + direction: + description: 'The direction in which this rule applies. Possible values: + INGRESS, EGRESS.' + type: string + disabled: + description: Denotes whether the firewall policy rule is disabled. + When set to true, the firewall policy rule is not enforced and traffic + behaves as if it did not exist. If this is unspecified, the firewall + policy rule will be enabled. + type: boolean + enableLogging: + description: 'Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the configured export + destination in Stackdriver. Logs may be exported to BigQuery or + Pub/Sub. Note: you cannot enable logging on "goto_next" rules.' + type: boolean + firewallPolicyRef: + description: The firewall policy of the resource. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `networkFirewallPolicyId` field + of a `ComputeNetworkFirewallPolicy` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding 'action' is + enforced. + properties: + destAddressGroups: + description: Address groups which should be matched against the + traffic destination. Maximum number of destination address groups + is 10. Destination address groups is only supported in Egress + rules. + items: + type: string + type: array + destFqdns: + description: Domain names that will be used to match against the + resolved domain name of destination of traffic. Can only be + specified if DIRECTION is egress. + items: + type: string + type: array + destIpRanges: + description: CIDR IP address range. Maximum number of destination + CIDR IP ranges allowed is 5000. + items: + type: string + type: array + destRegionCodes: + description: The Unicode country codes whose IP addresses will + be used to match against the source of traffic. Can only be + specified if DIRECTION is egress. + items: + type: string + type: array + destThreatIntelligences: + description: Name of the Google Cloud Threat Intelligence list. + items: + type: string + type: array + layer4Configs: + description: Pairs of IP protocols and ports that the rule should + match. + items: + properties: + ipProtocol: + description: The IP protocol to which this rule applies. + The protocol type is required when creating a firewall + rule. This value can either be one of the following well + known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, + `ipip`, `sctp`), or the IP protocol number. + type: string + ports: + description: 'An optional list of ports to which this rule + applies. This field is only applicable for UDP or TCP + protocol. Each entry must be either an integer or a range. + If not specified, this rule applies to connections through + any port. Example inputs include: ``.' + items: + type: string + type: array + required: + - ipProtocol + type: object + type: array + srcAddressGroups: + description: Address groups which should be matched against the + traffic source. Maximum number of source address groups is 10. + Source address groups is only supported in Ingress rules. + items: + type: string + type: array + srcFqdns: + description: Domain names that will be used to match against the + resolved domain name of source of traffic. Can only be specified + if DIRECTION is ingress. + items: + type: string + type: array + srcIpRanges: + description: CIDR IP address range. Maximum number of source CIDR + IP ranges allowed is 5000. + items: + type: string + type: array + srcRegionCodes: + description: The Unicode country codes whose IP addresses will + be used to match against the source of traffic. Can only be + specified if DIRECTION is ingress. + items: + type: string + type: array + srcSecureTags: + description: List of secure tag values, which should be matched + at the source of the traffic. For INGRESS rule, if all the srcSecureTag + are INEFFECTIVE, and there is no srcIpRange, this + rule will be ignored. Maximum number of source tag values allowed + is 256. + items: + properties: + name: + description: Name of the secure tag, created with TagManager's + TagValue API. @pattern tagValues/[0-9]+. + type: string + state: + description: '[Output Only] State of the secure tag, either + `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` + when it is deleted or its network is deleted.' + type: string + required: + - name + type: object + type: array + srcThreatIntelligences: + description: Name of the Google Cloud Threat Intelligence list. + items: + type: string + type: array + required: + - layer4Configs + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The priority of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + ruleName: + description: An optional name for the rule. This field is not a unique + identifier and can be updated. + type: string + targetSecureTags: + description: A list of secure tags that controls which instances the + firewall rule applies to. If targetSecureTag are specified, + then the firewall rule applies only to instances in the VPC network + that have one of those EFFECTIVE secure tags, if all the target_secure_tag + are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag + may not be set at the same time as targetServiceAccounts. + If neither targetServiceAccounts nor targetSecureTag + are specified, the firewall rule applies to all instances on the + specified network. Maximum number of target label tags allowed is + 256. + items: + properties: + name: + description: Name of the secure tag, created with TagManager's + TagValue API. @pattern tagValues/[0-9]+. + type: string + state: + description: '[Output Only] State of the secure tag, either + `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` + when it is deleted or its network is deleted.' + type: string + required: + - name + type: object + type: array + targetServiceAccountRefs: + items: + description: A list of service accounts indicating the sets of instances + that are applied with this rule + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - action + - direction + - firewallPolicyRef + - match + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + kind: + description: Type of the resource. Always `compute#firewallPolicyRule` + for firewall policy rules. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + ruleTupleCount: + description: Calculation of the complexity of a single firewall policy + rule. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkpeeringroutesconfigs.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkPeeringRoutesConfig + plural: computenetworkpeeringroutesconfigs + shortNames: + - gcpcomputenetworkpeeringroutesconfig + - gcpcomputenetworkpeeringroutesconfigs + singular: computenetworkpeeringroutesconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + exportCustomRoutes: + description: Whether to export the custom routes to the peer network. + type: boolean + importCustomRoutes: + description: Whether to import the custom routes to the peer network. + type: boolean + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The peering of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - exportCustomRoutes + - importCustomRoutes + - networkRef + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkpeerings.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkPeering + plural: computenetworkpeerings + shortNames: + - gcpcomputenetworkpeering + - gcpcomputenetworkpeerings + singular: computenetworkpeering + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + exportCustomRoutes: + description: Whether to export the custom routes to the peer network. + Defaults to false. + type: boolean + exportSubnetRoutesWithPublicIp: + description: Immutable. + type: boolean + importCustomRoutes: + description: Whether to export the custom routes from the peer network. + Defaults to false. + type: boolean + importSubnetRoutesWithPublicIp: + description: Immutable. + type: boolean + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + peerNetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + stackType: + description: 'Which IP version(s) of traffic and routes are allowed + to be imported or exported between peer networks. The default value + is IPV4_ONLY. Possible values: ["IPV4_ONLY", "IPV4_IPV6"].' + type: string + required: + - networkRef + - peerNetworkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: State for the peering, either ACTIVE or INACTIVE. The + peering is ACTIVE when there's a matching configuration in the peer + network. + type: string + stateDetails: + description: Details about the current state of the peering. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetwork + plural: computenetworks + shortNames: + - gcpcomputenetwork + - gcpcomputenetworks + singular: computenetwork + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoCreateSubnetworks: + description: |- + Immutable. When set to 'true', the network is created in "auto subnet mode" and + it will create a subnet for each region automatically across the + '10.128.0.0/9' address range. + + When set to 'false', the network is created in "custom subnet mode" so + the user can explicitly connect subnetwork resources. + type: boolean + deleteDefaultRoutesOnCreate: + description: |- + If set to 'true', default routes ('0.0.0.0/0') will be deleted + immediately after network creation. Defaults to 'false'. + type: boolean + description: + description: |- + Immutable. An optional description of this resource. The resource must be + recreated to modify this field. + type: string + enableUlaInternalIpv6: + description: |- + Enable ULA internal ipv6 on this network. Enabling this feature will assign + a /48 from google defined ULA prefix fd20::/20. + type: boolean + internalIpv6Range: + description: |- + Immutable. When enabling ula internal ipv6, caller optionally can specify the /48 range + they want from the google defined ULA prefix fd20::/20. The input must be a + valid /48 ULA IPv6 address and must be within the fd20::/20. Operation will + fail if the speficied /48 is already in used by another resource. + If the field is not speficied, then a /48 range will be randomly allocated from fd20::/20 and returned via this field. + type: string + mtu: + description: |- + Immutable. Maximum Transmission Unit in bytes. The default value is 1460 bytes. + The minimum value for this field is 1300 and the maximum value is 8896 bytes (jumbo frames). + Note that packets larger than 1500 bytes (standard Ethernet) can be subject to TCP-MSS clamping or dropped + with an ICMP 'Fragmentation-Needed' message if the packets are routed to the Internet or other VPCs + with varying MTUs. + type: integer + networkFirewallPolicyEnforcementOrder: + description: 'Set the order that Firewall Rules and Firewall Policies + are evaluated. Default value: "AFTER_CLASSIC_FIREWALL" Possible + values: ["BEFORE_CLASSIC_FIREWALL", "AFTER_CLASSIC_FIREWALL"].' + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routingMode: + description: |- + The network-wide routing mode to use. If set to 'REGIONAL', this + network's cloud routers will only advertise routes with subnetworks + of this network in the same region as the router. If set to 'GLOBAL', + this network's cloud routers will advertise routes with all + subnetworks of this network, across regions. Possible values: ["REGIONAL", "GLOBAL"]. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + gatewayIpv4: + description: |- + The gateway address for default routing out of the network. This value + is selected by GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenodegroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNodeGroup + plural: computenodegroups + shortNames: + - gcpcomputenodegroup + - gcpcomputenodegroups + singular: computenodegroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscalingPolicy: + description: |- + Immutable. If you use sole-tenant nodes for your workloads, you can use the node + group autoscaler to automatically manage the sizes of your node groups. + properties: + maxNodes: + description: |- + Immutable. Maximum size of the node group. Set to a value less than or equal + to 100 and greater than or equal to min-nodes. + type: integer + minNodes: + description: |- + Immutable. Minimum size of the node group. Must be less + than or equal to max-nodes. The default value is 0. + type: integer + mode: + description: |- + Immutable. The autoscaling mode. Set to one of the following: + - OFF: Disables the autoscaler. + - ON: Enables scaling in and scaling out. + - ONLY_SCALE_OUT: Enables only scaling out. + You must use this mode if your node groups are configured to + restart their hosted VMs on minimal servers. Possible values: ["OFF", "ON", "ONLY_SCALE_OUT"]. + type: string + type: object + description: + description: Immutable. An optional textual description of the resource. + type: string + initialSize: + description: Immutable. The initial number of nodes in the node group. + One of 'initial_size' or 'size' must be specified. + type: integer + maintenancePolicy: + description: 'Immutable. Specifies how to handle instances when a + node in the group undergoes maintenance. Set to one of: DEFAULT, + RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value + is DEFAULT.' + type: string + maintenanceWindow: + description: Immutable. contains properties for the timeframe of maintenance. + properties: + startTime: + description: Immutable. instances.start time of the window. This + must be in UTC format that resolves to one of 00:00, 04:00, + 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and + 08:00 are valid. + type: string + required: + - startTime + type: object + nodeTemplateRef: + description: The node template to which this node group belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNodeTemplate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + shareSettings: + description: Immutable. Share settings for the node group. + properties: + projectMap: + description: Immutable. A map of project id and project config. + This is only valid when shareType's value is SPECIFIC_PROJECTS. + items: + properties: + idRef: + description: The key of this project config in the parent + map. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectIdRef: + description: |- + The project id/number should be the same as the key of this project + config in the project map. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - idRef + - projectIdRef + type: object + type: array + shareType: + description: 'Immutable. Node group sharing type. Possible values: + ["ORGANIZATION", "SPECIFIC_PROJECTS", "LOCAL"].' + type: string + required: + - shareType + type: object + size: + description: Immutable. The total number of nodes in the node group. + One of 'initial_size' or 'size' must be specified. + type: integer + zone: + description: Immutable. Zone where this node group is located. + type: string + required: + - nodeTemplateRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenodetemplates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNodeTemplate + plural: computenodetemplates + shortNames: + - gcpcomputenodetemplate + - gcpcomputenodetemplates + singular: computenodetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cpuOvercommitType: + description: 'Immutable. CPU overcommit. Default value: "NONE" Possible + values: ["ENABLED", "NONE"].' + type: string + description: + description: Immutable. An optional textual description of the resource. + type: string + nodeType: + description: |- + Immutable. Node type to use for nodes group that are created from this template. + Only one of nodeTypeFlexibility and nodeType can be specified. + type: string + nodeTypeFlexibility: + description: |- + Immutable. Flexible properties for the desired node type. Node groups that + use this node template will create nodes of a type that matches + these properties. Only one of nodeTypeFlexibility and nodeType can + be specified. + properties: + cpus: + description: Immutable. Number of virtual CPUs to use. + type: string + localSsd: + description: Use local SSD. + type: string + memory: + description: Immutable. Physical memory available to the node, + defined in MB. + type: string + type: object + region: + description: |- + Immutable. Region where nodes using the node template will be created. + If it is not provided, the provider region is used. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serverBinding: + description: |- + Immutable. The server binding policy for nodes using this template. Determines + where the nodes should restart following a maintenance event. + properties: + type: + description: |- + Immutable. Type of server binding policy. If 'RESTART_NODE_ON_ANY_SERVER', + nodes using this template will restart on any physical server + following a maintenance event. + + If 'RESTART_NODE_ON_MINIMAL_SERVER', nodes using this template + will restart on the same physical server following a maintenance + event, instead of being live migrated to or restarted on a new + physical server. This option may be useful if you are using + software licenses tied to the underlying server characteristics + such as physical sockets or cores, to avoid the need for + additional licenses when maintenance occurs. However, VMs on such + nodes will experience outages while maintenance is applied. Possible values: ["RESTART_NODE_ON_ANY_SERVER", "RESTART_NODE_ON_MINIMAL_SERVERS"]. + type: string + required: + - type + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeorganizationsecuritypolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeOrganizationSecurityPolicy + plural: computeorganizationsecuritypolicies + shortNames: + - gcpcomputeorganizationsecuritypolicy + - gcpcomputeorganizationsecuritypolicies + singular: computeorganizationsecuritypolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A textual description for the organization security policy. + type: string + displayName: + description: Immutable. A textual name of the security policy. + type: string + parent: + description: |- + Immutable. The parent of this OrganizationSecurityPolicy in the Cloud Resource Hierarchy. + Format: organizations/{organization_id} or folders/{folder_id}. + type: string + resourceID: + description: Immutable. Optional. The policyId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The type indicates the intended use of the security policy. + For organization security policies, the only supported type + is "FIREWALL". Default value: "FIREWALL" Possible values: ["FIREWALL"]. + type: string + required: + - displayName + - parent + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + fingerprint: + description: |- + Fingerprint of this resource. This field is used internally during + updates of this resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + policyId: + description: The unique identifier for the resource. This identifier + is defined by the server. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeorganizationsecuritypolicyassociations.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeOrganizationSecurityPolicyAssociation + plural: computeorganizationsecuritypolicyassociations + shortNames: + - gcpcomputeorganizationsecuritypolicyassociation + - gcpcomputeorganizationsecuritypolicyassociations + singular: computeorganizationsecuritypolicyassociation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attachmentId: + description: Immutable. The resource that the security policy is attached + to. + type: string + policyId: + description: Immutable. The security policy ID of the association. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - attachmentId + - policyId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + displayName: + description: The display name of the security policy of the association. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeorganizationsecuritypolicyrules.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeOrganizationSecurityPolicyRule + plural: computeorganizationsecuritypolicyrules + shortNames: + - gcpcomputeorganizationsecuritypolicyrule + - gcpcomputeorganizationsecuritypolicyrules + singular: computeorganizationsecuritypolicyrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: |- + The Action to perform when the client connection triggers the rule. Can currently be either + "allow", "deny" or "goto_next". + type: string + description: + description: A description of the rule. + type: string + direction: + description: 'The direction in which this rule applies. If unspecified + an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"].' + type: string + enableLogging: + description: |- + Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the + configured export destination in Stackdriver. + type: boolean + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding 'action' is + enforced. + properties: + config: + description: The configuration options for matching the rule. + properties: + destIpRanges: + description: |- + Destination IP address range in CIDR format. Required for + EGRESS rules. + items: + type: string + type: array + layer4Config: + description: Pairs of IP protocols and ports that the rule + should match. + items: + properties: + ipProtocol: + description: |- + The IP protocol to which this rule applies. The protocol + type is required when creating a firewall rule. + This value can either be one of the following well + known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), + or the IP protocol number. + type: string + ports: + description: |- + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + items: + type: string + type: array + required: + - ipProtocol + type: object + type: array + srcIpRanges: + description: |- + Source IP address range in CIDR format. Required for + INGRESS rules. + items: + type: string + type: array + required: + - layer4Config + type: object + description: + description: A description of the rule. + type: string + versionedExpr: + description: |- + Preconfigured versioned expression. For organization security policy rules, + the only supported type is "FIREWALL". Default value: "FIREWALL" Possible values: ["FIREWALL"]. + type: string + required: + - config + type: object + policyId: + description: Immutable. The ID of the OrganizationSecurityPolicy this + rule applies to. + type: string + preview: + description: If set to true, the specified action is not enforced. + type: boolean + resourceID: + description: Immutable. Optional. The priority of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + targetResources: + description: |- + A list of network resource URLs to which this rule applies. + This field allows you to control which network's VMs get + this rule. If this field is left blank, all VMs + within the organization will receive the rule. + items: + type: string + type: array + targetServiceAccounts: + description: |- + A list of service accounts indicating the sets of + instances that are applied with this rule. + items: + type: string + type: array + required: + - action + - match + - policyId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computepacketmirrorings.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputePacketMirroring + plural: computepacketmirrorings + shortNames: + - gcpcomputepacketmirroring + - gcpcomputepacketmirrorings + singular: computepacketmirroring + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + collectorIlb: + description: The Forwarding Rule resource of type `loadBalancingScheme=INTERNAL` + that will be used as collector for mirrored traffic. The specified + forwarding rule must have `isMirroringCollector` set to true. + properties: + urlRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the forwarding rule representing the ILB configured as destination of the mirrored traffic. + + Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - urlRef + type: object + description: + description: An optional description of this resource. Provide this + property when you create the resource. + type: string + enable: + description: Indicates whether or not this packet mirroring takes + effect. If set to FALSE, this packet mirroring policy will not be + enforced on the network. The default is TRUE. + type: string + filter: + description: Filter for mirrored traffic. If unspecified, all traffic + is mirrored. + properties: + cidrRanges: + description: IP CIDR ranges that apply as filter on the source + (ingress) or destination (egress) IP in the IP header. Only + IPv4 is supported. If no ranges are specified, all traffic that + matches the specified IPProtocols is mirrored. If neither cidrRanges + nor IPProtocols is specified, all traffic is mirrored. + items: + type: string + type: array + direction: + description: Direction of traffic to mirror, either INGRESS, EGRESS, + or BOTH. The default is BOTH. + type: string + ipProtocols: + description: Protocols that apply as filter on mirrored traffic. + If no protocols are specified, all traffic that matches the + specified CIDR ranges is mirrored. If neither cidrRanges nor + IPProtocols is specified, all traffic is mirrored. + items: + type: string + type: array + type: object + location: + description: Immutable. The location for the resource + type: string + mirroredResources: + description: PacketMirroring mirroredResourceInfos. MirroredResourceInfo + specifies a set of mirrored VM instances, subnetworks and/or tags + for which traffic from/to all VM instances will be mirrored. + properties: + instances: + description: A set of virtual machine instances that are being + mirrored. They must live in zones contained in the same region + as this packetMirroring. Note that this config will apply only + to those network interfaces of the Instances that belong to + the network specified in this packetMirroring. You may specify + a maximum of 50 Instances. + items: + properties: + canonicalUrl: + description: Immutable. Output only. Unique identifier for + the instance; defined by the server. + type: string + urlRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the virtual machine instance which is being mirrored. + + Allowed value: The `selfLink` field of a `ComputeInstance` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + subnetworks: + description: Immutable. A set of subnetworks for which traffic + from/to all VM instances will be mirrored. They must live in + the same region as this packetMirroring. You may specify a maximum + of 5 subnetworks. + items: + properties: + canonicalUrl: + description: Immutable. Output only. Unique identifier for + the subnetwork; defined by the server. + type: string + urlRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the subnetwork for which traffic from/to all VM instances will be mirrored. + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + tags: + description: A set of mirrored tags. Traffic from/to all VM instances + that have one or more of these tags will be mirrored. + items: + type: string + type: array + type: object + network: + description: Immutable. Specifies the mirrored VPC network. Only packets + in this network will be mirrored. All mirrored VMs should have a + NIC in the given network. All mirrored subnetworks should belong + to the given network. + properties: + urlRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + URL of the network resource. + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - urlRef + type: object + priority: + description: The priority of applying this configuration. Priority + is used to break ties in cases where there is more than one matching + rule. In the case of two rules that apply for a given Instance, + the one with the lowest-numbered priority value wins. Default value + is 1000. Valid range is 0 through 65535. + format: int64 + type: integer + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - collectorIlb + - location + - mirroredResources + - network + - projectRef + type: object + status: + properties: + collectorIlb: + properties: + canonicalUrl: + description: Output only. Unique identifier for the forwarding + rule; defined by the server. + type: string + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + id: + description: Output only. The unique identifier for the resource. + This identifier is defined by the server. + format: int64 + type: integer + network: + properties: + canonicalUrl: + description: Output only. Unique identifier for the network; defined + by the server. + type: string + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: URI of the region where the packetMirroring resides. + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeperinstanceconfigs.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputePerInstanceConfig + plural: computeperinstanceconfigs + shortNames: + - gcpcomputeperinstanceconfig + - gcpcomputeperinstanceconfigs + singular: computeperinstanceconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + instanceGroupManagerRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInstanceGroupManager` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + minimalAction: + description: |- + The minimal action to perform on the instance during an update. + Default is 'NONE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + mostDisruptiveAllowedAction: + description: |- + The most disruptive action to perform on the instance during an update. + Default is 'REPLACE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + preservedState: + description: The preserved state for this instance. + properties: + disk: + description: Stateful disks for the instance. + items: + properties: + deleteRule: + description: |- + A value that prescribes what should happen to the stateful disk when the VM instance is deleted. + The available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'. + 'NEVER' - detach the disk when the VM is deleted, but do not delete the disk. + 'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently + deleted from the instance group. Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"]. + type: string + deviceName: + description: A unique device name that is reflected into + the /dev/ tree of a Linux operating system running within + the instance. + type: string + mode: + description: 'The mode of the disk. Default value: "READ_WRITE" + Possible values: ["READ_ONLY", "READ_WRITE"].' + type: string + source: + description: |- + The URI of an existing persistent disk to attach under the specified device-name in the format + 'projects/project-id/zones/zone/disks/disk-name'. + type: string + required: + - deviceName + - source + type: object + type: array + externalIp: + description: Preserved external IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + internalIp: + description: Preserved internal IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + metadata: + additionalProperties: + type: string + description: Preserved metadata defined for this instance. This + is a list of key->value pairs. + type: object + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + removeInstanceStateOnDestroy: + description: |- + When true, deleting this config will immediately remove any specified state from the underlying instance. + When false, deleting this config will *not* immediately remove any state from the underlying instance. + State will be removed on the next instance recreation or update. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. Zone where the containing instance group manager + is located. + type: string + required: + - instanceGroupManagerRef + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeprojectmetadatas.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeProjectMetadata + plural: computeprojectmetadatas + shortNames: + - gcpcomputeprojectmetadata + - gcpcomputeprojectmetadatas + singular: computeprojectmetadata + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + metadata: + additionalProperties: + type: string + description: A series of key value pairs. + type: object + required: + - metadata + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregionautoscalers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionAutoscaler + plural: computeregionautoscalers + shortNames: + - gcpcomputeregionautoscaler + - gcpcomputeregionautoscalers + singular: computeregionautoscaler + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscalingPolicy: + description: |- + The configuration parameters for the autoscaling algorithm. You can + define one or more of the policies for an autoscaler: cpuUtilization, + customMetricUtilizations, and loadBalancingUtilization. + + If none of these are specified, the default will be to autoscale based + on cpuUtilization to 0.6 or 60%. + properties: + cooldownPeriod: + description: |- + The number of seconds that the autoscaler should wait before it + starts collecting information from a new instance. This prevents + the autoscaler from collecting information when the instance is + initializing, during which the collected usage would not be + reliable. The default time autoscaler waits is 60 seconds. + + Virtual machine initialization times might vary because of + numerous factors. We recommend that you test how long an + instance may take to initialize. To do this, create an instance + and time the startup process. + type: integer + cpuUtilization: + description: |- + Defines the CPU utilization policy that allows the autoscaler to + scale based on the average CPU utilization of a managed instance + group. + properties: + predictiveMethod: + description: |- + Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are: + + - NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics. + + - OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand. + type: string + target: + description: |- + The target CPU utilization that the autoscaler should maintain. + Must be a float value in the range (0, 1]. If not specified, the + default is 0.6. + + If the CPU level is below the target utilization, the autoscaler + scales down the number of instances until it reaches the minimum + number of instances you specified or until the average CPU of + your instances reaches the target utilization. + + If the average CPU is above the target utilization, the autoscaler + scales up until it reaches the maximum number of instances you + specified or until the average utilization reaches the target + utilization. + type: number + required: + - target + type: object + loadBalancingUtilization: + description: Configuration parameters of autoscaling based on + a load balancer. + properties: + target: + description: |- + Fraction of backend capacity utilization (set in HTTP(s) load + balancing configuration) that autoscaler should maintain. Must + be a positive float value. If not defined, the default is 0.8. + type: number + required: + - target + type: object + maxReplicas: + description: |- + The maximum number of instances that the autoscaler can scale up + to. This is required when creating or updating an autoscaler. The + maximum number of replicas should not be lower than minimal number + of replicas. + type: integer + metric: + description: Configuration parameters of autoscaling based on + a custom metric. + items: + properties: + filter: + description: |- + A filter string to be used as the filter string for + a Stackdriver Monitoring TimeSeries.list API call. + This filter is used to select a specific TimeSeries for + the purpose of autoscaling and to determine whether the metric + is exporting per-instance or per-group data. + + You can only use the AND operator for joining selectors. + You can only use direct equality comparison operator (=) without + any functions for each selector. + You can specify the metric in both the filter string and in the + metric field. However, if specified in both places, the metric must + be identical. + + The monitored resource type determines what kind of values are + expected for the metric. If it is a gce_instance, the autoscaler + expects the metric to include a separate TimeSeries for each + instance in a group. In such a case, you cannot filter on resource + labels. + + If the resource type is any other value, the autoscaler expects + this metric to contain values that apply to the entire autoscaled + instance group and resource label filtering can be performed to + point autoscaler at the correct TimeSeries to scale upon. + This is called a per-group metric for the purpose of autoscaling. + + If not specified, the type defaults to gce_instance. + + You should provide a filter that is selective enough to pick just + one TimeSeries for the autoscaled group or for each of the instances + (if you are using gce_instance resource type). If multiple + TimeSeries are returned upon the query execution, the autoscaler + will sum their respective values to obtain its scaling value. + type: string + name: + description: |- + The identifier (type) of the Stackdriver Monitoring metric. + The metric cannot have negative values. + + The metric must have a value type of INT64 or DOUBLE. + type: string + singleInstanceAssignment: + description: |- + If scaling is based on a per-group metric value that represents the + total amount of work to be done or resource usage, set this value to + an amount assigned for a single instance of the scaled group. + The autoscaler will keep the number of instances proportional to the + value of this metric, the metric itself should not change value due + to group resizing. + + For example, a good metric to use with the target is + 'pubsub.googleapis.com/subscription/num_undelivered_messages' + or a custom metric exporting the total number of requests coming to + your instances. + + A bad example would be a metric exporting an average or median + latency, since this value can't include a chunk assignable to a + single instance, it could be better used with utilization_target + instead. + type: number + target: + description: |- + The target value of the metric that autoscaler should + maintain. This must be a positive value. A utilization + metric scales number of virtual machines handling requests + to increase or decrease proportionally to the metric. + + For example, a good metric to use as a utilizationTarget is + www.googleapis.com/compute/instance/network/received_bytes_count. + The autoscaler will work to keep this value constant for each + of the instances. + type: number + type: + description: |- + Defines how target utilization value is expressed for a + Stackdriver Monitoring metric. Possible values: ["GAUGE", "DELTA_PER_SECOND", "DELTA_PER_MINUTE"]. + type: string + required: + - name + type: object + type: array + minReplicas: + description: |- + The minimum number of replicas that the autoscaler can scale down + to. This cannot be less than 0. If not provided, autoscaler will + choose a default value depending on maximum number of instances + allowed. + type: integer + mode: + description: Defines operating mode for this policy. + type: string + scaleDownControl: + description: |- + Defines scale down controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledDownReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scaleInControl: + description: |- + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledInReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scalingSchedules: + description: Scaling schedules defined for an autoscaler. Multiple + schedules can be set on an autoscaler and they can overlap. + items: + properties: + description: + description: A description of a scaling schedule. + type: string + disabled: + description: A boolean value that specifies if a scaling + schedule can influence autoscaler recommendations. If + set to true, then a scaling schedule has no effect. + type: boolean + durationSec: + description: The duration of time intervals (in seconds) + for which this scaling schedule will be running. The minimum + allowed value is 300. + type: integer + minRequiredReplicas: + description: Minimum number of VM instances that autoscaler + will recommend in time intervals starting according to + schedule. + type: integer + name: + type: string + schedule: + description: The start timestamps of time intervals when + this scaling schedule should provide a scaling signal. + This field uses the extended cron format (with an optional + year field). + type: string + timeZone: + description: 'The time zone to be used when interpreting + the schedule. The value of this field must be a time zone + name from the tz database: http://en.wikipedia.org/wiki/Tz_database.' + type: string + required: + - durationSec + - minRequiredReplicas + - name + - schedule + type: object + type: array + required: + - maxReplicas + - minReplicas + type: object + description: + description: An optional description of this resource. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. URL of the region where the instance group + resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + target: + description: URL of the managed instance group that this autoscaler + will scale. + type: string + required: + - autoscalingPolicy + - projectRef + - region + - target + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregiondiskresourcepolicyattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionDiskResourcePolicyAttachment + plural: computeregiondiskresourcepolicyattachments + shortNames: + - gcpcomputeregiondiskresourcepolicyattachment + - gcpcomputeregiondiskresourcepolicyattachments + singular: computeregiondiskresourcepolicyattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + diskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. A reference to the region where the disk resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - diskRef + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregionnetworkendpointgroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionNetworkEndpointGroup + plural: computeregionnetworkendpointgroups + shortNames: + - gcpcomputeregionnetworkendpointgroup + - gcpcomputeregionnetworkendpointgroups + singular: computeregionnetworkendpointgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cloudFunction: + description: |- + Immutable. Only valid when networkEndpointType is "SERVERLESS". + Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. + properties: + functionRef: + description: |- + Immutable. A user-defined name of the Cloud Function. + The function name is case-sensitive and must be 1-63 characters long. + Example value: "func1". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudFunctionsFunction` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + urlMask: + description: |- + Immutable. A template to parse function field from a request URL. URL mask allows + for routing to multiple Cloud Functions without having to create + multiple Network Endpoint Groups and backend services. + + For example, request URLs "mydomain.com/function1" and "mydomain.com/function2" + can be backed by the same Serverless NEG with URL mask "/". The URL mask + will parse them to { function = "function1" } and { function = "function2" } respectively. + type: string + type: object + cloudRun: + description: |- + Immutable. Only valid when networkEndpointType is "SERVERLESS". + Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. + properties: + serviceRef: + description: |- + Immutable. Cloud Run service is the main resource of Cloud Run. + The service must be 1-63 characters long, and comply with RFC1035. + Example value: "run-service". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `RunService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tag: + description: |- + Immutable. Cloud Run tag represents the "named-revision" to provide + additional fine-grained traffic routing information. + The tag must be 1-63 characters long, and comply with RFC1035. + Example value: "revision-0010". + type: string + urlMask: + description: |- + Immutable. A template to parse service and tag fields from a request URL. + URL mask allows for routing to multiple Run services without having + to create multiple network endpoint groups and backend services. + + For example, request URLs "foo1.domain.com/bar1" and "foo1.domain.com/bar2" + an be backed by the same Serverless Network Endpoint Group (NEG) with + URL mask ".domain.com/". The URL mask will parse them to { service="bar1", tag="foo1" } + and { service="bar2", tag="foo2" } respectively. + type: string + type: object + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + networkEndpointType: + description: 'Immutable. Type of network endpoints in this network + endpoint group. Defaults to SERVERLESS Default value: "SERVERLESS" + Possible values: ["SERVERLESS", "PRIVATE_SERVICE_CONNECT"].' + type: string + networkRef: + description: |- + Immutable. This field is only used for PSC. + The URL of the network to which all network endpoints in the NEG belong. Uses + "default" project network if unspecified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + pscTargetService: + description: |- + Immutable. The target service url used to set up private service connection to + a Google API or a PSC Producer Service Attachment. + type: string + region: + description: Immutable. A reference to the region where the Serverless + NEGs Reside. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnetworkRef: + description: |- + Immutable. This field is only used for PSC. + Optional URL of the subnetwork to which all network endpoints in the NEG belong. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregionperinstanceconfigs.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionPerInstanceConfig + plural: computeregionperinstanceconfigs + shortNames: + - gcpcomputeregionperinstanceconfig + - gcpcomputeregionperinstanceconfigs + singular: computeregionperinstanceconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + minimalAction: + description: |- + The minimal action to perform on the instance during an update. + Default is 'NONE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + mostDisruptiveAllowedAction: + description: |- + The most disruptive action to perform on the instance during an update. + Default is 'REPLACE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + preservedState: + description: The preserved state for this instance. + properties: + disk: + description: Stateful disks for the instance. + items: + properties: + deleteRule: + description: |- + A value that prescribes what should happen to the stateful disk when the VM instance is deleted. + The available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'. + 'NEVER' - detach the disk when the VM is deleted, but do not delete the disk. + 'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently + deleted from the instance group. Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"]. + type: string + deviceName: + description: A unique device name that is reflected into + the /dev/ tree of a Linux operating system running within + the instance. + type: string + mode: + description: 'The mode of the disk. Default value: "READ_WRITE" + Possible values: ["READ_ONLY", "READ_WRITE"].' + type: string + source: + description: |- + The URI of an existing persistent disk to attach under the specified device-name in the format + 'projects/project-id/zones/zone/disks/disk-name'. + type: string + required: + - deviceName + - source + type: object + type: array + externalIp: + description: Preserved external IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + internalIp: + description: Preserved internal IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + metadata: + additionalProperties: + type: string + description: Preserved metadata defined for this instance. This + is a list of key->value pairs. + type: object + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. Region where the containing instance group + manager is located. + type: string + regionInstanceGroupManagerRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRegionInstanceGroupManager` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + removeInstanceStateOnDestroy: + description: |- + When true, deleting this config will immediately remove any specified state from the underlying instance. + When false, deleting this config will *not* immediately remove any state from the underlying instance. + State will be removed on the next instance recreation or update. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + - region + - regionInstanceGroupManagerRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregionsslpolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionSSLPolicy + plural: computeregionsslpolicies + shortNames: + - gcpcomputeregionsslpolicy + - gcpcomputeregionsslpolicies + singular: computeregionsslpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + customFeatures: + description: |- + A list of features enabled when the selected profile is CUSTOM. The + method returns the set of features that can be specified in this + list. This field must be empty if the profile is not CUSTOM. + + See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) + for which ciphers are available to use. **Note**: this argument + *must* be present when using the 'CUSTOM' profile. This argument + *must not* be present when using any other profile. + items: + type: string + type: array + description: + description: Immutable. An optional description of this resource. + type: string + minTlsVersion: + description: |- + The minimum version of SSL protocol that can be used by the clients + to establish a connection with the load balancer. Default value: "TLS_1_0" Possible values: ["TLS_1_0", "TLS_1_1", "TLS_1_2"]. + type: string + profile: + description: |- + Profile specifies the set of SSL features that can be used by the + load balancer when negotiating SSL with clients. If using 'CUSTOM', + the set of SSL features to enable must be specified in the + 'customFeatures' field. + + See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) + for information on what cipher suites each profile provides. If + 'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: "COMPATIBLE" Possible values: ["COMPATIBLE", "MODERN", "RESTRICTED", "CUSTOM"]. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region where the regional SSL policy resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + enabledFeatures: + description: The list of features enabled in the SSL policy. + items: + type: string + type: array + fingerprint: + description: |- + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computereservations.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeReservation + plural: computereservations + shortNames: + - gcpcomputereservation + - gcpcomputereservations + singular: computereservation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + specificReservation: + description: Reservation for instances with specific machine shapes. + properties: + count: + description: The number of resources that are allocated. + type: integer + inUseCount: + description: How many instances are in use. + type: integer + instanceProperties: + description: Immutable. The instance properties for the reservation. + properties: + guestAccelerators: + description: Immutable. Guest accelerator type and count. + items: + properties: + acceleratorCount: + description: |- + Immutable. The number of the guest accelerator cards exposed to + this instance. + type: integer + acceleratorType: + description: |- + Immutable. The full or partial URL of the accelerator type to + attach to this instance. For example: + 'projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100' + + If you are creating an instance template, specify only the accelerator name. + type: string + required: + - acceleratorCount + - acceleratorType + type: object + type: array + localSsds: + description: |- + Immutable. The amount of local ssd to reserve with each instance. This + reserves disks of type 'local-ssd'. + items: + properties: + diskSizeGb: + description: Immutable. The size of the disk in base-2 + GB. + type: integer + interface: + description: 'Immutable. The disk interface to use for + attaching this disk. Default value: "SCSI" Possible + values: ["SCSI", "NVME"].' + type: string + required: + - diskSizeGb + type: object + type: array + machineType: + description: Immutable. The name of the machine type to reserve. + type: string + minCpuPlatform: + description: |- + Immutable. The minimum CPU platform for the reservation. For example, + '"Intel Skylake"'. See + the CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones) + for information on available CPU platforms. + type: string + required: + - machineType + type: object + required: + - count + - instanceProperties + type: object + specificReservationRequired: + description: |- + Immutable. When set to true, only VMs that target this reservation by name can + consume this reservation. Otherwise, it can be consumed by VMs with + affinity for any reservation. Defaults to false. + type: boolean + zone: + description: Immutable. The zone where the reservation is made. + type: string + required: + - specificReservation + - zone + type: object + status: + properties: + commitment: + description: |- + Full or partial URL to a parent commitment. This field displays for + reservations that are tied to a commitment. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + status: + description: The status of the reservation. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeresourcepolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeResourcePolicy + plural: computeresourcepolicies + shortNames: + - gcpcomputeresourcepolicy + - gcpcomputeresourcepolicies + singular: computeresourcepolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + Provide this property when you create the resource. + type: string + diskConsistencyGroupPolicy: + description: Immutable. Replication consistency group for asynchronous + disk replication. + properties: + enabled: + description: Immutable. Enable disk consistency on the resource + policy. + type: boolean + required: + - enabled + type: object + groupPlacementPolicy: + description: Immutable. Resource policy for instances used for placement + configuration. + properties: + availabilityDomainCount: + description: |- + Immutable. The number of availability domains instances will be spread across. If two instances are in different + availability domain, they will not be put in the same low latency network. + type: integer + collocation: + description: |- + Immutable. Collocation specifies whether to place VMs inside the same availability domain on the same low-latency network. + Specify 'COLLOCATED' to enable collocation. Can only be specified with 'vm_count'. If compute instances are created + with a COLLOCATED policy, then exactly 'vm_count' instances must be created at the same time with the resource policy + attached. Possible values: ["COLLOCATED"]. + type: string + maxDistance: + description: Immutable. Specifies the number of max logical switches. + type: integer + vmCount: + description: |- + Immutable. Number of VMs in this placement group. Google does not recommend that you use this field + unless you use a compact policy and you want your policy to work only if it contains this + exact number of VMs. + type: integer + type: object + instanceSchedulePolicy: + description: Immutable. Resource policy for scheduling instance operations. + properties: + expirationTime: + description: Immutable. The expiration time of the schedule. The + timestamp is an RFC3339 string. + type: string + startTime: + description: Immutable. The start time of the schedule. The timestamp + is an RFC3339 string. + type: string + timeZone: + description: |- + Immutable. Specifies the time zone to be used in interpreting the schedule. The value of this field must be a time zone name + from the tz database: http://en.wikipedia.org/wiki/Tz_database. + type: string + vmStartSchedule: + description: Immutable. Specifies the schedule for starting instances. + properties: + schedule: + description: Immutable. Specifies the frequency for the operation, + using the unix-cron format. + type: string + required: + - schedule + type: object + vmStopSchedule: + description: Immutable. Specifies the schedule for stopping instances. + properties: + schedule: + description: Immutable. Specifies the frequency for the operation, + using the unix-cron format. + type: string + required: + - schedule + type: object + required: + - timeZone + type: object + region: + description: Immutable. Region where resource policy resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + snapshotSchedulePolicy: + description: Immutable. Policy for creating snapshots of persistent + disks. + properties: + retentionPolicy: + description: Immutable. Retention policy applied to snapshots + created by this resource policy. + properties: + maxRetentionDays: + description: Immutable. Maximum age of the snapshot that is + allowed to be kept. + type: integer + onSourceDiskDelete: + description: |- + Immutable. Specifies the behavior to apply to scheduled snapshots when + the source disk is deleted. Default value: "KEEP_AUTO_SNAPSHOTS" Possible values: ["KEEP_AUTO_SNAPSHOTS", "APPLY_RETENTION_POLICY"]. + type: string + required: + - maxRetentionDays + type: object + schedule: + description: Immutable. Contains one of an 'hourlySchedule', 'dailySchedule', + or 'weeklySchedule'. + properties: + dailySchedule: + description: Immutable. The policy will execute every nth + day at the specified time. + properties: + daysInCycle: + description: Immutable. Defines a schedule with units + measured in days. The value determines how many days + pass between the start of each cycle. Days in cycle + for snapshot schedule policy must be 1. + type: integer + startTime: + description: |- + Immutable. This must be in UTC format that resolves to one of + 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, + both 13:00-5 and 08:00 are valid. + type: string + required: + - daysInCycle + - startTime + type: object + hourlySchedule: + description: Immutable. The policy will execute every nth + hour starting at the specified time. + properties: + hoursInCycle: + description: Immutable. The number of hours between snapshots. + type: integer + startTime: + description: |- + Immutable. Time within the window to start the operations. + It must be in an hourly format "HH:MM", + where HH : [00-23] and MM : [00] GMT. + eg: 21:00. + type: string + required: + - hoursInCycle + - startTime + type: object + weeklySchedule: + description: Immutable. Allows specifying a snapshot time + for each day of the week. + properties: + dayOfWeeks: + description: Immutable. May contain up to seven (one for + each day of the week) snapshot times. + items: + properties: + day: + description: 'Immutable. The day of the week to + create the snapshot. e.g. MONDAY Possible values: + ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", + "FRIDAY", "SATURDAY", "SUNDAY"].' + type: string + startTime: + description: |- + Immutable. Time within the window to start the operations. + It must be in format "HH:MM", where HH : [00-23] and MM : [00-00] GMT. + type: string + required: + - day + - startTime + type: object + type: array + required: + - dayOfWeeks + type: object + type: object + snapshotProperties: + description: Immutable. Properties with which the snapshots are + created, such as labels. + properties: + chainName: + description: |- + Immutable. Creates the new snapshot in the snapshot chain labeled with the + specified name. The chain name must be 1-63 characters long and comply + with RFC1035. + type: string + guestFlush: + description: Immutable. Whether to perform a 'guest aware' + snapshot. + type: boolean + labels: + additionalProperties: + type: string + description: Immutable. A set of key-value pairs. + type: object + storageLocations: + description: |- + Immutable. Cloud Storage bucket location to store the auto snapshot + (regional or multi-regional). + items: + type: string + type: array + type: object + required: + - schedule + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouterinterfaces.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterInterface + plural: computerouterinterfaces + shortNames: + - gcpcomputerouterinterface + - gcpcomputerouterinterfaces + singular: computerouterinterface + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + interconnectAttachmentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInterconnectAttachment` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipRange: + description: Immutable. The IP address and range of the interface. + The IP range must be in the RFC3927 link-local IP space. Changing + this forces a new interface to be created. + type: string + privateIpAddressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + redundantInterfaceRef: + description: The interface the BGP peer is associated with. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouterInterface` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region this interface's router sits in. + If not specified, the project region will be used. Changing this + forces a new interface to be created. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + vpnTunnelRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + - routerRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouternats.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterNAT + plural: computerouternats + shortNames: + - gcpcomputerouternat + - gcpcomputerouternats + singular: computerouternat + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + drainNatIps: + items: + description: |- + A list of IP resources to be drained. These IPs must be valid + static external IPs that have been assigned to the NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + enableDynamicPortAllocation: + description: |- + Enable Dynamic Port Allocation. + If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. + If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. + If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. + If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. + + Mutually exclusive with enableEndpointIndependentMapping. + type: boolean + enableEndpointIndependentMapping: + description: |- + Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information + see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs). + type: boolean + icmpIdleTimeoutSec: + description: Timeout (in seconds) for ICMP connections. Defaults to + 30s if not set. + type: integer + logConfig: + description: Configuration for logging on NAT. + properties: + enable: + description: Indicates whether or not to export logs. + type: boolean + filter: + description: 'Specifies the desired filtering of logs on this + NAT. Possible values: ["ERRORS_ONLY", "TRANSLATIONS_ONLY", "ALL"].' + type: string + required: + - enable + - filter + type: object + maxPortsPerVm: + description: |- + Maximum number of ports allocated to a VM from this NAT. + This field can only be set when enableDynamicPortAllocation is enabled. + type: integer + minPortsPerVm: + description: Minimum number of ports allocated to a VM from this NAT. + type: integer + natIpAllocateOption: + description: |- + How external IPs should be allocated for this NAT. Valid values are + 'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud + Platform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: ["MANUAL_ONLY", "AUTO_ONLY"]. + type: string + natIps: + items: + description: NAT IPs. Only valid if natIpAllocateOption is set to + MANUAL_ONLY. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + region: + description: Immutable. Region where the router and NAT reside. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + description: The Cloud Router in which this NAT will be configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rules: + description: A list of rules associated with this NAT. + items: + properties: + action: + description: The action to be enforced for traffic that matches + this rule. + properties: + sourceNatActiveIpsRefs: + items: + description: |- + A list of URLs of the IP resources used for this NAT rule. These IP + addresses must be valid static external IP addresses assigned to the + project. This field is used for public NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceNatDrainIpsRefs: + items: + description: |- + A list of URLs of the IP resources to be drained. These IPs must be + valid static external IPs that have been assigned to the NAT. These + IPs should be used for updating/patching a NAT rule only. This field + is used for public NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + description: + description: An optional description of this rule. + type: string + match: + description: |- + CEL expression that specifies the match condition that egress traffic from a VM is evaluated against. + If it evaluates to true, the corresponding action is enforced. + + The following examples are valid match expressions for public NAT: + + "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')" + + "destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'" + + The following example is a valid match expression for private NAT: + + "nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'". + type: string + ruleNumber: + description: |- + An integer uniquely identifying a rule in the list. + The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT. + type: integer + required: + - match + - ruleNumber + type: object + type: array + sourceSubnetworkIpRangesToNat: + description: |- + How NAT should be configured per Subnetwork. + If 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the + IP ranges in every Subnetwork are allowed to Nat. + If 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP + ranges in every Subnetwork are allowed to Nat. + 'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat + (specified in the field subnetwork below). Note that if this field + contains ALL_SUBNETWORKS_ALL_IP_RANGES or + ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any + other RouterNat section in any Router for this network in this region. Possible values: ["ALL_SUBNETWORKS_ALL_IP_RANGES", "ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES", "LIST_OF_SUBNETWORKS"]. + type: string + subnetwork: + description: |- + One or more subnetwork NAT configurations. Only used if + 'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'. + items: + properties: + secondaryIpRangeNames: + description: |- + List of the secondary ranges of the subnetwork that are allowed + to use NAT. This can be populated only if + 'LIST_OF_SECONDARY_IP_RANGES' is one of the values in + sourceIpRangesToNat. + items: + type: string + type: array + sourceIpRangesToNat: + description: |- + List of options for which source IPs in the subnetwork + should have NAT enabled. Supported values include: + 'ALL_IP_RANGES', 'LIST_OF_SECONDARY_IP_RANGES', + 'PRIMARY_IP_RANGE'. + items: + type: string + type: array + subnetworkRef: + description: The subnetwork to NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - sourceIpRangesToNat + - subnetworkRef + type: object + type: array + tcpEstablishedIdleTimeoutSec: + description: |- + Timeout (in seconds) for TCP established connections. + Defaults to 1200s if not set. + type: integer + tcpTimeWaitTimeoutSec: + description: |- + Timeout (in seconds) for TCP connections that are in TIME_WAIT state. + Defaults to 120s if not set. + type: integer + tcpTransitoryIdleTimeoutSec: + description: |- + Timeout (in seconds) for TCP transitory connections. + Defaults to 30s if not set. + type: integer + udpIdleTimeoutSec: + description: Timeout (in seconds) for UDP connections. Defaults to + 30s if not set. + type: integer + required: + - natIpAllocateOption + - region + - routerRef + - sourceSubnetworkIpRangesToNat + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouterpeers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterPeer + plural: computerouterpeers + shortNames: + - gcpcomputerouterpeer + - gcpcomputerouterpeers + singular: computerouterpeer + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + advertiseMode: + description: |- + User-specified flag to indicate which mode to use for advertisement. + Valid values of this enum field are: 'DEFAULT', 'CUSTOM' Default value: "DEFAULT" Possible values: ["DEFAULT", "CUSTOM"]. + type: string + advertisedGroups: + description: |- + User-specified list of prefix groups to advertise in custom + mode, which currently supports the following option: + + * 'ALL_SUBNETS': Advertises all of the router's own VPC subnets. + This excludes any routes learned for subnets that use VPC Network + Peering. + + + Note that this field can only be populated if advertiseMode is 'CUSTOM' + and overrides the list defined for the router (in the "bgp" message). + These groups are advertised in addition to any specified prefixes. + Leave this field blank to advertise no custom groups. + items: + type: string + type: array + advertisedIpRanges: + description: |- + User-specified list of individual IP ranges to advertise in + custom mode. This field can only be populated if advertiseMode + is 'CUSTOM' and is advertised to all peers of the router. These IP + ranges will be advertised in addition to any specified groups. + Leave this field blank to advertise no custom IP ranges. + items: + properties: + description: + description: User-specified description for the IP range. + type: string + range: + description: |- + The IP range to advertise. The value must be a + CIDR-formatted string. + type: string + required: + - range + type: object + type: array + advertisedRoutePriority: + description: |- + The priority of routes advertised to this BGP peer. + Where there is more than one matching route of maximum + length, the routes with the lowest priority value win. + type: integer + bfd: + description: BFD configuration for the BGP peering. + properties: + minReceiveInterval: + description: |- + The minimum interval, in milliseconds, between BFD control packets + received from the peer router. The actual value is negotiated + between the two routers and is equal to the greater of this value + and the transmit interval of the other router. If set, this value + must be between 1000 and 30000. + type: integer + minTransmitInterval: + description: |- + The minimum interval, in milliseconds, between BFD control packets + transmitted to the peer router. The actual value is negotiated + between the two routers and is equal to the greater of this value + and the corresponding receive interval of the other router. If set, + this value must be between 1000 and 30000. + type: integer + multiplier: + description: |- + The number of consecutive BFD packets that must be missed before + BFD declares that a peer is unavailable. If set, the value must + be a value between 5 and 16. + type: integer + sessionInitializationMode: + description: |- + The BFD session initialization mode for this BGP peer. + If set to 'ACTIVE', the Cloud Router will initiate the BFD session + for this BGP peer. If set to 'PASSIVE', the Cloud Router will wait + for the peer router to initiate the BFD session for this BGP peer. + If set to 'DISABLED', BFD is disabled for this BGP peer. Possible values: ["ACTIVE", "DISABLED", "PASSIVE"]. + type: string + required: + - sessionInitializationMode + type: object + enable: + description: |- + The status of the BGP peer connection. If set to false, any active session + with the peer is terminated and all associated routing information is removed. + If set to true, the peer connection can be established with routing information. + The default is true. + type: boolean + enableIpv6: + description: Enable IPv6 traffic over BGP Peer. If not specified, + it is disabled by default. + type: boolean + ipAddress: + description: |- + IP address of the interface inside Google Cloud Platform. + Only IPv4 is supported. + properties: + external: + type: string + type: object + ipv6NexthopAddress: + description: |- + IPv6 address of the interface inside Google Cloud Platform. + The address must be in the range 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64. + If you do not specify the next hop addresses, Google Cloud automatically + assigns unused addresses from the 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64 range for you. + type: string + peerAsn: + description: |- + Peer BGP Autonomous System Number (ASN). + Each BGP interface may use a different value. + type: integer + peerIpAddress: + description: |- + IP address of the BGP interface outside Google Cloud Platform. + Only IPv4 is supported. Required if 'ip_address' is set. + type: string + peerIpv6NexthopAddress: + description: |- + IPv6 address of the BGP interface outside Google Cloud Platform. + The address must be in the range 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64. + If you do not specify the next hop addresses, Google Cloud automatically + assigns unused addresses from the 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64 range for you. + type: string + region: + description: |- + Immutable. Region where the router and BgpPeer reside. + If it is not provided, the provider region is used. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerApplianceInstanceRef: + description: |- + The URI of the VM instance that is used as third-party router + appliances such as Next Gen Firewalls, Virtual Routers, or Router + Appliances. The VM instance must be located in zones contained in + the same region as this Cloud Router. The VM instance is the peer + side of the BGP session. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + routerInterfaceRef: + description: The interface the BGP peer is associated with. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouterInterface` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + routerRef: + description: The Cloud Router in which this BGP peer will be configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - peerAsn + - region + - routerInterfaceRef + - routerRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + managementType: + description: |- + The resource that configures and manages this BGP peer. + + * 'MANAGED_BY_USER' is the default value and can be managed by + you or other users + * 'MANAGED_BY_ATTACHMENT' is a BGP peer that is configured and + managed by Cloud Interconnect, specifically by an + InterconnectAttachment of type PARTNER. Google automatically + creates, updates, and deletes this type of BGP peer when the + PARTNER InterconnectAttachment is created, updated, + or deleted. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouters.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouter + plural: computerouters + shortNames: + - gcpcomputerouter + - gcpcomputerouters + singular: computerouter + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bgp: + description: BGP information specific to this router. + properties: + advertiseMode: + description: 'User-specified flag to indicate which mode to use + for advertisement. Default value: "DEFAULT" Possible values: + ["DEFAULT", "CUSTOM"].' + type: string + advertisedGroups: + description: |- + User-specified list of prefix groups to advertise in custom mode. + This field can only be populated if advertiseMode is CUSTOM and + is advertised to all peers of the router. These groups will be + advertised in addition to any specified prefixes. Leave this field + blank to advertise no custom groups. + + This enum field has the one valid value: ALL_SUBNETS. + items: + type: string + type: array + advertisedIpRanges: + description: |- + User-specified list of individual IP ranges to advertise in + custom mode. This field can only be populated if advertiseMode + is CUSTOM and is advertised to all peers of the router. These IP + ranges will be advertised in addition to any specified groups. + Leave this field blank to advertise no custom IP ranges. + items: + properties: + description: + description: User-specified description for the IP range. + type: string + range: + description: |- + The IP range to advertise. The value must be a + CIDR-formatted string. + type: string + required: + - range + type: object + type: array + asn: + description: |- + Local BGP Autonomous System Number (ASN). Must be an RFC6996 + private ASN, either 16-bit or 32-bit. The value will be fixed for + this router resource. All VPN tunnels that link to this router + will have the same local ASN. + type: integer + keepaliveInterval: + description: |- + The interval in seconds between BGP keepalive messages that are sent + to the peer. Hold time is three times the interval at which keepalive + messages are sent, and the hold time is the maximum number of seconds + allowed to elapse between successive keepalive messages that BGP + receives from a peer. + + BGP will use the smaller of either the local hold time value or the + peer's hold time value as the hold time for the BGP connection + between the two peers. If set, this value must be between 20 and 60. + The default is 20. + type: integer + required: + - asn + type: object + description: + description: An optional description of this resource. + type: string + encryptedInterconnectRouter: + description: |- + Immutable. Indicates if a router is dedicated for use with encrypted VLAN + attachments (interconnectAttachments). + type: boolean + networkRef: + description: A reference to the network to which this router belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. Region where the router resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeroutes.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRoute + plural: computeroutes + shortNames: + - gcpcomputeroute + - gcpcomputeroutes + singular: computeroute + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Immutable. An optional description of this resource. Provide this property + when you create the resource. + type: string + destRange: + description: |- + Immutable. The destination range of outgoing packets that this route applies to. + Only IPv4 is supported. + type: string + networkRef: + description: The network that this route applies to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopGateway: + description: |- + Immutable. URL to a gateway that should handle matching packets. + Currently, you can only specify the internet gateway, using a full or + partial valid URL: + * 'https://www.googleapis.com/compute/v1/projects/project/global/gateways/default-internet-gateway' + * 'projects/project/global/gateways/default-internet-gateway' + * 'global/gateways/default-internet-gateway' + * The string 'default-internet-gateway'. + type: string + nextHopILBRef: + description: |- + A forwarding rule of type loadBalancingScheme=INTERNAL that should + handle matching packets. Note that this can only be used when the + destinationRange is a public (non-RFC 1918) IP CIDR range. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeForwardingRule` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopInstanceRef: + description: Instance that should handle matching packets. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopIp: + description: Immutable. Network IP address of an instance that should + handle matching packets. + type: string + nextHopVPNTunnelRef: + description: The ComputeVPNTunnel that should handle matching packets + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + priority: + description: |- + Immutable. The priority of this route. Priority is used to break ties in cases + where there is more than one matching route of equal prefix length. + + In the case of two routes with equal prefix length, the one with the + lowest-numbered priority value wins. + + Default value is 1000. Valid range is 0 through 65535. + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tags: + description: Immutable. A list of instance tags to which this route + applies. + items: + type: string + type: array + required: + - destRange + - networkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + nextHopNetwork: + description: URL to a Network that should handle matching packets. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesecuritypolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSecurityPolicy + plural: computesecuritypolicies + shortNames: + - gcpcomputesecuritypolicy + - gcpcomputesecuritypolicies + singular: computesecuritypolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + adaptiveProtectionConfig: + description: Adaptive Protection Config of this security policy. + properties: + autoDeployConfig: + description: Auto Deploy Config of this security policy. + properties: + confidenceThreshold: + description: Rules are only automatically deployed for alerts + on potential attacks with confidence scores greater than + this threshold. + type: number + expirationSec: + description: Google Cloud Armor stops applying the action + in the automatically deployed rule to an identified attacker + after this duration. The rule continues to operate against + new requests. + type: integer + impactedBaselineThreshold: + description: Rules are only automatically deployed when the + estimated impact to baseline traffic from the suggested + mitigation is below this threshold. + type: number + loadThreshold: + description: Identifies new attackers only when the load to + the backend service that is under attack exceeds this threshold. + type: number + type: object + layer7DdosDefenseConfig: + description: Layer 7 DDoS Defense Config of this security policy. + properties: + enable: + description: If set to true, enables CAAP for L7 DDoS detection. + type: boolean + ruleVisibility: + description: 'Rule visibility. Supported values include: "STANDARD", + "PREMIUM".' + type: string + type: object + type: object + advancedOptionsConfig: + description: Advanced Options Config of this security policy. + properties: + jsonCustomConfig: + description: Custom configuration to apply the JSON parsing. Only + applicable when JSON parsing is set to STANDARD. + properties: + contentTypes: + description: A list of custom Content-Type header values to + apply the JSON parsing. + items: + type: string + type: array + required: + - contentTypes + type: object + jsonParsing: + description: 'JSON body parsing. Supported values include: "DISABLED", + "STANDARD".' + type: string + logLevel: + description: 'Logging level. Supported values include: "NORMAL", + "VERBOSE".' + type: string + userIpRequestHeaders: + description: An optional list of case-insensitive request header + names to use for resolving the callers client IP address. + items: + type: string + type: array + type: object + description: + description: An optional description of this security policy. Max + size is 2048. + type: string + recaptchaOptionsConfig: + description: reCAPTCHA configuration options to be applied for the + security policy. + properties: + redirectSiteKeyRef: + description: |- + A field to supply a reCAPTCHA site key to be used for all the rules + using the redirect action with the type of GOOGLE_RECAPTCHA under + the security policy. The specified site key needs to be created from + the reCAPTCHA API. The user is responsible for the validity of the + specified site key. If not specified, a Google-managed site key is + used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `RecaptchaEnterpriseKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - redirectSiteKeyRef + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rule: + description: The set of rules that belong to this policy. There must + always be a default rule (rule with priority 2147483647 and match + "*"). If no rules are provided when creating a security policy, + a default rule with action "allow" will be added. + items: + properties: + action: + description: Action to take when match matches the request. + type: string + description: + description: An optional description of this rule. Max size + is 64. + type: string + headerAction: + description: Additional actions that are performed on headers. + properties: + requestHeadersToAdds: + description: The list of request headers to add or overwrite + if they're already present. + items: + properties: + headerName: + description: The name of the header to set. + type: string + headerValue: + description: The value to set the named header to. + type: string + required: + - headerName + type: object + type: array + required: + - requestHeadersToAdds + type: object + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding action + is enforced. + properties: + config: + description: The configuration options available when specifying + versioned_expr. This field must be specified if versioned_expr + is specified and cannot be specified if versioned_expr + is not specified. + properties: + srcIpRanges: + description: Set of IP addresses or ranges (IPV4 or + IPV6) in CIDR notation to match against inbound traffic. + There is a limit of 10 IP ranges per rule. A value + of '*' matches all IPs (can be used to override the + default behavior). + items: + type: string + type: array + required: + - srcIpRanges + type: object + expr: + description: User defined CEVAL expression. A CEVAL expression + is used to specify match criteria such as origin.ip, source.region_code + and contents in the request header. + properties: + expression: + description: Textual representation of an expression + in Common Expression Language syntax. The application + context of the containing message determines which + well-known feature set of CEL is supported. + type: string + required: + - expression + type: object + versionedExpr: + description: 'Predefined rule expression. If this field + is specified, config must also be specified. Available + options: SRC_IPS_V1: Must specify the corresponding + src_ip_ranges field in config.' + type: string + type: object + preconfiguredWafConfig: + description: Preconfigured WAF configuration to be applied for + the rule. If the rule does not evaluate preconfigured WAF + rules, i.e., if evaluatePreconfiguredWaf() is not used, this + field will have no effect. + properties: + exclusion: + description: An exclusion to apply during preconfigured + WAF evaluation. + items: + properties: + requestCookie: + description: Request cookie whose value will be excluded + from inspection during preconfigured WAF evaluation. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestHeader: + description: Request header whose value will be excluded + from inspection during preconfigured WAF evaluation. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestQueryParam: + description: Request query parameter whose value will + be excluded from inspection during preconfigured + WAF evaluation. Note that the parameter can be + in the query string or in the POST body. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestUri: + description: Request URI from the request line to + be excluded from inspection during preconfigured + WAF evaluation. When specifying this field, the + query or fragment part should be excluded. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + targetRuleIds: + description: A list of target rule IDs under the WAF + rule set to apply the preconfigured WAF exclusion. + If omitted, it refers to all the rule IDs under + the WAF rule set. + items: + type: string + type: array + targetRuleSet: + description: Target WAF rule set to apply the preconfigured + WAF exclusion. + type: string + required: + - targetRuleSet + type: object + type: array + type: object + preview: + description: When set to true, the action specified above is + not enforced. Stackdriver logs for requests that trigger a + preview action are annotated as such. + type: boolean + priority: + description: An unique positive integer indicating the priority + of evaluation for a rule. Rules are evaluated from highest + priority (lowest numerically) to lowest priority (highest + numerically) in order. + type: integer + rateLimitOptions: + description: Rate limit threshold for this security policy. + Must be specified if the action is "rate_based_ban" or "throttle". + Cannot be specified for any other actions. + properties: + banDurationSec: + description: Can only be specified if the action for the + rule is "rate_based_ban". If specified, determines the + time (in seconds) the traffic will continue to be banned + by the rate limit after the rate falls below the threshold. + type: integer + banThreshold: + description: Can only be specified if the action for the + rule is "rate_based_ban". If specified, the key will be + banned for the configured 'banDurationSec' when the number + of requests that exceed the 'rateLimitThreshold' also + exceed this 'banThreshold'. + properties: + count: + description: Number of HTTP(S) requests for calculating + the threshold. + type: integer + intervalSec: + description: Interval over which the threshold is computed. + type: integer + required: + - count + - intervalSec + type: object + conformAction: + description: Action to take for requests that are under + the configured rate limit threshold. Valid option is "allow" + only. + type: string + enforceOnKey: + description: Determines the key to enforce the rateLimitThreshold + on. + type: string + enforceOnKeyConfigs: + description: Enforce On Key Config of this security policy. + items: + properties: + enforceOnKeyName: + description: 'Rate limit key name applicable only + for the following key types: HTTP_HEADER -- Name + of the HTTP header whose value is taken as the key + value. HTTP_COOKIE -- Name of the HTTP cookie whose + value is taken as the key value.' + type: string + enforceOnKeyType: + description: Determines the key to enforce the rate_limit_threshold + on. + type: string + type: object + type: array + enforceOnKeyName: + description: 'Rate limit key name applicable only for the + following key types: HTTP_HEADER -- Name of the HTTP header + whose value is taken as the key value. HTTP_COOKIE -- + Name of the HTTP cookie whose value is taken as the key + value.' + type: string + exceedAction: + description: Action to take for requests that are above + the configured rate limit threshold, to either deny with + a specified HTTP response code, or redirect to a different + endpoint. Valid options are "deny()" where valid values + for status are 403, 404, 429, and 502, and "redirect" + where the redirect parameters come from exceedRedirectOptions + below. + type: string + exceedRedirectOptions: + description: Parameters defining the redirect action that + is used as the exceed action. Cannot be specified if the + exceed action is not redirect. + properties: + target: + description: Target for the redirect action. This is + required if the type is EXTERNAL_302 and cannot be + specified for GOOGLE_RECAPTCHA. + type: string + type: + description: Type of the redirect action. + type: string + required: + - type + type: object + rateLimitThreshold: + description: Threshold at which to begin ratelimiting. + properties: + count: + description: Number of HTTP(S) requests for calculating + the threshold. + type: integer + intervalSec: + description: Interval over which the threshold is computed. + type: integer + required: + - count + - intervalSec + type: object + required: + - conformAction + - exceedAction + - rateLimitThreshold + type: object + redirectOptions: + description: Parameters defining the redirect action. Cannot + be specified for any other actions. + properties: + target: + description: Target for the redirect action. This is required + if the type is EXTERNAL_302 and cannot be specified for + GOOGLE_RECAPTCHA. + type: string + type: + description: 'Type of the redirect action. Available options: + EXTERNAL_302: Must specify the corresponding target field + in config. GOOGLE_RECAPTCHA: Cannot specify target field + in config.' + type: string + required: + - type + type: object + required: + - action + - match + - priority + type: object + type: array + type: + description: The type indicates the intended use of the security policy. + CLOUD_ARMOR - Cloud Armor backend security policies can be configured + to filter incoming HTTP requests targeting backend services. They + filter requests before they hit the origin servers. CLOUD_ARMOR_EDGE + - Cloud Armor edge security policies can be configured to filter + incoming HTTP requests targeting backend services (including Cloud + CDN-enabled) as well as backend buckets (Cloud Storage). They filter + requests before the request is served from Google's cache. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + fingerprint: + description: Fingerprint of this resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computeserviceattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeServiceAttachment + plural: computeserviceattachments + shortNames: + - gcpcomputeserviceattachment + - gcpcomputeserviceattachments + singular: computeserviceattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + connectionPreference: + description: 'The connection preference of service attachment. The + value can be set to `ACCEPT_AUTOMATIC`. An `ACCEPT_AUTOMATIC` service + attachment is one that always accepts the connection from consumer + forwarding rules. Possible values: CONNECTION_PREFERENCE_UNSPECIFIED, + ACCEPT_AUTOMATIC, ACCEPT_MANUAL' + type: string + consumerAcceptLists: + description: Projects that are allowed to connect to this service + attachment. + items: + properties: + connectionLimit: + description: The value of the limit to set. + format: int64 + type: integer + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project id or number for the project to set the limit for. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + type: object + type: array + consumerRejectLists: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + description: + description: An optional description of this resource. Provide this + property when you create the resource. + type: string + enableProxyProtocol: + description: Immutable. If true, enable the proxy protocol which is + for supplying client TCP/IP address data in TCP connections that + traverse proxies on their way to destination servers. + type: boolean + location: + description: Immutable. The location for the resource + type: string + natSubnets: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + targetServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of a service serving the endpoint identified by this service attachment. + + Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - connectionPreference + - location + - natSubnets + - projectRef + - targetServiceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + connectedEndpoints: + description: An array of connections for all the consumers connected + to this service attachment. + items: + properties: + endpoint: + description: The url of a connected endpoint. + type: string + pscConnectionId: + description: The PSC connection id of the connected endpoint. + format: int64 + type: integer + status: + description: 'The status of a connected endpoint to this service + attachment. Possible values: PENDING, RUNNING, DONE' + type: string + type: object + type: array + fingerprint: + description: Fingerprint of this resource. This field is used internally + during updates of this resource. + type: string + id: + description: The unique identifier for the resource type. The server + generates this identifier. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pscServiceAttachmentId: + description: An 128-bit global unique ID of the PSC service attachment. + properties: + high: + format: int64 + type: integer + low: + format: int64 + type: integer + type: object + region: + description: URL of the region where the service attachment resides. + This field applies only to the region resource. You must specify + this field as part of the HTTP request URL. It is not settable as + a field in the request body. + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesharedvpchostprojects.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSharedVPCHostProject + plural: computesharedvpchostprojects + shortNames: + - gcpcomputesharedvpchostproject + - gcpcomputesharedvpchostprojects + singular: computesharedvpchostproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesharedvpcserviceprojects.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSharedVPCServiceProject + plural: computesharedvpcserviceprojects + shortNames: + - gcpcomputesharedvpcserviceproject + - gcpcomputesharedvpcserviceprojects + singular: computesharedvpcserviceproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deletionPolicy: + description: "The deletion policy for the shared VPC service. Setting + ABANDON allows the resource\n\t\t\t\tto be abandoned rather than + deleted. Possible values are: \"ABANDON\"." + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesnapshots.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSnapshot + plural: computesnapshots + shortNames: + - gcpcomputesnapshot + - gcpcomputesnapshots + singular: computesnapshot + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + chainName: + description: |- + Immutable. Creates the new snapshot in the snapshot chain labeled with the + specified name. The chain name must be 1-63 characters long and + comply with RFC1035. This is an uncommon option only for advanced + service owners who needs to create separate snapshot chains, for + example, for chargeback tracking. When you describe your snapshot + resource, this field is visible only if it has a non-empty value. + type: string + description: + description: Immutable. An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + snapshotEncryptionKey: + description: |- + Immutable. Encrypts the snapshot using a customer-supplied encryption key. + + After you encrypt a snapshot using a customer-supplied key, you must + provide the same key if you use the snapshot later. For example, you + must provide the encryption key when you create a disk from the + encrypted snapshot in a future request. + + Customer-supplied encryption keys do not protect access to metadata of + the snapshot. + + If you do not provide an encryption key when creating the snapshot, + then the snapshot will be encrypted using an automatically generated + key and you do not need to provide a key to use the snapshot later. + properties: + kmsKeyRef: + description: The encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + sourceDiskEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source snapshot. Required + if the source snapshot is protected by a customer-supplied encryption + key. + properties: + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + type: object + sourceDiskRef: + description: A reference to the disk used to create this snapshot. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + storageLocations: + description: Immutable. Cloud Storage bucket storage location of the + snapshot (regional or multi-regional). + items: + type: string + type: array + zone: + description: Immutable. A reference to the zone where the disk is + hosted. + type: string + required: + - sourceDiskRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + diskSizeGb: + description: Size of the snapshot, specified in GB. + type: integer + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + licenses: + description: |- + A list of public visible licenses that apply to this snapshot. This + can be because the original image had licenses attached (such as a + Windows image). snapshotEncryptionKey nested object Encrypts the + snapshot using a customer-supplied encryption key. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + snapshotId: + description: The unique identifier for the resource. + type: integer + storageBytes: + description: |- + A size of the storage used by the snapshot. As snapshots share + storage, this number is expected to change with snapshot + creation/deletion. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesslcertificates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSSLCertificate + plural: computesslcertificates + shortNames: + - gcpcomputesslcertificate + - gcpcomputesslcertificates + singular: computesslcertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificate: + description: |- + Immutable. The certificate in PEM format. + The certificate chain must be no greater than 5 certs long. + The chain must include at least one intermediate cert. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - key + - name + type: object + type: object + type: object + description: + description: Immutable. An optional description of this resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeSSLCertificate. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + privateKey: + description: Immutable. The write-only private key in PEM format. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - key + - name + type: object + type: object + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - certificate + - location + - privateKey + type: object + status: + properties: + certificateId: + description: The unique identifier for the resource. + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + expireTime: + description: Expire time of the certificate in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesslpolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSSLPolicy + plural: computesslpolicies + shortNames: + - gcpcomputesslpolicy + - gcpcomputesslpolicies + singular: computesslpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + customFeatures: + description: |- + Profile specifies the set of SSL features that can be used by the + load balancer when negotiating SSL with clients. This can be one of + 'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM', + the set of SSL features to enable must be specified in the + 'customFeatures' field. + + See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) + for which ciphers are available to use. **Note**: this argument + *must* be present when using the 'CUSTOM' profile. This argument + *must not* be present when using any other profile. + items: + type: string + type: array + description: + description: Immutable. An optional description of this resource. + type: string + minTlsVersion: + description: |- + The minimum version of SSL protocol that can be used by the clients + to establish a connection with the load balancer. Default value: "TLS_1_0" Possible values: ["TLS_1_0", "TLS_1_1", "TLS_1_2"]. + type: string + profile: + description: |- + Profile specifies the set of SSL features that can be used by the + load balancer when negotiating SSL with clients. If using 'CUSTOM', + the set of SSL features to enable must be specified in the + 'customFeatures' field. + + See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) + for information on what cipher suites each profile provides. If + 'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: "COMPATIBLE" Possible values: ["COMPATIBLE", "MODERN", "RESTRICTED", "CUSTOM"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + enabledFeatures: + description: The list of features enabled in the SSL policy. + items: + type: string + type: array + fingerprint: + description: |- + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesubnetworks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSubnetwork + plural: computesubnetworks + shortNames: + - gcpcomputesubnetwork + - gcpcomputesubnetworks + singular: computesubnetwork + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. This field can be set only at resource + creation time. + type: string + ipCidrRange: + description: |- + The range of internal addresses that are owned by this subnetwork. + Provide this property when you create the subnetwork. For example, + 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and + non-overlapping within a network. Only IPv4 is supported. + type: string + ipv6AccessType: + description: |- + The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation + or the first time the subnet is updated into IPV4_IPV6 dual stack. If the ipv6_type is EXTERNAL then this subnet + cannot enable direct path. Possible values: ["EXTERNAL", "INTERNAL"]. + type: string + logConfig: + description: |- + This field denotes the VPC flow logging options for this subnetwork. If + logging is enabled, logs are exported to Cloud Logging. Flow logging + isn't supported if the subnet 'purpose' field is set to subnetwork is + 'REGIONAL_MANAGED_PROXY' or 'GLOBAL_MANAGED_PROXY'. + properties: + aggregationInterval: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + Toggles the aggregation interval for collecting flow logs. Increasing the + interval time will reduce the amount of generated flow logs for long + lasting connections. Default is an interval of 5 seconds per connection. Default value: "INTERVAL_5_SEC" Possible values: ["INTERVAL_5_SEC", "INTERVAL_30_SEC", "INTERVAL_1_MIN", "INTERVAL_5_MIN", "INTERVAL_10_MIN", "INTERVAL_15_MIN"]. + type: string + filterExpr: + description: |- + Export filter used to define which VPC flow logs should be logged, as as CEL expression. See + https://cloud.google.com/vpc/docs/flow-logs#filtering for details on how to format this field. + The default value is 'true', which evaluates to include everything. + type: string + flowSampling: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + The value of the field must be in [0, 1]. Set the sampling rate of VPC + flow logs within the subnetwork where 1.0 means all collected logs are + reported and 0.0 means no logs are reported. Default is 0.5 which means + half of all collected logs are reported. + type: number + metadata: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + Configures whether metadata fields should be added to the reported VPC + flow logs. Default value: "INCLUDE_ALL_METADATA" Possible values: ["EXCLUDE_ALL_METADATA", "INCLUDE_ALL_METADATA", "CUSTOM_METADATA"]. + type: string + metadataFields: + description: |- + List of metadata fields that should be added to reported logs. + Can only be specified if VPC flow logs for this subnetwork is enabled and "metadata" is set to CUSTOM_METADATA. + items: + type: string + type: array + type: object + networkRef: + description: |- + The network this subnet belongs to. Only networks that are in the + distributed mode can have subnetworks. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + privateIpGoogleAccess: + description: |- + When enabled, VMs in this subnetwork without external IP addresses can + access Google APIs and services by using Private Google Access. + type: boolean + privateIpv6GoogleAccess: + description: The private IPv6 google access type for the VMs in this + subnet. + type: string + purpose: + description: |- + Immutable. The purpose of the resource. This field can be either 'PRIVATE_RFC_1918', 'REGIONAL_MANAGED_PROXY', 'GLOBAL_MANAGED_PROXY', or 'PRIVATE_SERVICE_CONNECT'. + A subnet with purpose set to 'REGIONAL_MANAGED_PROXY' is a user-created subnetwork that is reserved for regional Envoy-based load balancers. + A subnetwork in a given region with purpose set to 'GLOBAL_MANAGED_PROXY' is a proxy-only subnet and is shared between all the cross-regional Envoy-based load balancers. + A subnetwork with purpose set to 'PRIVATE_SERVICE_CONNECT' reserves the subnet for hosting a Private Service Connect published service. + Note that 'REGIONAL_MANAGED_PROXY' is the preferred setting for all regional Envoy load balancers. + If unspecified, the purpose defaults to 'PRIVATE_RFC_1918'. + type: string + region: + description: Immutable. The GCP region for this subnetwork. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + role: + description: |- + The role of subnetwork. + Currently, this field is only used when 'purpose' is 'REGIONAL_MANAGED_PROXY'. + The value can be set to 'ACTIVE' or 'BACKUP'. + An 'ACTIVE' subnetwork is one that is currently being used for Envoy-based load balancers in a region. + A 'BACKUP' subnetwork is one that is ready to be promoted to 'ACTIVE' or is currently draining. Possible values: ["ACTIVE", "BACKUP"]. + type: string + secondaryIpRange: + items: + properties: + ipCidrRange: + description: |- + The range of IP addresses belonging to this subnetwork secondary + range. Provide this property when you create the subnetwork. + Ranges must be unique and non-overlapping with all primary and + secondary IP ranges within a network. Only IPv4 is supported. + type: string + rangeName: + description: |- + The name associated with this subnetwork secondary range, used + when adding an alias IP range to a VM instance. The name must + be 1-63 characters long, and comply with RFC1035. The name + must be unique within the subnetwork. + type: string + required: + - ipCidrRange + - rangeName + type: object + type: array + stackType: + description: |- + The stack type for this subnet to identify whether the IPv6 feature is enabled or not. + If not specified IPV4_ONLY will be used. Possible values: ["IPV4_ONLY", "IPV4_IPV6"]. + type: string + required: + - ipCidrRange + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + externalIpv6Prefix: + description: The range of external IPv6 addresses that are owned by + this subnetwork. + type: string + fingerprint: + description: DEPRECATED. This field is not useful for users, and has + been removed as an output. Fingerprint of this resource. This field + is used internally during updates of this resource. + type: string + gatewayAddress: + description: |- + The gateway address for default routes to reach destination addresses + outside this subnetwork. + type: string + internalIpv6Prefix: + description: The internal IPv6 address range that is assigned to this + subnetwork. + type: string + ipv6CidrRange: + description: The range of internal IPv6 addresses that are owned by + this subnetwork. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetgrpcproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetGRPCProxy + plural: computetargetgrpcproxies + shortNames: + - gcpcomputetargetgrpcproxy + - gcpcomputetargetgrpcproxies + singular: computetargetgrpcproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + urlMapRef: + description: |- + The UrlMap resource that defines the mapping from URL to the BackendService. + The protocol field in the BackendService must be set to GRPC. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + validateForProxyless: + description: |- + Immutable. If true, indicates that the BackendServices referenced by + the urlMap may be accessed by gRPC applications without using + a sidecar proxy. This will enable configuration checks on urlMap + and its referenced BackendServices to not allow unsupported features. + A gRPC application must use "xds:///" scheme in the target URI + of the service it is connecting to. If false, indicates that the + BackendServices referenced by the urlMap will be accessed by gRPC + applications via a sidecar proxy. In this case, a gRPC application + must not use "xds:///" scheme in the target URI of the service + it is connecting to. + type: boolean + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + fingerprint: + description: |- + Fingerprint of this resource. A hash of the contents stored in + this object. This field is used in optimistic locking. This field + will be ignored when inserting a TargetGrpcProxy. An up-to-date + fingerprint must be provided in order to patch/update the + TargetGrpcProxy; otherwise, the request will fail with error + 412 conditionNotMet. To see the latest fingerprint, make a get() + request to retrieve the TargetGrpcProxy. A base64-encoded string. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + selfLinkWithId: + description: Server-defined URL with id for the resource. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargethttpproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetHTTPProxy + plural: computetargethttpproxies + shortNames: + - gcpcomputetargethttpproxy + - gcpcomputetargethttpproxies + singular: computetargethttpproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + httpKeepAliveTimeoutSec: + description: |- + Immutable. Specifies how long to keep a connection open, after completing a response, + while there is no matching traffic (in seconds). If an HTTP keepalive is + not specified, a default value (610 seconds) will be used. For Global + external HTTP(S) load balancer, the minimum allowed value is 5 seconds and + the maximum allowed value is 1200 seconds. For Global external HTTP(S) + load balancer (classic), this option is not available publicly. + type: integer + location: + description: 'Location represents the geographical location of the + ComputeTargetHTTPProxy. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + proxyBind: + description: |- + Immutable. This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + urlMapRef: + description: |- + A reference to the ComputeURLMap resource that defines the mapping + from URL to the BackendService. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - urlMapRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargethttpsproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetHTTPSProxy + plural: computetargethttpsproxies + shortNames: + - gcpcomputetargethttpsproxy + - gcpcomputetargethttpsproxies + singular: computetargethttpsproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificateManagerCertificates: + items: + description: |- + URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer. + Currently, you may specify up to 15 certificates. Certificate manager certificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. + sslCertificates and certificateManagerCertificates fields cannot be defined together. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/locations/global/certificates/{{value}}`, + where {{value}} is the `name` field of a `CertificateManagerCertificate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + certificateMapRef: + description: |- + A reference to the CertificateMap resource uri that identifies a + certificate map associated with the given target proxy. This field + can only be set for global target proxies. This field is only supported + for EXTERNAL and EXTERNAL_MANAGED load balancing schemes. + For INTERNAL_MANAGED, use certificateManagerCertificates instead. + sslCertificates and certificateMap fields cannot be defined together. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `//certificatemanager.googleapis.com/projects/{{project}}/locations/global/certificateMaps/{{value}}`, + where {{value}} is the `name` field of a `CertificateManagerCertificateMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + httpKeepAliveTimeoutSec: + description: |- + Immutable. Specifies how long to keep a connection open, after completing a response, + while there is no matching traffic (in seconds). If an HTTP keepalive is + not specified, a default value (610 seconds) will be used. For Global + external HTTP(S) load balancer, the minimum allowed value is 5 seconds and + the maximum allowed value is 1200 seconds. For Global external HTTP(S) + load balancer (classic), this option is not available publicly. + type: integer + location: + description: 'Location represents the geographical location of the + ComputeTargetHTTPSProxy. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + proxyBind: + description: |- + Immutable. This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: boolean + quicOverride: + description: |- + Specifies the QUIC override policy for this resource. This determines + whether the load balancer will attempt to negotiate QUIC with clients + or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is + specified, Google manages whether QUIC is used. Default value: "NONE" Possible values: ["NONE", "ENABLE", "DISABLE"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serverTlsPolicyRef: + description: |- + Immutable. A URL referring to a networksecurity.ServerTlsPolicy + resource that describes how the proxy should authenticate inbound + traffic. serverTlsPolicy only applies to a global TargetHttpsProxy + attached to globalForwardingRules with the loadBalancingScheme + set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. + For details which ServerTlsPolicy resources are accepted with + INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED + loadBalancingScheme consult ServerTlsPolicy documentation. + If left blank, communications are not encrypted. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{value}}`, + where {{value}} is the `name` field of a `NetworkSecurityServerTLSPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sslCertificates: + items: + description: |- + A list of ComputeSSLCertificate resources that are used to + authenticate connections between users and the load balancer. At + least one SSL certificate must be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sslPolicyRef: + description: |- + A reference to the ComputeSSLPolicy resource that will be + associated with the ComputeTargetHTTPSProxy resource. If not set, + the ComputeTargetHTTPSProxy resource will not have any SSL policy + configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + urlMapRef: + description: |- + A reference to the ComputeURLMap resource that defines the mapping + from URL to the BackendService. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - urlMapRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetinstances.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetInstance + plural: computetargetinstances + shortNames: + - gcpcomputetargetinstance + - gcpcomputetargetinstances + singular: computetargetinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + instanceRef: + description: The ComputeInstance handling traffic for this target + instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + natPolicy: + description: |- + Immutable. NAT option controlling how IPs are NAT'ed to the instance. + Currently only NO_NAT (default value) is supported. Default value: "NO_NAT" Possible values: ["NO_NAT"]. + type: string + networkRef: + description: |- + The network this target instance uses to forward + traffic. If not specified, the traffic will be forwarded to the network + that the default network interface belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + securityPolicyRef: + description: The resource URL for the security policy associated with + this target instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + zone: + description: Immutable. URL of the zone where the target instance + resides. + type: string + required: + - instanceRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetpools.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetPool + plural: computetargetpools + shortNames: + - gcpcomputetargetpool + - gcpcomputetargetpools + singular: computetargetpool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backupTargetPoolRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. Textual description field. + type: string + failoverRatio: + description: Immutable. Ratio (0 to 1) of failed nodes before using + the backup pool (which must also be set). + type: number + healthChecks: + items: + properties: + httpHealthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + region: + description: Immutable. Where the target pool resides. Defaults to + project region. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + securityPolicyRef: + description: The resource URL for the security policy associated with + this target pool. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sessionAffinity: + description: Immutable. How to distribute load. Options are "NONE" + (no affinity). "CLIENT_IP" (hash of the source/dest addresses / + ports), and "CLIENT_IP_PROTO" also includes the protocol (default + "NONE"). + type: string + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetsslproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetSSLProxy + plural: computetargetsslproxies + shortNames: + - gcpcomputetargetsslproxy + - gcpcomputetargetsslproxies + singular: computetargetsslproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backendServiceRef: + description: A reference to the ComputeBackendService resource. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateMapRef: + description: |- + A reference to the CertificateMap resource uri that identifies a + certificate map associated with the given target proxy. This + field can only be set for global target proxies. Accepted format is + '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CertificateManagerCertificateMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to + the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslCertificates: + items: + description: |- + A list of ComputeSSLCertificate resources that are used to + authenticate connections between users and the load balancer. + Currently, exactly one SSL certificate must be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sslPolicyRef: + description: |- + A reference to the ComputeSSLPolicy resource that will be + associated with the TargetSslProxy resource. If not set, the + ComputeTargetSSLProxy resource will not have any SSL policy + configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargettcpproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetTCPProxy + listKind: ComputeTargetTCPProxyList + plural: computetargettcpproxies + shortNames: + - gcpcomputetargettcpproxy + - gcpcomputetargettcpproxies + singular: computetargettcpproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: ComputeTargetTCPProxy is the Schema for the ComputeTargetTCPProxy + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ComputeTargetTCPProxySpec defines the desired state of ComputeTargetTCPProxy + properties: + backendServiceRef: + description: A reference to the ComputeBackendService resource. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The ComputeBackendService selflink in the form "projects/{{project}}/global/backendServices/{{name}}" + or "projects/{{project}}/regions/{{region}}/backendServices/{{name}}" + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `ComputeBackendService` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeBackendService` + resource. + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + x-kubernetes-validations: + - message: Description is immutable + rule: self == oldSelf + location: + description: 'The geographical location of the ComputeTargetTCPProxy. + Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + proxyBind: + description: Immutable. This field only applies when the forwarding + rule that references this target proxy has a loadBalancingScheme + set to INTERNAL_SELF_MANAGED. + type: boolean + x-kubernetes-validations: + - message: ProxyBind is immutable + rule: self == oldSelf + proxyHeader: + description: 'Specifies the type of proxy header to append before + sending data to the backend. Default value: "NONE" Possible values: + ["NONE", "PROXY_V1"].' + type: string + resourceID: + description: Immutable. The ComputeTargetTCPProxy name. If not given, + the metadata.name will be used. + type: string + x-kubernetes-validations: + - message: ResourceID is immutable + rule: self == oldSelf + required: + - backendServiceRef + type: object + status: + description: ComputeTargetTCPProxyStatus defines the config connector + machine state of ComputeTargetTCPProxy + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + externalRef: + description: A unique specifier for the ComputeTargetTCPProxy resource + in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + proxyId: + description: The unique identifier for the resource. + format: int64 + type: integer + selfLink: + description: The SelfLink for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetvpngateways.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetVPNGateway + plural: computetargetvpngateways + shortNames: + - gcpcomputetargetvpngateway + - gcpcomputetargetvpngateways + singular: computetargetvpngateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + networkRef: + description: The network this VPN gateway is accepting traffic for. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region this gateway should sit in. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + gatewayId: + description: The unique identifier for the resource. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeurlmaps.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeURLMap + plural: computeurlmaps + shortNames: + - gcpcomputeurlmap + - gcpcomputeurlmaps + singular: computeurlmap + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultRouteAction: + description: |- + defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + Only one of defaultRouteAction or defaultUrlRedirect must be set. + URL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within defaultRouteAction. + defaultRouteAction has no effect when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see + [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header. + Default is false. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regualar expression patterns that match allowed origins. For regular expression grammar + please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + disabled: + description: If true, the setting specifies the CORS policy + is disabled. The default value of false, which indicates + that the CORS policy is in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached in seconds. + This translates to the Access-Control-Max-Age header. + type: integer + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. + As part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service. + Similarly requests from clients can be aborted by the load balancer for a percentage of requests. + timeout and retryPolicy is ignored by clients that are configured with a faultInjectionPolicy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection. + Fault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: [Routing and traffic management features](https://cloud.google.com/load-balancing/docs/features#routing-traffic-management). + properties: + abort: + description: The specification for how client requests are + aborted as part of fault injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. + The value must be between 200 and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + delay: + description: The specification for how client requests are + delayed as part of fault injection, before being sent to + a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed delay interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. + The load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow. + Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + backendServiceRef: + description: |- + The backend service resource being mirrored to. + The backend service configured for a mirroring policy must reference + backends that are of the same type as the original backend service + matched in the URL map. + Serverless NEG backends are not currently supported as a mirrored + backend service. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + retryPolicy: + description: Specifies the retry policy associated with this route. + properties: + numRetries: + description: Specifies the allowed number retries. This number + must be > 0. If not specified, defaults to 1. + type: integer + perTryTimeout: + description: |- + Specifies a non-zero timeout per retry attempt. + + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, + will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + retryConditions: + description: |- + Specifies one or more conditions when this retry policy applies. + Valid values are listed below. Only the following codes are supported when the URL map is bound to target gRPC proxy that has validateForProxyless field set to true: cancelled, deadline-exceeded, internal, resource-exhausted, unavailable. + - 5xx : retry is attempted if the instance or endpoint responds with any 5xx response code, or if the instance or endpoint does not respond at all. For example, disconnects, reset, read timeout, connection failure, and refused streams. + - gateway-error : Similar to 5xx, but only applies to response codes 502, 503 or 504. + - connect-failure : a retry is attempted on failures connecting to the instance or endpoint. For example, connection timeouts. + - retriable-4xx : a retry is attempted if the instance or endpoint responds with a 4xx response code. The only error that you can retry is error code 409. + - refused-stream : a retry is attempted if the instance or endpoint resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + - cancelled : a retry is attempted if the gRPC status code in the response header is set to cancelled. + - deadline-exceeded : a retry is attempted if the gRPC status code in the response header is set to deadline-exceeded. + - internal : a retry is attempted if the gRPC status code in the response header is set to internal. + - resource-exhausted : a retry is attempted if the gRPC status code in the response header is set to resource-exhausted. + - unavailable : a retry is attempted if the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as end-of-stream) up until the response has been processed. Timeout includes all retries. + If not specified, this field uses the largest timeout among all backend services associated with the route. + Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. + properties: + nanos: + description: Span of time that's a fraction of a second at + nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos + field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: 'Span of time at a resolution of a second. Must + be from 0 to 315,576,000,000 inclusive. Note: these bounds + are computed from: 60 sec/min * 60 min/hr * 24 hr/day * + 365.25 days/year * 10000 years.' + type: string + type: object + urlRewrite: + description: |- + The spec to modify the URL of the request, before forwarding the request to the matched service. + urlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers. + Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + hostRewrite: + description: |- + Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite. + The value must be from 1 to 255 characters. + type: string + pathPrefixRewrite: + description: |- + Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite. + The value must be from 1 to 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number. + After a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + The default backend service resource. + Before forwarding the request to backendService, the loadbalancer + applies any relevant headerActions specified as part of this + backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for the selected backendService. + headerAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + headerAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL. + Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. + properties: + requestHeadersToAdd: + description: Headers to add to a matching request before + forwarding the request to the backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. + The default value is false. + type: boolean + type: object + type: array + requestHeadersToRemove: + description: A list of header names for headers that + need to be removed from the request before forwarding + the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response before sending + the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. + The default value is false. + type: boolean + type: object + type: array + responseHeadersToRemove: + description: A list of header names for headers that + need to be removed from the response before sending + the response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to a backend service, computed as weight / (sum of all weightedBackendService weights in routeAction) . + The selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backend service, subsequent requests are sent to the same backend service as determined by the backend service's session affinity policy. + The value must be from 0 to 1000. + type: integer + type: object + type: array + type: object + defaultService: + description: |- + The defaultService resource to which traffic is directed if none of + the hostRules match. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + If defaultRouteAction is additionally specified, advanced routing + actions like URL Rewrites, etc. take effect prior to sending the + request to the backend. However, if defaultService is specified, + defaultRouteAction cannot contain any weightedBackendServices. + Conversely, if routeAction specifies any weightedBackendServices, + service must not be specified. Only one of defaultService, + defaultUrlRedirect or defaultRouteAction.weightedBackendService + must be set. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + defaultUrlRedirect: + description: |- + When none of the specified hostRules match, the request is redirected to a URL specified + by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or + defaultRouteAction must not be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. If set to + false, the URL scheme of the redirected request will remain the same as that of the + request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this + true for TargetHttpsProxy is not permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one that was + supplied in the request. pathRedirect cannot be supplied together with + prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the + original request will be used for the redirect. The value must be between 1 and 1024 + characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or + neither. If neither is supplied, the path of the original request will be used for + the redirect. The value must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed prior + to redirecting the request. If set to false, the query portion of the original URL is + retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. The headerAction specified here take effect after + headerAction specified under pathMatcher. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to sending the + response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + hostRule: + description: The list of HostRules to use against the URL. + items: + properties: + description: + description: |- + An optional description of this HostRule. Provide this property + when you create the resource. + type: string + hosts: + description: |- + The list of host patterns to match. They must be valid + hostnames, except * will match any string of ([a-z0-9-.]*). In + that case, * must be the first character and must be followed in + the pattern by either - or .. + items: + type: string + type: array + pathMatcher: + description: |- + The name of the PathMatcher to use to match the path portion of + the URL if the hostRule matches the URL's host portion. + type: string + required: + - hosts + - pathMatcher + type: object + type: array + location: + description: 'Location represents the geographical location of the + ComputeURLMap. Specify a region name or "global" for global resources. + Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + pathMatcher: + description: The list of named PathMatchers to use against the URL. + items: + properties: + defaultRouteAction: + description: |- + defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs + advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request + to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. + Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + + Only one of defaultRouteAction or defaultUrlRedirect must be set. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see + [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. + This translates to the Access-Control-Allow-Credentials header. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regular expression patterns that match allowed origins. For regular expression grammar + please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy is disabled. + The default value is false, which indicates that the + CORS policy is in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached in seconds. + This translates to the Access-Control-Max-Age header. + type: integer + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. + As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a + percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted + by the Loadbalancer for a percentage of requests. + + timeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy. + properties: + abort: + description: The specification for how client requests + are aborted as part of fault injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. + The value must be between 200 and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + delay: + description: The specification for how client requests + are delayed as part of fault injection, before being + sent to a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed delay + interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. + Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, + the host / authority header is suffixed with -shadow. + properties: + backendServiceRef: + description: Required. The backend service resource + being mirrored to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + retryPolicy: + description: Specifies the retry policy associated with + this route. + properties: + numRetries: + description: Specifies the allowed number retries. This + number must be > 0. If not specified, defaults to + 1. + type: integer + perTryTimeout: + description: |- + Specifies a non-zero timeout per retry attempt. + + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, + will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + retryConditions: + description: |- + Specfies one or more conditions when this retry rule applies. Valid values are: + + * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, + or if the backend service does not respond at all, example: disconnects, reset, read timeout, + * connection failure, and refused streams. + * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. + * connect-failure: Loadbalancer will retry on failures connecting to backend services, + for example due to connection timeouts. + * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + * refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. + This reset type indicates that it is safe to retry. + * cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled + * deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded + * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted + * unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time the request has been + fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. + + If not specified, will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + urlRewrite: + description: The spec to modify the URL of the request, + prior to forwarding the request to the matched service. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected service, the request's host header is replaced + with contents of hostRewrite. + + The value must be between 1 and 255 characters. + type: string + pathPrefixRewrite: + description: |- + Prior to forwarding the request to the selected backend service, the matching portion of the + request's path is replaced by pathPrefixRewrite. + + The value must be between 1 and 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match occurs. + The weights determine the fraction of traffic that flows to their corresponding backend service. + If all traffic needs to go to a single backend service, there must be one weightedBackendService + with weight set to a non 0 number. + + Once a backendService is identified and before forwarding the request to the backend service, + advanced routing actions like Url rewrites and header transformations are applied depending on + additional settings specified in this HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + The default backend service resource. + Before forwarding the request to backendService, the loadbalancer + applies any relevant headerActions specified as part of this + backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. + + headerAction specified here take effect before headerAction in the enclosing + HttpRouteRule, PathMatcher and UrlMap. + properties: + requestHeadersToAdd: + description: Headers to add to a matching request + prior to forwarding the request to the backendService. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + type: boolean + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request prior to + forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior + to sending the response back to the client. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + type: boolean + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response prior to sending the + response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to backendService, computed as + weight / (sum of all weightedBackendService weights in routeAction) . + + The selection of a backend service is determined only for new traffic. Once a user's request + has been directed to a backendService, subsequent requests will be sent to the same backendService + as determined by the BackendService's session affinity policy. + + The value must be between 0 and 1000. + type: integer + type: object + type: array + type: object + defaultService: + description: |- + The default service to use if none of the pathRules defined by this + PathMatcher is matched by the URL's path portion. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + defaultUrlRedirect: + description: |- + When none of the specified hostRules match, the request is redirected to a URL specified + by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or + defaultRouteAction must not be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. If set to + false, the URL scheme of the redirected request will remain the same as that of the + request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this + true for TargetHttpsProxy is not permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one that was + supplied in the request. pathRedirect cannot be supplied together with + prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the + original request will be used for the redirect. The value must be between 1 and 1024 + characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or + neither. If neither is supplied, the path of the original request will be used for + the redirect. The value must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed prior + to redirecting the request. If set to false, the query portion of the original URL is + retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + description: + description: An optional description of this resource. + type: string + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. HeaderAction specified here are applied after the + matching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to sending + the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + name: + description: The name to which this PathMatcher is referred + by the HostRule. + type: string + pathRule: + description: |- + The list of path rules. Use this list instead of routeRules when routing based + on simple path matching is all that's required. The order by which path rules + are specified does not matter. Matches are always done on the longest-path-first + basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* + irrespective of the order in which those paths appear in this list. Within a + given pathMatcher, only one of pathRules or routeRules must be set. + items: + properties: + paths: + description: |- + The list of path patterns to match. Each must start with / and the only place a + \* is allowed is at the end following a /. The string fed to the path matcher + does not include any text after the first ? or #, and those chars are not + allowed here. + items: + type: string + type: array + routeAction: + description: |- + In response to a matching path, the load balancer performs advanced routing + actions like URL rewrites, header transformations, etc. prior to forwarding the + request to the selected backend. If routeAction specifies any + weightedBackendServices, service must not be set. Conversely if service is set, + routeAction cannot contain any weightedBackendServices. Only one of routeAction + or urlRedirect must be set. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see W3C + Recommendation for Cross Origin Resource Sharing. + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the + actual request can include user credentials. This translates to the Access- + Control-Allow-Credentials header. Defaults to false. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regular expression patterns that match allowed origins. For + regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. An + origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy + is disabled. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long the results of a preflight request can be cached. This + translates to the content for the Access-Control-Max-Age header. + type: integer + required: + - disabled + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the + resiliency of clients to backend service failure. As part of fault injection, + when clients send requests to a backend service, delays can be introduced by + Loadbalancer on a percentage of requests before sending those request to the + backend service. Similarly requests from clients can be aborted by the + Loadbalancer for a percentage of requests. timeout and retry_policy will be + ignored by clients that are configured with a fault_injection_policy. + properties: + abort: + description: |- + The specification for how client requests are aborted as part of fault + injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. The value must be between 200 + and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be + aborted as part of fault injection. The value must be between 0.0 and 100.0 + inclusive. + type: number + required: + - httpStatus + - percentage + type: object + delay: + description: |- + The specification for how client requests are delayed as part of fault + injection, before being sent to a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed + delay interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will + be introduced as part of fault injection. The value must be between 0.0 and + 100.0 inclusive. + type: number + required: + - fixedDelay + - percentage + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are + shadowed to a separate mirrored backend service. Loadbalancer does not wait for + responses from the shadow service. Prior to sending traffic to the shadow + service, the host / authority header is suffixed with -shadow. + properties: + backendServiceRef: + description: Required. The backend service resource + being mirrored to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + retryPolicy: + description: Specifies the retry policy associated + with this route. + properties: + numRetries: + description: Specifies the allowed number retries. + This number must be > 0. + type: integer + perTryTimeout: + description: Specifies a non-zero timeout per + retry attempt. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + retryConditions: + description: |- + Specifies one or more conditions when this retry rule applies. Valid values are: + + - 5xx: Loadbalancer will attempt a retry if the backend service responds with + any 5xx response code, or if the backend service does not respond at all, + example: disconnects, reset, read timeout, connection failure, and refused + streams. + - gateway-error: Similar to 5xx, but only applies to response codes + 502, 503 or 504. + - connect-failure: Loadbalancer will retry on failures + connecting to backend services, for example due to connection timeouts. + - retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + - refused-stream: Loadbalancer will retry if the backend service resets the stream with a + REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + - cancelled: Loadbalancer will retry if the gRPC status code in the response + header is set to cancelled + - deadline-exceeded: Loadbalancer will retry if the + gRPC status code in the response header is set to deadline-exceeded + - resource-exhausted: Loadbalancer will retry if the gRPC status code in the response + header is set to resource-exhausted + - unavailable: Loadbalancer will retry if + the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time + the request is has been fully processed (i.e. end-of-stream) up until the + response has been completely processed. Timeout includes all retries. If not + specified, the default value is 15 seconds. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + urlRewrite: + description: |- + The spec to modify the URL of the request, prior to forwarding the request to + the matched service. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected service, the request's host + header is replaced with contents of hostRewrite. The value must be between 1 and + 255 characters. + type: string + pathPrefixRewrite: + description: |- + Prior to forwarding the request to the selected backend service, the matching + portion of the request's path is replaced by pathPrefixRewrite. The value must + be between 1 and 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match + occurs. The weights determine the fraction of traffic that flows to their + corresponding backend service. If all traffic needs to go to a single backend + service, there must be one weightedBackendService with weight set to a non 0 + number. Once a backendService is identified and before forwarding the request to + the backend service, advanced routing actions like Url rewrites and header + transformations are applied depending on additional settings specified in this + HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + Required. The default backend service resource. Before forwarding + the request to backendService, the loadbalancer applies any relevant + headerActions specified as part of this backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. headerAction specified here take effect before + headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response + prior to sending the response back to + the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to backendService, computed as weight / + (sum of all weightedBackendService weights in routeAction) . The selection of a + backend service is determined only for new traffic. Once a user's request has + been directed to a backendService, subsequent requests will be sent to the same + backendService as determined by the BackendService's session affinity policy. + The value must be between 0 and 1000. + type: integer + required: + - backendServiceRef + - weight + type: object + type: array + type: object + service: + description: |- + The backend service to which traffic is directed if this rule is + matched. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + If routeAction is additionally specified, advanced routing actions + like URL Rewrites, etc. take effect prior to sending the request to + the backend. However, if service is specified, routeAction cannot + contain any weightedBackendServices. Conversely, if routeAction + specifies any weightedBackendServices, service must not be + specified. Only one of urlRedirect, service or + routeAction.weightedBackendService must be set. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + urlRedirect: + description: |- + When a path pattern is matched, the request is redirected to a URL specified + by urlRedirect. If urlRedirect is specified, service or routeAction must not + be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one + that was supplied in the request. The value must be between 1 and 255 + characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. + If set to false, the URL scheme of the redirected request will remain the + same as that of the request. This must only be set for UrlMaps used in + TargetHttpProxys. Setting this true for TargetHttpsProxy is not + permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one + that was supplied in the request. pathRedirect cannot be supplied + together with prefixRedirect. Supply one alone or neither. If neither is + supplied, the path of the original request will be used for the redirect. + The value must be between 1 and 1024 characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the + HttpRouteRuleMatch, retaining the remaining portion of the URL before + redirecting the request. prefixRedirect cannot be supplied together with + pathRedirect. Supply one alone or neither. If neither is supplied, the + path of the original request will be used for the redirect. The value + must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed + prior to redirecting the request. If set to false, the query portion of the + original URL is retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + required: + - paths + type: object + type: array + routeRules: + description: |- + The list of ordered HTTP route rules. Use this list instead of pathRules when + advanced route matching and routing actions are desired. The order of specifying + routeRules matters: the first rule that matches will cause its specified routing + action to take effect. Within a given pathMatcher, only one of pathRules or + routeRules must be set. routeRules are not supported in UrlMaps intended for + External load balancers. + items: + properties: + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. The headerAction specified here are applied before + the matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r + outeAction.weightedBackendService.backendServiceWeightAction[].headerAction. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to + sending the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + matchRules: + description: The rules for determining a match. + items: + properties: + fullPathMatch: + description: |- + For satisfying the matchRule condition, the path of the request must exactly + match the value specified in fullPathMatch after removing any query parameters + and anchor that may be part of the original URL. FullPathMatch must be between 1 + and 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must + be specified. + type: string + headerMatches: + description: |- + Specifies a list of header match criteria, all of which must match corresponding + headers in the request. + items: + properties: + exactMatch: + description: |- + The value should exactly match contents of exactMatch. Only one of exactMatch, + prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. + type: string + headerName: + description: |- + The name of the HTTP header to match. For matching against the HTTP request's + authority, use a headerMatch with the header name ":authority". For matching a + request's method, use the headerName ":method". + type: string + invertMatch: + description: |- + If set to false, the headerMatch is considered a match if the match criteria + above are met. If set to true, the headerMatch is considered a match if the + match criteria above are NOT met. Defaults to false. + type: boolean + prefixMatch: + description: |- + The value of the header must start with the contents of prefixMatch. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + type: string + presentMatch: + description: |- + A header with the contents of headerName must exist. The match takes place + whether or not the request's header has a value or not. Only one of exactMatch, + prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. + type: boolean + rangeMatch: + description: |- + The header value must be an integer and its value must be in the range specified + in rangeMatch. If the header does not contain an integer, number or is empty, + the match fails. For example for a range [-5, 0] + + * -3 will match + * 0 will not match + * 0.25 will not match + * -3someString will not match. + + Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or + rangeMatch must be set. + properties: + rangeEnd: + description: The end of the range (exclusive). + type: integer + rangeStart: + description: The start of the range (inclusive). + type: integer + required: + - rangeEnd + - rangeStart + type: object + regexMatch: + description: |- + The value of the header must match the regular expression specified in + regexMatch. For regular expression grammar, please see: + en.cppreference.com/w/cpp/regex/ecmascript For matching against a port + specified in the HTTP request, use a headerMatch with headerName set to PORT and + a regular expression that satisfies the RFC2616 Host header's port specifier. + Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or + rangeMatch must be set. + type: string + suffixMatch: + description: |- + The value of the header must end with the contents of suffixMatch. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + type: string + required: + - headerName + type: object + type: array + ignoreCase: + description: |- + Specifies that prefixMatch and fullPathMatch matches are case sensitive. + Defaults to false. + type: boolean + metadataFilters: + description: |- + Opaque filter criteria used by Loadbalancer to restrict routing configuration to + a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS + clients present node metadata. If a match takes place, the relevant routing + configuration is made available to those proxies. For each metadataFilter in + this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the + filterLabels must match the corresponding label provided in the metadata. If its + filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match + with corresponding labels in the provided metadata. metadataFilters specified + here can be overrides those specified in ForwardingRule that refers to this + UrlMap. metadataFilters only applies to Loadbalancers that have their + loadBalancingScheme set to INTERNAL_SELF_MANAGED. + items: + properties: + filterLabels: + description: |- + The list of label value pairs that must match labels in the provided metadata + based on filterMatchCriteria This list must not be empty and can have at the + most 64 entries. + items: + properties: + name: + description: |- + Name of metadata label. The name can have a maximum length of 1024 characters + and must be at least 1 character long. + type: string + value: + description: |- + The value of the label must match the specified value. value can have a maximum + length of 1024 characters. + type: string + required: + - name + - value + type: object + type: array + filterMatchCriteria: + description: |- + Specifies how individual filterLabel matches within the list of filterLabels + contribute towards the overall metadataFilter match. Supported values are: + + * MATCH_ANY: At least one of the filterLabels must have a matching label in the + provided metadata. + * MATCH_ALL: All filterLabels must have matching labels in + the provided metadata. Possible values: ["MATCH_ALL", "MATCH_ANY"]. + type: string + required: + - filterLabels + - filterMatchCriteria + type: object + type: array + pathTemplateMatch: + description: |- + For satisfying the matchRule condition, the path of the request + must match the wildcard pattern specified in pathTemplateMatch + after removing any query parameters and anchor that may be part + of the original URL. + + pathTemplateMatch must be between 1 and 255 characters + (inclusive). The pattern specified by pathTemplateMatch may + have at most 5 wildcard operators and at most 5 variable + captures in total. + type: string + prefixMatch: + description: |- + For satisfying the matchRule condition, the request's path must begin with the + specified prefixMatch. prefixMatch must begin with a /. The value must be + between 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or + regexMatch must be specified. + type: string + queryParameterMatches: + description: |- + Specifies a list of query parameter match criteria, all of which must match + corresponding query parameters in the request. + items: + properties: + exactMatch: + description: |- + The queryParameterMatch matches if the value of the parameter exactly matches + the contents of exactMatch. Only one of presentMatch, exactMatch and regexMatch + must be set. + type: string + name: + description: |- + The name of the query parameter to match. The query parameter must exist in the + request, in the absence of which the request match fails. + type: string + presentMatch: + description: |- + Specifies that the queryParameterMatch matches if the request contains the query + parameter, irrespective of whether the parameter has a value or not. Only one of + presentMatch, exactMatch and regexMatch must be set. + type: boolean + regexMatch: + description: |- + The queryParameterMatch matches if the value of the parameter matches the + regular expression specified by regexMatch. For the regular expression grammar, + please see en.cppreference.com/w/cpp/regex/ecmascript Only one of presentMatch, + exactMatch and regexMatch must be set. + type: string + required: + - name + type: object + type: array + regexMatch: + description: |- + For satisfying the matchRule condition, the path of the request must satisfy the + regular expression specified in regexMatch after removing any query parameters + and anchor supplied with the original URL. For regular expression grammar please + see en.cppreference.com/w/cpp/regex/ecmascript Only one of prefixMatch, + fullPathMatch or regexMatch must be specified. + type: string + type: object + type: array + priority: + description: |- + For routeRules within a given pathMatcher, priority determines the order + in which load balancer will interpret routeRules. RouteRules are evaluated + in order of priority, from the lowest to highest number. The priority of + a rule decreases as its number increases (1, 2, 3, N+1). The first rule + that matches the request is applied. + + You cannot configure two or more routeRules with the same priority. + Priority for each rule must be set to a number between 0 and + 2147483647 inclusive. + + Priority numbers can have gaps, which enable you to add or remove rules + in the future without affecting the rest of the rules. For example, + 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which + you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the + future without any impact on existing rules. + type: integer + routeAction: + description: |- + In response to a matching matchRule, the load balancer performs advanced routing + actions like URL rewrites, header transformations, etc. prior to forwarding the + request to the selected backend. If routeAction specifies any + weightedBackendServices, service must not be set. Conversely if service is set, + routeAction cannot contain any weightedBackendServices. Only one of routeAction + or urlRedirect must be set. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see W3C + Recommendation for Cross Origin Resource Sharing. + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the + actual request can include user credentials. This translates to the Access- + Control-Allow-Credentials header. Defaults to false. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regular expression patterns that match allowed origins. For + regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. An + origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + disabled: + description: |- + If true, specifies the CORS policy is disabled. + which indicates that the CORS policy is in effect. Defaults to false. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long the results of a preflight request can be cached. This + translates to the content for the Access-Control-Max-Age header. + type: integer + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the + resiliency of clients to backend service failure. As part of fault injection, + when clients send requests to a backend service, delays can be introduced by + Loadbalancer on a percentage of requests before sending those request to the + backend service. Similarly requests from clients can be aborted by the + Loadbalancer for a percentage of requests. timeout and retry_policy will be + ignored by clients that are configured with a fault_injection_policy. + properties: + abort: + description: |- + The specification for how client requests are aborted as part of fault + injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. The value must be between 200 + and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be + aborted as part of fault injection. The value must be between 0.0 and 100.0 + inclusive. + type: number + type: object + delay: + description: |- + The specification for how client requests are delayed as part of fault + injection, before being sent to a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed + delay interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will + be introduced as part of fault injection. The value must be between 0.0 and + 100.0 inclusive. + type: number + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are + shadowed to a separate mirrored backend service. Loadbalancer does not wait for + responses from the shadow service. Prior to sending traffic to the shadow + service, the host / authority header is suffixed with -shadow. + properties: + backendServiceRef: + description: Required. The backend service resource + being mirrored to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + retryPolicy: + description: Specifies the retry policy associated + with this route. + properties: + numRetries: + description: Specifies the allowed number retries. + This number must be > 0. + type: integer + perTryTimeout: + description: Specifies a non-zero timeout per + retry attempt. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + retryConditions: + description: |- + Specifies one or more conditions when this retry rule applies. Valid values are: + + * 5xx: Loadbalancer will attempt a retry if the backend service responds with + any 5xx response code, or if the backend service does not respond at all, + example: disconnects, reset, read timeout, connection failure, and refused + streams. + * gateway-error: Similar to 5xx, but only applies to response codes + 502, 503 or 504. + * connect-failure: Loadbalancer will retry on failures + connecting to backend services, for example due to connection timeouts. + * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + * refused-stream: Loadbalancer will retry if the backend service resets the stream with a + REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + * cancelled: Loadbalancer will retry if the gRPC status code in the response + header is set to cancelled + * deadline-exceeded: Loadbalancer will retry if the + gRPC status code in the response header is set to deadline-exceeded + * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response + header is set to resource-exhausted + * unavailable: Loadbalancer will retry if the gRPC status code in + the response header is set to unavailable. + items: + type: string + type: array + required: + - numRetries + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time + the request is has been fully processed (i.e. end-of-stream) up until the + response has been completely processed. Timeout includes all retries. If not + specified, the default value is 15 seconds. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + urlRewrite: + description: |- + The spec to modify the URL of the request, prior to forwarding the request to + the matched service. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected service, the request's host + header is replaced with contents of hostRewrite. The value must be between 1 and + 255 characters. + type: string + pathPrefixRewrite: + description: |- + Prior to forwarding the request to the selected backend service, the matching + portion of the request's path is replaced by pathPrefixRewrite. The value must + be between 1 and 1024 characters. + type: string + pathTemplateRewrite: + description: |- + Prior to forwarding the request to the selected origin, if the + request matched a pathTemplateMatch, the matching portion of the + request's path is replaced re-written using the pattern specified + by pathTemplateRewrite. + + pathTemplateRewrite must be between 1 and 255 characters + (inclusive), must start with a '/', and must only use variables + captured by the route's pathTemplate matchers. + + pathTemplateRewrite may only be used when all of a route's + MatchRules specify pathTemplate. + + Only one of pathPrefixRewrite and pathTemplateRewrite may be + specified. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match + occurs. The weights determine the fraction of traffic that flows to their + corresponding backend service. If all traffic needs to go to a single backend + service, there must be one weightedBackendService with weight set to a non 0 + number. Once a backendService is identified and before forwarding the request to + the backend service, advanced routing actions like Url rewrites and header + transformations are applied depending on additional settings specified in this + HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + Required. The default backend service resource. Before forwarding + the request to backendService, the loadbalancer applies any relevant + headerActions specified as part of this backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. headerAction specified here take effect before + headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response + prior to sending the response back to + the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to backendService, computed as weight / + (sum of all weightedBackendService weights in routeAction) . The selection of a + backend service is determined only for new traffic. Once a user's request has + been directed to a backendService, subsequent requests will be sent to the same + backendService as determined by the BackendService's session affinity policy. + The value must be between 0 and 1000. + type: integer + required: + - backendServiceRef + - weight + type: object + type: array + type: object + service: + description: |- + The region backend service resource to which traffic is + directed if this rule is matched. If routeAction is additionally specified, + advanced routing actions like URL Rewrites, etc. take effect prior to sending + the request to the backend. However, if service is specified, routeAction cannot + contain any weightedBackendService s. Conversely, if routeAction specifies any + weightedBackendServices, service must not be specified. Only one of urlRedirect, + service or routeAction.weightedBackendService must be set. + type: string + urlRedirect: + description: |- + When this rule is matched, the request is redirected to a URL specified by + urlRedirect. If urlRedirect is specified, service or routeAction must not be + set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one + that was supplied in the request. The value must be between 1 and 255 + characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. + If set to false, the URL scheme of the redirected request will remain the + same as that of the request. This must only be set for UrlMaps used in + TargetHttpProxys. Setting this true for TargetHttpsProxy is not + permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one + that was supplied in the request. pathRedirect cannot be supplied + together with prefixRedirect. Supply one alone or neither. If neither is + supplied, the path of the original request will be used for the redirect. + The value must be between 1 and 1024 characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the + HttpRouteRuleMatch, retaining the remaining portion of the URL before + redirecting the request. prefixRedirect cannot be supplied together with + pathRedirect. Supply one alone or neither. If neither is supplied, the + path of the original request will be used for the redirect. The value + must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is + removed prior to redirecting the request. If set to false, the query + portion of the original URL is retained. The default value is false. + type: boolean + type: object + required: + - priority + type: object + type: array + required: + - name + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + test: + description: |- + The list of expected URL mappings. Requests to update this UrlMap will + succeed only if all of the test cases pass. + items: + properties: + description: + description: Description of this test case. + type: string + host: + description: Host portion of the URL. + type: string + path: + description: Path portion of the URL. + type: string + service: + description: |- + The backend service resource that should be matched by this test. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + required: + - host + - path + - service + type: object + type: array + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + fingerprint: + description: |- + Fingerprint of this resource. This field is used internally during + updates of this resource. + type: string + mapId: + description: The unique identifier for the resource. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computevpngateways.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeVPNGateway + plural: computevpngateways + shortNames: + - gcpcomputevpngateway + - gcpcomputevpngateways + singular: computevpngateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + networkRef: + description: The network this VPN gateway is accepting traffic for. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region this gateway should sit in. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + stackType: + description: |- + Immutable. The stack type for this VPN gateway to identify the IP protocols that are enabled. + If not specified, IPV4_ONLY will be used. Default value: "IPV4_ONLY" Possible values: ["IPV4_ONLY", "IPV4_IPV6"]. + type: string + vpnInterfaces: + description: Immutable. A list of interfaces on this VPN gateway. + items: + properties: + id: + description: Immutable. The numeric ID of this VPN gateway interface. + type: integer + interconnectAttachmentRef: + description: |- + Immutable. When this value is present, the VPN Gateway will be used + for IPsec-encrypted Cloud Interconnect; all Egress or Ingress + traffic for this VPN Gateway interface will go through the specified + interconnect attachment resource. Not currently available publicly. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInterconnectAttachment` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipAddress: + description: The external IP address for this VPN gateway interface. + type: string + type: object + type: array + required: + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computevpntunnels.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeVPNTunnel + plural: computevpntunnels + shortNames: + - gcpcomputevpntunnel + - gcpcomputevpntunnels + singular: computevpntunnel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + ikeVersion: + description: |- + Immutable. IKE protocol version to use when establishing the VPN tunnel with + peer VPN gateway. + Acceptable IKE versions are 1 or 2. Default version is 2. + type: integer + localTrafficSelector: + description: |- + Immutable. Local traffic selector to use when establishing the VPN tunnel with + peer VPN gateway. The value should be a CIDR formatted string, + for example '192.168.0.0/16'. The ranges should be disjoint. + Only IPv4 is supported. + items: + type: string + type: array + peerExternalGatewayInterface: + description: Immutable. The interface ID of the external VPN gateway + to which this VPN tunnel is connected. + type: integer + peerExternalGatewayRef: + description: |- + The peer side external VPN gateway to which this VPN tunnel + is connected. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeExternalVPNGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + peerGCPGatewayRef: + description: |- + The peer side HA GCP VPN gateway to which this VPN tunnel is + connected. If provided, the VPN tunnel will automatically use the + same VPN gateway interface ID in the peer GCP VPN gateway. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + peerIp: + description: Immutable. IP address of the peer VPN gateway. Only IPv4 + is supported. + type: string + region: + description: Immutable. The region where the tunnel is located. If + unset, is set to the region of 'target_vpn_gateway'. + type: string + remoteTrafficSelector: + description: |- + Immutable. Remote traffic selector to use when establishing the VPN tunnel with + peer VPN gateway. The value should be a CIDR formatted string, + for example '192.168.0.0/16'. The ranges should be disjoint. + Only IPv4 is supported. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + description: The router to be used for dynamic routing. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sharedSecret: + description: |- + Immutable. Shared secret used to set the secure session between the Cloud VPN + gateway and the peer VPN gateway. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + targetVPNGatewayRef: + description: |- + The ComputeTargetVPNGateway with which this VPN tunnel is + associated. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetVPNGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + vpnGatewayInterface: + description: Immutable. The interface ID of the VPN gateway with which + this VPN tunnel is associated. + type: integer + vpnGatewayRef: + description: |- + The ComputeVPNGateway with which this VPN tunnel is associated. + This must be used if a High Availability VPN gateway resource is + created. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + - sharedSecret + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + detailedStatus: + description: Detailed status message for the VPN tunnel. + type: string + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + sharedSecretHash: + description: Hash of the shared secret. + type: string + tunnelId: + description: The unique identifier for the resource. This identifier + is defined by the server. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + name: configcontrollerinstances.configcontroller.cnrm.cloud.google.com +spec: + group: configcontroller.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ConfigControllerInstance + plural: configcontrollerinstances + shortNames: + - gcpconfigcontrollerinstance + - gcpconfigcontrollerinstances + singular: configcontrollerinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: + description: Immutable. The location for the resource + type: string + managementConfig: + description: Immutable. Configuration of the cluster management + properties: + fullManagementConfig: + description: Immutable. Configuration of the full (Autopilot) + cluster management + properties: + clusterCidrBlock: + description: Immutable. The IP address range for the cluster + pod IPs. Set to blank to have a range chosen with the default + size. Set to /netmask (e.g. /14) to have a range chosen + with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) + from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, + 192.168.0.0/16) to pick a specific range to use. + type: string + clusterNamedRange: + description: Immutable. The name of the existing secondary + range in the cluster's subnetwork to use for pod IP addresses. + Alternatively, cluster_cidr_block can be used to automatically + create a GKE-managed one. + type: string + manBlock: + description: Immutable. Master Authorized Network. Allows + access to the k8s master from this block. + type: string + masterIPv4CidrBlock: + description: Immutable. The /28 network that the masters will + use. + type: string + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Existing VPC Network to put the GKE cluster and nodes in. + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + servicesCidrBlock: + description: Immutable. The IP address range for the cluster + service IPs. Set to blank to have a range chosen with the + default size. Set to /netmask (e.g. /14) to have a range + chosen with a specific netmask. Set to a CIDR notation (e.g. + 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, + 172.16.0.0/12, 192.168.0.0/16) to pick a specific range + to use. + type: string + servicesNamedRange: + description: Immutable. The name of the existing secondary + range in the cluster's subnetwork to use for service ClusterIPs. + Alternatively, services_cidr_block can be used to automatically + create a GKE-managed one. + type: string + type: object + standardManagementConfig: + description: Immutable. Configuration of the standard (GKE) cluster + management + properties: + clusterCidrBlock: + description: Immutable. The IP address range for the cluster + pod IPs. Set to blank to have a range chosen with the default + size. Set to /netmask (e.g. /14) to have a range chosen + with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) + from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, + 192.168.0.0/16) to pick a specific range to use. + type: string + clusterNamedRange: + description: Immutable. The name of the existing secondary + range in the cluster's subnetwork to use for pod IP addresses. + Alternatively, cluster_cidr_block can be used to automatically + create a GKE-managed one. + type: string + manBlock: + description: Immutable. Master Authorized Network. Allows + access to the k8s master from this block. + type: string + masterIPv4CidrBlock: + description: Immutable. The /28 network that the masters will + use. + type: string + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Existing VPC Network to put the GKE cluster and nodes in. + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + servicesCidrBlock: + description: Immutable. The IP address range for the cluster + service IPs. Set to blank to have a range chosen with the + default size. Set to /netmask (e.g. /14) to have a range + chosen with a specific netmask. Set to a CIDR notation (e.g. + 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, + 172.16.0.0/12, 192.168.0.0/16) to pick a specific range + to use. + type: string + servicesNamedRange: + description: Immutable. The name of the existing secondary + range in the cluster's subnetwork to use for service ClusterIPs. + Alternatively, services_cidr_block can be used to automatically + create a GKE-managed one. + type: string + required: + - masterIPv4CidrBlock + type: object + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + usePrivateEndpoint: + description: Immutable. Only allow access to the master's private + endpoint IP. + type: boolean + required: + - location + - managementConfig + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + gkeResourceLink: + description: Output only. KrmApiHost GCP self link used for identifying + the underlying endpoint (GKE cluster currently). + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The current state of the internal state + machine for the KrmApiHost. Possible values: STATE_UNSPECIFIED, + CREATING, RUNNING, DELETING, SUSPENDED, READ_ONLY' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: containeranalysisnotes.containeranalysis.cnrm.cloud.google.com +spec: + group: containeranalysis.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerAnalysisNote + plural: containeranalysisnotes + shortNames: + - gcpcontaineranalysisnote + - gcpcontaineranalysisnotes + singular: containeranalysisnote + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attestation: + description: A note describing an attestation role. + properties: + hint: + description: Hint hints at the purpose of the attestation authority. + properties: + humanReadableName: + description: Required. The human readable name of this attestation + authority, for example "qa". + type: string + required: + - humanReadableName + type: object + type: object + build: + description: A note describing build provenance for a verifiable build. + properties: + builderVersion: + description: Required. Immutable. Version of the builder which + produced this build. + type: string + required: + - builderVersion + type: object + deployment: + description: A note describing something that can be deployed. + properties: + resourceUri: + description: Required. Resource URI for the artifact being deployed. + items: + type: string + type: array + required: + - resourceUri + type: object + discovery: + description: A note describing the initial analysis of a resource. + properties: + analysisKind: + description: 'The kind of analysis that is handled by this discovery. + Possible values: NOTE_KIND_UNSPECIFIED, VULNERABILITY, BUILD, + IMAGE, PACKAGE, DEPLOYMENT, DISCOVERY, ATTESTATION, UPGRADE' + type: string + required: + - analysisKind + type: object + expirationTime: + description: Time of expiration for this note. Empty if note does + not expire. + format: date-time + type: string + image: + description: A note describing a base image. + properties: + fingerprint: + description: Required. Immutable. The fingerprint of the base + image. + properties: + v1Name: + description: Required. The layer ID of the final layer in + the Docker image's v1 representation. + type: string + v2Blob: + description: Required. The ordered list of v2 blobs that represent + a given image. + items: + type: string + type: array + required: + - v1Name + - v2Blob + type: object + resourceUrl: + description: Required. Immutable. The resource_url for the resource + representing the basis of associated occurrence images. + type: string + required: + - fingerprint + - resourceUrl + type: object + longDescription: + description: A detailed description of this note. + type: string + package: + description: Required for non-Windows OS. The package this Upgrade + is for. + properties: + distribution: + description: The various channels by which a package is distributed. + items: + properties: + architecture: + description: 'The CPU architecture for which packages in + this distribution channel were built Possible values: + ARCHITECTURE_UNSPECIFIED, X86, X64' + type: string + cpeUri: + description: The cpe_uri in [cpe format](https://cpe.mitre.org/specification/) + denoting the package manager version distributing a package. + type: string + description: + description: The distribution channel-specific description + of this package. + type: string + latestVersion: + description: The latest available version of this package + in this distribution channel. + properties: + epoch: + description: Used to correct mistakes in the version + numbering scheme. + format: int64 + type: integer + fullName: + description: Human readable version string. This string + is of the form :- and is only set when kind is NORMAL. + type: string + kind: + description: 'Distinguish between sentinel MIN/MAX versions + and normal versions. If kind is not NORMAL, then the + other fields are ignored. Possible values: VERSION_KIND_UNSPECIFIED, + NORMAL, MINIMUM, MAXIMUM' + type: string + name: + description: The main part of the version name. + type: string + revision: + description: The iteration of the package build from + the above version. + type: string + required: + - kind + type: object + maintainer: + description: A freeform string denoting the maintainer of + this package. + type: string + url: + description: The distribution channel-specific homepage + for this package. + type: string + required: + - cpeUri + type: object + type: array + name: + description: The name of the package. + type: string + required: + - name + type: object + relatedNoteNames: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `ContainerAnalysisNote` resource (format: `projects/{{project}}/notes/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + relatedUrl: + description: URLs associated with this note. + items: + properties: + label: + description: Label to describe usage of the URL + type: string + url: + description: Specific URL to associate with the note + type: string + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + shortDescription: + description: A one sentence description of this note. + type: string + vulnerability: + description: A note describing a package vulnerability. + properties: + cvssScore: + description: The CVSS score of this vulnerability. CVSS score + is on a scale of 0 - 10 where 0 indicates low severity and 10 + indicates high severity. + format: double + type: number + cvssV3: + description: The full description of the CVSSv3 for this vulnerability. + properties: + attackComplexity: + description: ' Possible values: ATTACK_COMPLEXITY_UNSPECIFIED, + ATTACK_COMPLEXITY_LOW, ATTACK_COMPLEXITY_HIGH' + type: string + attackVector: + description: 'Base Metrics Represents the intrinsic characteristics + of a vulnerability that are constant over time and across + user environments. Possible values: ATTACK_VECTOR_UNSPECIFIED, + ATTACK_VECTOR_NETWORK, ATTACK_VECTOR_ADJACENT, ATTACK_VECTOR_LOCAL, + ATTACK_VECTOR_PHYSICAL' + type: string + availabilityImpact: + description: ' Possible values: IMPACT_UNSPECIFIED, IMPACT_HIGH, + IMPACT_LOW, IMPACT_NONE' + type: string + baseScore: + description: The base score is a function of the base metric + scores. + format: double + type: number + confidentialityImpact: + description: ' Possible values: IMPACT_UNSPECIFIED, IMPACT_HIGH, + IMPACT_LOW, IMPACT_NONE' + type: string + exploitabilityScore: + format: double + type: number + impactScore: + format: double + type: number + integrityImpact: + description: ' Possible values: IMPACT_UNSPECIFIED, IMPACT_HIGH, + IMPACT_LOW, IMPACT_NONE' + type: string + privilegesRequired: + description: ' Possible values: PRIVILEGES_REQUIRED_UNSPECIFIED, + PRIVILEGES_REQUIRED_NONE, PRIVILEGES_REQUIRED_LOW, PRIVILEGES_REQUIRED_HIGH' + type: string + scope: + description: ' Possible values: SCOPE_UNSPECIFIED, SCOPE_UNCHANGED, + SCOPE_CHANGED' + type: string + userInteraction: + description: ' Possible values: USER_INTERACTION_UNSPECIFIED, + USER_INTERACTION_NONE, USER_INTERACTION_REQUIRED' + type: string + type: object + details: + description: Details of all known distros and packages affected + by this vulnerability. + items: + properties: + affectedCpeUri: + description: Required. The (https://cpe.mitre.org/specification/) + this vulnerability affects. + type: string + affectedPackage: + description: Required. The package this vulnerability affects. + type: string + affectedVersionEnd: + description: 'The version number at the end of an interval + in which this vulnerability exists. A vulnerability can + affect a package between version numbers that are disjoint + sets of intervals (example: ) each of which will be represented + in its own Detail. If a specific affected version is provided + by a vulnerability database, affected_version_start and + affected_version_end will be the same in that Detail.' + properties: + epoch: + description: Used to correct mistakes in the version + numbering scheme. + format: int64 + type: integer + fullName: + description: Human readable version string. This string + is of the form :- and is only set when kind is NORMAL. + type: string + kind: + description: 'Required. Distinguishes between sentinel + MIN/MAX versions and normal versions. Possible values: + NOTE_KIND_UNSPECIFIED, VULNERABILITY, BUILD, IMAGE, + PACKAGE, DEPLOYMENT, DISCOVERY, ATTESTATION, UPGRADE' + type: string + name: + description: Required only when version kind is NORMAL. + The main part of the version name. + type: string + revision: + description: The iteration of the package build from + the above version. + type: string + required: + - kind + type: object + affectedVersionStart: + description: 'The version number at the start of an interval + in which this vulnerability exists. A vulnerability can + affect a package between version numbers that are disjoint + sets of intervals (example: ) each of which will be represented + in its own Detail. If a specific affected version is provided + by a vulnerability database, affected_version_start and + affected_version_end will be the same in that Detail.' + properties: + epoch: + description: Used to correct mistakes in the version + numbering scheme. + format: int64 + type: integer + fullName: + description: Human readable version string. This string + is of the form :- and is only set when kind is NORMAL. + type: string + kind: + description: 'Required. Distinguishes between sentinel + MIN/MAX versions and normal versions. Possible values: + NOTE_KIND_UNSPECIFIED, VULNERABILITY, BUILD, IMAGE, + PACKAGE, DEPLOYMENT, DISCOVERY, ATTESTATION, UPGRADE' + type: string + name: + description: Required only when version kind is NORMAL. + The main part of the version name. + type: string + revision: + description: The iteration of the package build from + the above version. + type: string + required: + - kind + type: object + description: + description: A vendor-specific description of this vulnerability. + type: string + fixedCpeUri: + description: The distro recommended (https://cpe.mitre.org/specification/) + to update to that contains a fix for this vulnerability. + It is possible for this to be different from the affected_cpe_uri. + type: string + fixedPackage: + description: The distro recommended package to update to + that contains a fix for this vulnerability. It is possible + for this to be different from the affected_package. + type: string + fixedVersion: + description: The distro recommended version to update to + that contains a fix for this vulnerability. Setting this + to VersionKind.MAXIMUM means no such version is yet available. + properties: + epoch: + description: Used to correct mistakes in the version + numbering scheme. + format: int64 + type: integer + fullName: + description: Human readable version string. This string + is of the form :- and is only set when kind is NORMAL. + type: string + kind: + description: 'Required. Distinguishes between sentinel + MIN/MAX versions and normal versions. Possible values: + NOTE_KIND_UNSPECIFIED, VULNERABILITY, BUILD, IMAGE, + PACKAGE, DEPLOYMENT, DISCOVERY, ATTESTATION, UPGRADE' + type: string + name: + description: Required only when version kind is NORMAL. + The main part of the version name. + type: string + revision: + description: The iteration of the package build from + the above version. + type: string + required: + - kind + type: object + isObsolete: + description: Whether this detail is obsolete. Occurrences + are expected not to point to obsolete details. + type: boolean + packageType: + description: The type of package; whether native or non + native (e.g., ruby gems, node.js packages, etc.). + type: string + severityName: + description: The distro assigned severity of this vulnerability. + type: string + sourceUpdateTime: + description: The time this information was last changed + at the source. This is an upstream timestamp from the + underlying information source - e.g. Ubuntu security tracker. + format: date-time + type: string + required: + - affectedCpeUri + - affectedPackage + type: object + type: array + severity: + description: 'The note provider assigned severity of this vulnerability. + Possible values: SEVERITY_UNSPECIFIED, MINIMAL, LOW, MEDIUM, + HIGH, CRITICAL' + type: string + sourceUpdateTime: + description: The time this information was last changed at the + source. This is an upstream timestamp from the underlying information + source - e.g. Ubuntu security tracker. + format: date-time + type: string + windowsDetails: + description: Windows details get their own format because the + information format and model don't match a normal detail. Specifically + Windows updates are done as patches, thus Windows vulnerabilities + really are a missing package, rather than a package being at + an incorrect version. + items: + properties: + cpeUri: + description: Required. The (https://cpe.mitre.org/specification/) + this vulnerability affects. + type: string + description: + description: The description of this vulnerability. + type: string + fixingKbs: + description: Required. The names of the KBs which have hotfixes + to mitigate this vulnerability. Note that there may be + multiple hotfixes (and thus multiple KBs) that mitigate + a given vulnerability. Currently any listed KBs presence + is considered a fix. + items: + properties: + name: + description: The KB name (generally of the form KB+ + (e.g., KB123456)). + type: string + url: + description: A link to the KB in the (https://www.catalog.update.microsoft.com/). + type: string + type: object + type: array + name: + description: Required. The name of this vulnerability. + type: string + required: + - cpeUri + - fixingKbs + - name + type: object + type: array + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time this note was created. This field + can be used as a filter in list requests. + format: date-time + type: string + image: + properties: + fingerprint: + properties: + v2Name: + description: 'Output only. The name of the image''s v2 blobs + computed via: ) Only the name of the final blob is kept.' + type: string + type: object + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The time this note was last updated. This + field can be used as a filter in list requests. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: containeranalysisoccurrences.containeranalysis.cnrm.cloud.google.com +spec: + group: containeranalysis.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerAnalysisOccurrence + plural: containeranalysisoccurrences + shortNames: + - gcpcontaineranalysisoccurrence + - gcpcontaineranalysisoccurrences + singular: containeranalysisoccurrence + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attestation: + description: |- + Occurrence that represents a single "attestation". The authenticity + of an attestation can be verified using the attached signature. + If the verifier trusts the public key of the signer, then verifying + the signature is sufficient to establish trust. In this circumstance, + the authority to which this attestation is attached is primarily + useful for lookup (how to find this attestation if you already + know the authority and artifact to be verified) and intent (for + which authority this attestation was intended to sign. + properties: + serializedPayload: + description: |- + The serialized payload that is verified by one or + more signatures. A base64-encoded string. + type: string + signatures: + description: |- + One or more signatures over serializedPayload. + Verifier implementations should consider this attestation + message verified if at least one signature verifies + serializedPayload. See Signature in common.proto for more + details on signature structure and verification. + items: + properties: + publicKeyId: + description: |- + The identifier for the public key that verifies this + signature. MUST be an RFC3986 conformant + URI. * When possible, the key id should be an + immutable reference, such as a cryptographic digest. + Examples of valid values: + + * OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr + for more details on this scheme. + * 'openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA' + * RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization): + * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU". + type: string + signature: + description: |- + The content of the signature, an opaque bytestring. + The payload that this signature verifies MUST be + unambiguously provided with the Signature during + verification. A wrapper message might provide the + payload explicitly. Alternatively, a message might + have a canonical serialization that can always be + unambiguously computed to derive the payload. + type: string + required: + - publicKeyId + type: object + type: array + required: + - serializedPayload + - signatures + type: object + noteName: + description: |- + Immutable. The analysis note associated with this occurrence, in the form of + projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a + filter in list requests. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + remediation: + description: A description of actions that can be taken to remedy + the note. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + resourceUri: + description: |- + Immutable. Required. Immutable. A URI that represents the resource for which + the occurrence applies. For example, + https://gcr.io/project/image@sha256:123abc for a Docker image. + type: string + required: + - attestation + - noteName + - projectRef + - resourceUri + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the repository was created. + type: string + kind: + description: |- + The note kind which explicitly denotes which of the occurrence + details are specified. This field can be used as a filter in list + requests. + type: string + name: + description: The name of the occurrence. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: The time when the repository was last updated. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: containerattachedclusters.containerattached.cnrm.cloud.google.com +spec: + group: containerattached.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerAttachedCluster + listKind: ContainerAttachedClusterList + plural: containerattachedclusters + shortNames: + - gcpcontainerattachedcluster + - gcpcontainerattachedclusters + singular: containerattachedcluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: ContainerAttachedCluster is the Schema for the ContainerAttachedCluster + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ContainerAttachedClusterSpec defines the desired state of + ContainerAttachedCluster + properties: + annotations: + additionalProperties: + type: string + description: |- + Optional. Annotations on the cluster. + + This field has the same restrictions as Kubernetes annotations. + The total size of all keys and values combined is limited to 256k. + Key can have 2 segments: prefix (optional) and name (required), + separated by a slash (/). + Prefix must be a DNS subdomain. + Name must be 63 characters or less, begin and end with alphanumerics, + with dashes (-), underscores (_), dots (.), and alphanumerics between. + type: object + authorization: + description: Optional. Configuration related to the cluster RBAC settings. + properties: + adminUsers: + description: |- + Optional. Users that can perform operations as a cluster admin. A managed + ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole + to the users. Up to ten admin users can be provided. + + For more info on RBAC, see + https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + items: + type: string + type: array + type: object + binaryAuthorization: + description: Optional. Binary Authorization configuration for this + cluster. + properties: + evaluationMode: + description: 'Mode of operation for binauthz policy evaluation. + If unspecified, defaults to DISABLED. Possible values: ["DISABLED", + "PROJECT_SINGLETON_POLICY_ENFORCE"].' + type: string + type: object + deletionPolicy: + description: Optional. Policy to determine what flags to send on delete. + type: string + description: + description: Optional. A human readable description of this Attached + cluster. Cannot be longer than 255 UTF-8 encoded bytes. + type: string + distribution: + description: |- + Immutable. The Kubernetes distribution of the underlying attached cluster. + + Supported values: ["eks", "aks", "generic"]. + type: string + x-kubernetes-validations: + - message: Distribution field is immutable + rule: self == oldSelf + fleet: + description: Required. Fleet configuration. + properties: + membership: + description: |- + Output only. The name of the managed Hub Membership resource associated to + this cluster. + + Membership names are formatted as + `projects//locations/global/membership/`. + type: string + projectRef: + description: The id of the Fleet host project where this cluster + will be registered. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'The project of the fleet. Allowed value: The + Google Cloud resource name of a `Project` resource (format: + `projects/{{name}}`).' + type: string + name: + description: 'Name of the project resource. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the project resource. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + type: object + location: + description: Immutable. The location for the resource. + type: string + x-kubernetes-validations: + - message: Location field is immutable + rule: self == oldSelf + loggingConfig: + description: Optional. Logging configuration for this cluster. + properties: + componentConfig: + description: The configuration of the logging components; + properties: + enableComponents: + description: 'The components to be enabled. Possible values: + ["SYSTEM_COMPONENTS", "WORKLOADS"].' + items: + type: string + type: array + type: object + type: object + monitoringConfig: + description: Optional. Monitoring configuration for this cluster. + properties: + managedPrometheusConfig: + description: Enable Google Cloud Managed Service for Prometheus + in the cluster. + properties: + enabled: + description: Enable Managed Collection. + type: boolean + type: object + type: object + oidcConfig: + description: "Required. OpenID Connect (OIDC) discovery information + of the target cluster.\n\nKubernetes Service Account (KSA) tokens + are JWT tokens signed by the cluster\nAPI server. This field indicates + how GCP services\tvalidate KSA tokens in order\nto allow system + workloads (such as GKE Connect and telemetry agents) to\nauthenticate + back to GCP.\n\nBoth clusters with public and private issuer URLs + are supported.\nClusters with public issuers only need to specify + the 'issuerUrl' field\nwhile clusters with private issuers need + to provide both 'issuerUrl' and 'jwks'." + properties: + issuerUrl: + description: Immutable. A JSON Web Token (JWT) issuer URI. `issuer` + must start with `https://`. + type: string + x-kubernetes-validations: + - message: IssuerURL field is immutable + rule: self == oldSelf + jwks: + description: |- + Immutable, Optional. OIDC verification keys in JWKS format (RFC 7517). + It contains a list of OIDC verification keys that can be used to verify + OIDC JWTs. + + This field is required for cluster that doesn't have a publicly available + discovery endpoint. When provided, it will be directly used + to verify the OIDC JWT asserted by the IDP. + format: byte + type: string + x-kubernetes-validations: + - message: Jwks field is immutable + rule: self == oldSelf + required: + - issuerUrl + type: object + x-kubernetes-validations: + - message: OidcConfig field is immutable + rule: self == oldSelf + platformVersion: + description: Required. The platform version for the cluster (e.g. + `1.30.0-gke.1`). + type: string + projectRef: + description: The ID of the project in which the resource belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: Immutable, Optional. The ContainerAttachedCluster name. + If not given, the metadata.name will be used. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + required: + - distribution + - fleet + - location + - oidcConfig + - platformVersion + - projectRef + type: object + status: + description: ContainerAttachedClusterStatus defines the config connector + machine state of ContainerAttachedCluster + properties: + clusterRegion: + description: |- + The region where this cluster runs. + + For EKS clusters, this is an AWS region. For AKS clusters, + this is an Azure region. + type: string + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time at which this cluster was registered. + type: string + errors: + description: A set of errors found in the cluster. + items: + properties: + message: + description: Human-friendly description of the error. + type: string + type: object + type: array + kubernetesVersion: + description: The Kubernetes version of the cluster. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + fleetMembership: + description: |- + Output only. The name of the managed Hub Membership resource associated to + this cluster. + + Membership names are formatted as + `projects//locations/global/membership/`. + This field mirrors the Spec.Fleet.Membership field. + type: string + type: object + reconciling: + description: If set, there are currently changes in flight to the + cluster. + type: boolean + state: + description: "The current state of the cluster. Possible values:\tSTATE_UNSPECIFIED, + PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR,\tDEGRADED." + type: string + uid: + description: A globally unique identifier for the cluster. + type: string + updateTime: + description: The time at which this cluster was last updated. + type: string + workloadIdentityConfig: + description: Workload Identity settings. + items: + properties: + identityProvider: + description: The ID of the OIDC Identity Provider (IdP) associated + to the Workload Identity Pool. + type: string + issuerUri: + description: The OIDC issuer URL for this cluster. + type: string + workloadPool: + description: The Workload Identity Pool associated to the cluster. + type: string + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: containerclusters.container.cnrm.cloud.google.com +spec: + group: container.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerCluster + plural: containerclusters + shortNames: + - gcpcontainercluster + - gcpcontainerclusters + singular: containercluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addonsConfig: + description: The configuration for addons supported by GKE. + properties: + cloudrunConfig: + description: The status of the CloudRun addon. It is disabled + by default. Set disabled = false to enable. + properties: + disabled: + type: boolean + loadBalancerType: + type: string + required: + - disabled + type: object + configConnectorConfig: + description: The of the Config Connector addon. + properties: + enabled: + type: boolean + required: + - enabled + type: object + dnsCacheConfig: + description: The status of the NodeLocal DNSCache addon. It is + disabled by default. Set enabled = true to enable. + properties: + enabled: + type: boolean + required: + - enabled + type: object + gcePersistentDiskCsiDriverConfig: + description: 'Whether this cluster should enable the Google Compute + Engine Persistent Disk Container Storage Interface (CSI) Driver. + Set enabled = true to enable. The Compute Engine persistent + disk CSI Driver is enabled by default on newly created clusters + for the following versions: Linux clusters: GKE version 1.18.10-gke.2100 + or later, or 1.19.3-gke.2100 or later.' + properties: + enabled: + type: boolean + required: + - enabled + type: object + gcpFilestoreCsiDriverConfig: + description: The status of the Filestore CSI driver addon, which + allows the usage of filestore instance as volumes. Defaults + to disabled; set enabled = true to enable. + properties: + enabled: + type: boolean + required: + - enabled + type: object + gcsFuseCsiDriverConfig: + description: The status of the GCS Fuse CSI driver addon, which + allows the usage of gcs bucket as volumes. Defaults to disabled; + set enabled = true to enable. + properties: + enabled: + type: boolean + required: + - enabled + type: object + gkeBackupAgentConfig: + description: The status of the Backup for GKE Agent addon. It + is disabled by default. Set enabled = true to enable. + properties: + enabled: + type: boolean + required: + - enabled + type: object + horizontalPodAutoscaling: + description: The status of the Horizontal Pod Autoscaling addon, + which increases or decreases the number of replica pods a replication + controller has based on the resource usage of the existing pods. + It ensures that a Heapster pod is running in the cluster, which + is also used by the Cloud Monitoring service. It is enabled + by default; set disabled = true to disable. + properties: + disabled: + type: boolean + required: + - disabled + type: object + httpLoadBalancing: + description: The status of the HTTP (L7) load balancing controller + addon, which makes it easy to set up HTTP load balancers for + services in a cluster. It is enabled by default; set disabled + = true to disable. + properties: + disabled: + type: boolean + required: + - disabled + type: object + istioConfig: + description: The status of the Istio addon. + properties: + auth: + description: The authentication type between services in Istio. + Available options include AUTH_MUTUAL_TLS. + type: string + disabled: + description: The status of the Istio addon, which makes it + easy to set up Istio for services in a cluster. It is disabled + by default. Set disabled = false to enable. + type: boolean + required: + - disabled + type: object + kalmConfig: + description: Configuration for the KALM addon, which manages the + lifecycle of k8s. It is disabled by default; Set enabled = true + to enable. + properties: + enabled: + type: boolean + required: + - enabled + type: object + networkPolicyConfig: + description: Whether we should enable the network policy addon + for the master. This must be enabled in order to enable network + policy for the nodes. To enable this, you must also define a + network_policy block, otherwise nothing will happen. It can + only be disabled if the nodes already do not have network policies + enabled. Defaults to disabled; set disabled = false to enable. + properties: + disabled: + type: boolean + required: + - disabled + type: object + type: object + allowNetAdmin: + description: Enable NET_ADMIN for this cluster. + type: boolean + authenticatorGroupsConfig: + description: Configuration for the Google Groups for GKE feature. + properties: + securityGroup: + description: The name of the RBAC security group for use with + Google security groups in Kubernetes RBAC. Group name must be + in format gke-security-groups@yourdomain.com. + type: string + required: + - securityGroup + type: object + binaryAuthorization: + description: Configuration options for the Binary Authorization feature. + properties: + enabled: + description: DEPRECATED. Deprecated in favor of evaluation_mode. + Enable Binary Authorization for this cluster. + type: boolean + evaluationMode: + description: Mode of operation for Binary Authorization policy + evaluation. + type: string + type: object + clusterAutoscaling: + description: Per-cluster configuration of Node Auto-Provisioning with + Cluster Autoscaler to automatically adjust the size of the cluster + and create/delete node pools based on the current needs of the cluster's + workload. See the guide to using Node Auto-Provisioning for more + details. + properties: + autoProvisioningDefaults: + description: Contains defaults for a node pool created by NAP. + properties: + bootDiskKMSKeyRef: + description: |- + Immutable. The Customer Managed Encryption Key used to encrypt the + boot disk attached to each node in the node pool. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + diskSize: + description: Size of the disk attached to each node, specified + in GB. The smallest allowed disk size is 10GB. + type: integer + imageType: + description: The default image type used by NAP once a new + node pool is being created. + type: string + management: + description: NodeManagement configuration for this NodePool. + properties: + autoRepair: + description: Specifies whether the node auto-repair is + enabled for the node pool. If enabled, the nodes in + this node pool will be monitored and, if they fail health + checks too many times, an automatic repair action will + be triggered. + type: boolean + autoUpgrade: + description: Specifies whether node auto-upgrade is enabled + for the node pool. If enabled, node auto-upgrade helps + keep the nodes in your node pool up to date with the + latest release version of Kubernetes. + type: boolean + upgradeOptions: + description: Specifies the Auto Upgrade knobs for the + node pool. + items: + properties: + autoUpgradeStartTime: + description: This field is set when upgrades are + about to commence with the approximate start time + for the upgrades, in RFC3339 text format. + type: string + description: + description: This field is set when upgrades are + about to commence with the description of the + upgrade. + type: string + type: object + type: array + type: object + minCpuPlatform: + description: Minimum CPU platform to be used by this instance. + The instance may be scheduled on the specified or newer + CPU platform. Applicable values are the friendly names of + CPU platforms, such as Intel Haswell. + type: string + oauthScopes: + description: Scopes that are used by NAP when creating node + pools. + items: + type: string + type: array + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + shieldedInstanceConfig: + description: Shielded Instance options. + properties: + enableIntegrityMonitoring: + description: Defines whether the instance has integrity + monitoring enabled. + type: boolean + enableSecureBoot: + description: Defines whether the instance has Secure Boot + enabled. + type: boolean + type: object + upgradeSettings: + description: Specifies the upgrade settings for NAP created + node pools. + properties: + blueGreenSettings: + description: Settings for blue-green upgrade strategy. + properties: + nodePoolSoakDuration: + description: "Time needed after draining entire blue + pool. After this period, blue pool will be cleaned + up.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA duration + in seconds with up to nine fractional digits, ending + with 's'. Example: \"3.5s\"." + type: string + standardRolloutPolicy: + description: Standard policy for the blue-green upgrade. + properties: + batchNodeCount: + description: Number of blue nodes to drain in + a batch. + type: integer + batchPercentage: + description: Percentage of the bool pool nodes + to drain in a batch. The range of this field + should be (0.0, 1.0]. + type: number + batchSoakDuration: + description: "Soak time after each batch gets + drained.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA + duration in seconds with up to nine fractional + digits, ending with 's'. Example: \"3.5s\"." + type: string + type: object + type: object + maxSurge: + description: The maximum number of nodes that can be created + beyond the current size of the node pool during the + upgrade process. + type: integer + maxUnavailable: + description: The maximum number of nodes that can be simultaneously + unavailable during the upgrade process. + type: integer + strategy: + description: Update strategy of the node pool. + type: string + type: object + type: object + autoscalingProfile: + description: Configuration options for the Autoscaling profile + feature, which lets you choose whether the cluster autoscaler + should optimize for resource utilization or resource availability + when deciding to remove nodes from a cluster. Can be BALANCED + or OPTIMIZE_UTILIZATION. Defaults to BALANCED. + type: string + enabled: + description: Whether node auto-provisioning is enabled. Resource + limits for cpu and memory must be defined to enable node auto-provisioning. + type: boolean + resourceLimits: + description: Global constraints for machine resources in the cluster. + Configuring the cpu and memory types is required if node auto-provisioning + is enabled. These limits will apply to node pool autoscaling + in addition to node auto-provisioning. + items: + properties: + maximum: + description: Maximum amount of the resource in the cluster. + type: integer + minimum: + description: Minimum amount of the resource in the cluster. + type: integer + resourceType: + description: The type of the resource. For example, cpu + and memory. See the guide to using Node Auto-Provisioning + for a list of types. + type: string + required: + - resourceType + type: object + type: array + type: object + clusterIpv4Cidr: + description: Immutable. The IP address range of the Kubernetes pods + in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank + to have one automatically chosen or specify a /14 block in 10.0.0.0/8. + This field will only work for routes-based clusters, where ip_allocation_policy + is not defined. + type: string + clusterTelemetry: + description: Telemetry integration for the cluster. + properties: + type: + description: Type of the integration. + type: string + required: + - type + type: object + confidentialNodes: + description: 'Immutable. Configuration for the confidential nodes + feature, which makes nodes run on confidential VMs. Warning: This + configuration can''t be changed (or added/removed) after cluster + creation without deleting and recreating the entire cluster.' + properties: + enabled: + description: Immutable. Whether Confidential Nodes feature is + enabled for all nodes in this cluster. + type: boolean + required: + - enabled + type: object + costManagementConfig: + description: Cost management configuration for the cluster. + properties: + enabled: + description: Whether to enable GKE cost allocation. When you enable + GKE cost allocation, the cluster name and namespace of your + GKE workloads appear in the labels field of the billing export + to BigQuery. Defaults to false. + type: boolean + required: + - enabled + type: object + databaseEncryption: + description: 'Application-layer Secrets Encryption settings. The object + format is {state = string, key_name = string}. Valid values of state + are: "ENCRYPTED"; "DECRYPTED". key_name is the name of a CloudKMS + key.' + properties: + keyName: + description: The key to use to encrypt/decrypt secrets. + type: string + state: + description: ENCRYPTED or DECRYPTED. + type: string + required: + - state + type: object + datapathProvider: + description: Immutable. The desired datapath provider for this cluster. + By default, uses the IPTables-based kube-proxy implementation. + type: string + defaultMaxPodsPerNode: + description: Immutable. The default maximum number of pods per node + in this cluster. This doesn't work on "routes-based" clusters, clusters + that don't have IP Aliasing enabled. + type: integer + defaultSnatStatus: + description: Whether the cluster disables default in-node sNAT rules. + In-node sNAT rules will be disabled when defaultSnatStatus is disabled. + properties: + disabled: + description: When disabled is set to false, default IP masquerade + rules will be applied to the nodes to prevent sNAT on cluster + internal traffic. + type: boolean + required: + - disabled + type: object + description: + description: Immutable. Description of the cluster. + type: string + dnsConfig: + description: Immutable. Configuration for Cloud DNS for Kubernetes + Engine. + properties: + clusterDns: + description: Which in-cluster DNS provider should be used. + type: string + clusterDnsDomain: + description: The suffix used for all cluster service records. + type: string + clusterDnsScope: + description: The scope of access to cluster DNS records. + type: string + type: object + enableAutopilot: + description: Immutable. Enable Autopilot for this cluster. + type: boolean + enableBinaryAuthorization: + description: DEPRECATED. Deprecated in favor of binary_authorization. + Enable Binary Authorization for this cluster. If enabled, all container + images will be validated by Google Binary Authorization. + type: boolean + enableFqdnNetworkPolicy: + description: Whether FQDN Network Policy is enabled on this cluster. + type: boolean + enableIntranodeVisibility: + description: Whether Intra-node visibility is enabled for this cluster. + This makes same node pod to pod traffic visible for VPC network. + type: boolean + enableK8sBetaApis: + description: Configuration for Kubernetes Beta APIs. + properties: + enabledApis: + description: Enabled Kubernetes Beta APIs. + items: + type: string + type: array + required: + - enabledApis + type: object + enableKubernetesAlpha: + description: Immutable. Whether to enable Kubernetes Alpha features + for this cluster. Note that when this option is enabled, the cluster + cannot be upgraded and will be automatically deleted after 30 days. + type: boolean + enableL4IlbSubsetting: + description: Whether L4ILB Subsetting is enabled for this cluster. + type: boolean + enableLegacyAbac: + description: Whether the ABAC authorizer is enabled for this cluster. + When enabled, identities in the system, including service accounts, + nodes, and controllers, will have statically granted permissions + beyond those provided by the RBAC configuration or IAM. Defaults + to false. + type: boolean + enableMultiNetworking: + description: Immutable. Whether multi-networking is enabled for this + cluster. + type: boolean + enableShieldedNodes: + description: Enable Shielded Nodes features on all nodes in this cluster. + Defaults to true. + type: boolean + enableTpu: + description: Immutable. Whether to enable Cloud TPU resources in this + cluster. + type: boolean + gatewayApiConfig: + description: Configuration for GKE Gateway API controller. + properties: + channel: + description: The Gateway API release channel to use for Gateway + API. + type: string + required: + - channel + type: object + identityServiceConfig: + description: Configuration for Identity Service which allows customers + to use external identity providers with the K8S API. + properties: + enabled: + description: Whether to enable the Identity Service component. + type: boolean + type: object + initialNodeCount: + description: Immutable. The number of nodes to create in this cluster's + default node pool. In regional or multi-zonal clusters, this is + the number of nodes per zone. Must be set if node_pool is not set. + If you're using google_container_node_pool objects with no default + node pool, you'll need to set this to a value of at least 1, alongside + setting remove_default_node_pool to true. + type: integer + ipAllocationPolicy: + description: Immutable. Configuration of cluster IP allocation for + VPC-native clusters. Adding this block enables IP aliasing, making + the cluster VPC-native instead of routes-based. + properties: + additionalPodRangesConfig: + description: AdditionalPodRangesConfig is the configuration for + additional pod secondary ranges supporting the ClusterUpdate + message. + properties: + podRangeNames: + description: Name for pod secondary ipv4 range which has the + actual range defined ahead. + items: + type: string + type: array + required: + - podRangeNames + type: object + clusterIpv4CidrBlock: + description: Immutable. The IP address range for the cluster pod + IPs. Set to blank to have a range chosen with the default size. + Set to /netmask (e.g. /14) to have a range chosen with a specific + netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the + RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) + to pick a specific range to use. + type: string + clusterSecondaryRangeName: + description: Immutable. The name of the existing secondary range + in the cluster's subnetwork to use for pod IP addresses. Alternatively, + cluster_ipv4_cidr_block can be used to automatically create + a GKE-managed one. + type: string + podCidrOverprovisionConfig: + description: Immutable. Configuration for cluster level pod cidr + overprovision. Default is disabled=false. + properties: + disabled: + type: boolean + required: + - disabled + type: object + servicesIpv4CidrBlock: + description: Immutable. The IP address range of the services IPs + in this cluster. Set to blank to have a range chosen with the + default size. Set to /netmask (e.g. /14) to have a range chosen + with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) + from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, + 192.168.0.0/16) to pick a specific range to use. + type: string + servicesSecondaryRangeName: + description: Immutable. The name of the existing secondary range + in the cluster's subnetwork to use for service ClusterIPs. Alternatively, + services_ipv4_cidr_block can be used to automatically create + a GKE-managed one. + type: string + stackType: + description: Immutable. The IP Stack type of the cluster. Choose + between IPV4 and IPV4_IPV6. Default type is IPV4 Only if not + set. + type: string + type: object + location: + description: Immutable. The location (region or zone) in which the + cluster master will be created, as well as the default node location. + If you specify a zone (such as us-central1-a), the cluster will + be a zonal cluster with a single cluster master. If you specify + a region (such as us-west1), the cluster will be a regional cluster + with multiple masters spread across zones in the region, and with + default node locations in those zones as well. + type: string + loggingConfig: + description: Logging configuration for the cluster. + properties: + enableComponents: + description: GKE components exposing logs. Valid values include + SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, + and WORKLOADS. + items: + type: string + type: array + required: + - enableComponents + type: object + loggingService: + description: The logging service that the cluster should write logs + to. Available options include logging.googleapis.com(Legacy Stackdriver), + logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine + Logging), and none. Defaults to logging.googleapis.com/kubernetes. + type: string + maintenancePolicy: + description: The maintenance policy to use for the cluster. + properties: + dailyMaintenanceWindow: + description: 'Time window specified for daily maintenance operations. + Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] + and MM : [00-59] GMT.' + properties: + duration: + type: string + startTime: + type: string + required: + - startTime + type: object + maintenanceExclusion: + description: Exceptions to maintenance window. Non-emergency maintenance + should not occur in these windows. + items: + properties: + endTime: + type: string + exclusionName: + type: string + exclusionOptions: + description: Maintenance exclusion related options. + properties: + scope: + description: The scope of automatic upgrades to restrict + in the exclusion window. + type: string + required: + - scope + type: object + startTime: + type: string + required: + - endTime + - exclusionName + - startTime + type: object + type: array + recurringWindow: + description: Time window for recurring maintenance operations. + properties: + endTime: + type: string + recurrence: + type: string + startTime: + type: string + required: + - endTime + - recurrence + - startTime + type: object + type: object + masterAuth: + description: DEPRECATED. Basic authentication was removed for GKE + cluster versions >= 1.19. The authentication information for accessing + the Kubernetes master. Some values in this block are only returned + by the API if your service account has permission to get credentials + for your GKE cluster. If you see an unexpected diff unsetting your + client cert, ensure you have the container.clusters.getCredentials + permission. + properties: + clientCertificate: + description: Base64 encoded public certificate used by clients + to authenticate to the cluster endpoint. + type: string + clientCertificateConfig: + description: Immutable. Whether client certificate authorization + is enabled for this cluster. + properties: + issueClientCertificate: + description: Immutable. Whether client certificate authorization + is enabled for this cluster. + type: boolean + required: + - issueClientCertificate + type: object + clientKey: + description: Base64 encoded private key used by clients to authenticate + to the cluster endpoint. + type: string + clusterCaCertificate: + description: Base64 encoded public certificate that is the root + of trust for the cluster. + type: string + password: + description: The password to use for HTTP basic authentication + when accessing the Kubernetes master endpoint. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + description: The username to use for HTTP basic authentication + when accessing the Kubernetes master endpoint. If not present + basic auth will be disabled. + type: string + type: object + masterAuthorizedNetworksConfig: + description: The desired configuration options for master authorized + networks. Omit the nested cidr_blocks attribute to disallow external + access (except the cluster node IPs, which GKE automatically whitelists). + properties: + cidrBlocks: + description: External networks that can access the Kubernetes + cluster master through HTTPS. + items: + properties: + cidrBlock: + description: External network that can access Kubernetes + master through HTTPS. Must be specified in CIDR notation. + type: string + displayName: + description: Field for users to identify CIDR blocks. + type: string + required: + - cidrBlock + type: object + type: array + gcpPublicCidrsAccessEnabled: + description: Whether master is accessbile via Google Compute Engine + Public IP addresses. + type: boolean + type: object + meshCertificates: + description: If set, and enable_certificates=true, the GKE Workload + Identity Certificates controller and node agent will be deployed + in the cluster. + properties: + enableCertificates: + description: When enabled the GKE Workload Identity Certificates + controller and node agent will be deployed in the cluster. + type: boolean + required: + - enableCertificates + type: object + minMasterVersion: + description: The minimum version of the master. GKE will auto-update + the master to new versions, so this does not guarantee the current + master version--use the read-only master_version field to obtain + that. If unset, the cluster's version will be set by GKE to the + version of the most recent official release (which is not necessarily + the latest version). + type: string + monitoringConfig: + description: Monitoring configuration for the cluster. + properties: + advancedDatapathObservabilityConfig: + description: Configuration of Advanced Datapath Observability + features. + items: + properties: + enableMetrics: + description: Whether or not the advanced datapath metrics + are enabled. + type: boolean + relayMode: + description: Mode used to make Relay available. + type: string + required: + - enableMetrics + type: object + type: array + enableComponents: + description: GKE components exposing metrics. Valid values include + SYSTEM_COMPONENTS, APISERVER, SCHEDULER, CONTROLLER_MANAGER, + STORAGE, HPA, POD, DAEMONSET, DEPLOYMENT, STATEFULSET and WORKLOADS. + items: + type: string + type: array + managedPrometheus: + description: Configuration for Google Cloud Managed Services for + Prometheus. + properties: + enabled: + description: Whether or not the managed collection is enabled. + type: boolean + required: + - enabled + type: object + type: object + monitoringService: + description: The monitoring service that the cluster should write + metrics to. Automatically send metrics from pods in the cluster + to the Google Cloud Monitoring API. VM metrics will be collected + by Google Compute Engine regardless of this setting Available options + include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver + Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes. + type: string + networkPolicy: + description: Configuration options for the NetworkPolicy feature. + properties: + enabled: + description: Whether network policy is enabled on the cluster. + type: boolean + provider: + description: The selected network policy provider. Defaults to + PROVIDER_UNSPECIFIED. + type: string + required: + - enabled + type: object + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkingMode: + description: Immutable. Determines whether alias IPs or routes will + be used for pod IPs in the cluster. + type: string + nodeConfig: + description: Immutable. The configuration of the nodepool. + properties: + advancedMachineFeatures: + description: Immutable. Specifies options for controlling advanced + machine features. + properties: + threadsPerCore: + description: Immutable. The number of threads per physical + core. To disable simultaneous multithreading (SMT) set this + to 1. If unset, the maximum number of threads supported + per core by the underlying processor is assumed. + type: integer + required: + - threadsPerCore + type: object + bootDiskKMSCryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + confidentialNodes: + description: 'Immutable. Configuration for the confidential nodes + feature, which makes nodes run on confidential VMs. Warning: + This configuration can''t be changed (or added/removed) after + pool creation without deleting and recreating the entire pool.' + properties: + enabled: + description: Immutable. Whether Confidential Nodes feature + is enabled for all nodes in this pool. + type: boolean + required: + - enabled + type: object + diskSizeGb: + description: Immutable. Size of the disk attached to each node, + specified in GB. The smallest allowed disk size is 10GB. + type: integer + diskType: + description: Immutable. Type of the disk attached to each node. + Such as pd-standard, pd-balanced or pd-ssd. + type: string + ephemeralStorageConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. + type: integer + required: + - localSsdCount + type: object + ephemeralStorageLocalSsdConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. + type: integer + required: + - localSsdCount + type: object + fastSocket: + description: Enable or disable NCCL Fast Socket in the node pool. + properties: + enabled: + description: Whether or not NCCL Fast Socket is enabled. + type: boolean + required: + - enabled + type: object + gcfsConfig: + description: Immutable. GCFS configuration for this node. + properties: + enabled: + description: Immutable. Whether or not GCFS is enabled. + type: boolean + required: + - enabled + type: object + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the accelerator cards + exposed to an instance. + type: integer + gpuDriverInstallationConfig: + description: Immutable. Configuration for auto installation + of GPU driver. + properties: + gpuDriverVersion: + description: Immutable. Mode for how the GPU driver + is installed. + type: string + required: + - gpuDriverVersion + type: object + gpuPartitionSize: + description: Immutable. Size of partitions to create on + the GPU. Valid values are described in the NVIDIA mig + user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). + type: string + gpuSharingConfig: + description: Immutable. Configuration for GPU sharing. + properties: + gpuSharingStrategy: + description: Immutable. The type of GPU sharing strategy + to enable on the GPU node. Possible values are described + in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig). + type: string + maxSharedClientsPerGpu: + description: Immutable. The maximum number of containers + that can share a GPU. + type: integer + required: + - gpuSharingStrategy + - maxSharedClientsPerGpu + type: object + type: + description: Immutable. The accelerator type resource name. + type: string + required: + - count + - type + type: object + type: array + gvnic: + description: Immutable. Enable or disable gvnic in the node pool. + properties: + enabled: + description: Immutable. Whether or not gvnic is enabled. + type: boolean + required: + - enabled + type: object + hostMaintenancePolicy: + description: Immutable. The maintenance policy for the hosts on + which the GKE VMs run on. + properties: + maintenanceInterval: + description: Immutable. . + type: string + required: + - maintenanceInterval + type: object + imageType: + description: The image type to use for this node. Note that for + a given image type, the latest version of it will be used. + type: string + kubeletConfig: + description: Node kubelet configs. + properties: + cpuCfsQuota: + description: Enable CPU CFS quota enforcement for containers + that specify CPU limits. + type: boolean + cpuCfsQuotaPeriod: + description: Set the CPU CFS quota period value 'cpu.cfs_period_us'. + type: string + cpuManagerPolicy: + description: Control the CPU management policy on the node. + type: string + podPidsLimit: + description: Controls the maximum number of processes allowed + to run in a pod. + type: integer + required: + - cpuManagerPolicy + type: object + labels: + additionalProperties: + type: string + description: Immutable. The map of Kubernetes labels (key/value + pairs) to be applied to each node. These will added in addition + to any default label(s) that Kubernetes may apply to the node. + type: object + linuxNodeConfig: + description: Parameters that can be configured on Linux nodes. + properties: + cgroupMode: + description: cgroupMode specifies the cgroup mode to be used + on the node. + type: string + sysctls: + additionalProperties: + type: string + description: The Linux kernel parameters to be applied to + the nodes and all pods running on the nodes. + type: object + type: object + localNvmeSsdBlockConfig: + description: Immutable. Parameters for raw-block local NVMe SSDs. + properties: + localSsdCount: + description: Immutable. Number of raw-block local NVMe SSD + disks to be attached to the node. Each local SSD is 375 + GB in size. + type: integer + required: + - localSsdCount + type: object + localSsdCount: + description: Immutable. The number of local SSD disks to be attached + to the node. + type: integer + loggingVariant: + description: Type of logging agent that is used as the default + value for node pools in the cluster. Valid values include DEFAULT + and MAX_THROUGHPUT. + type: string + machineType: + description: Immutable. The name of a Google Compute Engine machine + type. + type: string + metadata: + additionalProperties: + type: string + description: Immutable. The metadata key/value pairs assigned + to instances in the cluster. + type: object + minCpuPlatform: + description: Immutable. Minimum CPU platform to be used by this + instance. The instance may be scheduled on the specified or + newer CPU platform. + type: string + nodeGroupRef: + description: |- + Immutable. Setting this field will assign instances + of this pool to run on the specified node group. This is useful + for running workloads on sole tenant nodes. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNodeGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + oauthScopes: + description: Immutable. The set of Google API scopes to be made + available on all of the node VMs. + items: + type: string + type: array + preemptible: + description: Immutable. Whether the nodes are created as preemptible + VM instances. + type: boolean + reservationAffinity: + description: Immutable. The reservation affinity configuration + for the node pool. + properties: + consumeReservationType: + description: Immutable. Corresponds to the type of reservation + consumption. + type: string + key: + description: Immutable. The label key of a reservation resource. + type: string + values: + description: Immutable. The label values of the reservation + resource. + items: + type: string + type: array + required: + - consumeReservationType + type: object + resourceLabels: + additionalProperties: + type: string + description: The GCE resource labels (a map of key/value pairs) + to be applied to the node pool. + type: object + sandboxConfig: + description: Immutable. Sandbox configuration for this node. + properties: + sandboxType: + description: Type of the sandbox to use for the node (e.g. + 'gvisor'). + type: string + required: + - sandboxType + type: object + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + shieldedInstanceConfig: + description: Immutable. Shielded Instance options. + properties: + enableIntegrityMonitoring: + description: Immutable. Defines whether the instance has integrity + monitoring enabled. + type: boolean + enableSecureBoot: + description: Immutable. Defines whether the instance has Secure + Boot enabled. + type: boolean + type: object + soleTenantConfig: + description: Immutable. Node affinity options for sole tenant + node pools. + properties: + nodeAffinity: + description: Immutable. . + items: + properties: + key: + description: Immutable. . + type: string + operator: + description: Immutable. . + type: string + values: + description: Immutable. . + items: + type: string + type: array + required: + - key + - operator + - values + type: object + type: array + required: + - nodeAffinity + type: object + spot: + description: Immutable. Whether the nodes are created as spot + VM instances. + type: boolean + tags: + description: The list of instance tags applied to all nodes. + items: + type: string + type: array + taint: + description: List of Kubernetes taints to be applied to each node. + items: + properties: + effect: + description: Effect for taint. + type: string + key: + description: Key for taint. + type: string + value: + description: Value for taint. + type: string + required: + - effect + - key + - value + type: object + type: array + workloadMetadataConfig: + description: Immutable. The workload metadata configuration for + this node. + properties: + mode: + description: Mode is the configuration for how to expose metadata + to workloads running on the node. + type: string + nodeMetadata: + description: DEPRECATED. Deprecated in favor of mode. NodeMetadata + is the configuration for how to expose metadata to the workloads + running on the node. + type: string + type: object + type: object + nodeLocations: + description: The list of zones in which the cluster's nodes are located. + Nodes must be in the region of their regional cluster or in the + same region as their cluster's zone for zonal clusters. If this + is specified for a zonal cluster, omit the cluster's zone. + items: + type: string + type: array + nodePoolAutoConfig: + description: Node pool configs that apply to all auto-provisioned + node pools in autopilot clusters and node auto-provisioning enabled + clusters. + properties: + networkTags: + description: Collection of Compute Engine network tags that can + be applied to a node's underlying VM instance. + properties: + tags: + description: List of network tags applied to auto-provisioned + node pools. + items: + type: string + type: array + type: object + type: object + nodePoolDefaults: + description: The default nodel pool settings for the entire cluster. + properties: + nodeConfigDefaults: + description: Subset of NodeConfig message that has defaults. + properties: + gcfsConfig: + description: GCFS configuration for this node. + properties: + enabled: + description: Whether or not GCFS is enabled. + type: boolean + required: + - enabled + type: object + loggingVariant: + description: Type of logging agent that is used as the default + value for node pools in the cluster. Valid values include + DEFAULT and MAX_THROUGHPUT. + type: string + type: object + type: object + nodeVersion: + type: string + notificationConfig: + description: The notification config for sending cluster upgrade notifications. + properties: + pubsub: + description: Notification config for Cloud Pub/Sub. + properties: + enabled: + description: Whether or not the notification config is enabled. + type: boolean + filter: + description: Allows filtering to one or more specific event + types. If event types are present, those and only those + event types will be transmitted to the cluster. Other types + will be skipped. If no filter is specified, or no event + types are present, all event types will be sent. + properties: + eventType: + description: Can be used to filter what notifications + are sent. Valid values include include UPGRADE_AVAILABLE_EVENT, + UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. + items: + type: string + type: array + required: + - eventType + type: object + topicRef: + description: The PubSubTopic to send the notification to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - enabled + type: object + required: + - pubsub + type: object + podSecurityPolicyConfig: + description: Configuration for the PodSecurityPolicy feature. + properties: + enabled: + description: Enable the PodSecurityPolicy controller for this + cluster. If enabled, pods must be valid under a PodSecurityPolicy + to be created. + type: boolean + required: + - enabled + type: object + privateClusterConfig: + description: Configuration for private clusters, clusters with private + nodes. + properties: + enablePrivateEndpoint: + description: When true, the cluster's private endpoint is used + as the cluster endpoint and access through the public endpoint + is disabled. When false, either endpoint can be used. + type: boolean + enablePrivateNodes: + description: Immutable. Enables the private cluster feature, creating + a private endpoint on the cluster. In a private cluster, nodes + only have RFC 1918 private addresses and communicate with the + master's private endpoint via private networking. + type: boolean + masterGlobalAccessConfig: + description: Controls cluster master global access settings. + properties: + enabled: + description: Whether the cluster master is accessible globally + or not. + type: boolean + required: + - enabled + type: object + masterIpv4CidrBlock: + description: Immutable. The IP range in CIDR notation to use for + the hosted master network. This range will be used for assigning + private IP addresses to the cluster master(s) and the ILB VIP. + This range must not overlap with any other ranges in use within + the cluster's network, and it must be a /28 subnet. See Private + Cluster Limitations for more details. This field only applies + to private clusters, when enable_private_nodes is true. + type: string + peeringName: + description: The name of the peering between this cluster and + the Google owned VPC. + type: string + privateEndpoint: + description: The internal IP address of this cluster's master + endpoint. + type: string + privateEndpointSubnetworkRef: + description: |- + Immutable. Subnetwork in cluster's network where master's endpoint + will be provisioned. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + publicEndpoint: + description: The external IP address of this cluster's master + endpoint. + type: string + type: object + privateIpv6GoogleAccess: + description: The desired state of IPv6 connectivity to Google Services. + By default, no private IPv6 access to or from Google Services (all + access will be via IPv4). + type: string + protectConfig: + description: Enable/Disable Protect API features for the cluster. + properties: + workloadConfig: + description: WorkloadConfig defines which actions are enabled + for a cluster's workload configurations. + properties: + auditMode: + description: Sets which mode of auditing should be used for + the cluster's workloads. Accepted values are DISABLED, BASIC. + type: string + required: + - auditMode + type: object + workloadVulnerabilityMode: + description: Sets which mode to use for Protect workload vulnerability + scanning feature. Accepted values are DISABLED, BASIC. + type: string + type: object + releaseChannel: + description: Configuration options for the Release channel feature, + which provide more control over automatic upgrades of your GKE clusters. + Note that removing this field from your config will not unenroll + it. Instead, use the "UNSPECIFIED" channel. + properties: + channel: + description: |- + The selected release channel. Accepted values are: + * UNSPECIFIED: Not set. + * RAPID: Weekly upgrade cadence; Early testers and developers who requires new features. + * REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel. + * STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky. + type: string + required: + - channel + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourceUsageExportConfig: + description: Configuration for the ResourceUsageExportConfig feature. + properties: + bigqueryDestination: + description: Parameters for using BigQuery as the destination + of resource usage export. + properties: + datasetId: + description: The ID of a BigQuery Dataset. + type: string + required: + - datasetId + type: object + enableNetworkEgressMetering: + description: Whether to enable network egress metering for this + cluster. If enabled, a daemonset will be created in the cluster + to meter network egress traffic. + type: boolean + enableResourceConsumptionMetering: + description: Whether to enable resource consumption metering on + this cluster. When enabled, a table will be created in the resource + export BigQuery dataset to store resource consumption data. + The resulting table can be joined with the resource usage table + or with BigQuery billing export. Defaults to true. + type: boolean + required: + - bigqueryDestination + type: object + securityPostureConfig: + description: Defines the config needed to enable/disable features + for the Security Posture API. + properties: + mode: + description: Sets the mode of the Kubernetes security posture + API's off-cluster features. Available options include DISABLED + and BASIC. + type: string + vulnerabilityMode: + description: Sets the mode of the Kubernetes security posture + API's workload vulnerability scanning. Available options include + VULNERABILITY_DISABLED and VULNERABILITY_BASIC. + type: string + type: object + serviceExternalIpsConfig: + description: If set, and enabled=true, services with external ips + field will not be blocked. + properties: + enabled: + description: When enabled, services with exterenal ips specified + will be allowed. + type: boolean + required: + - enabled + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + verticalPodAutoscaling: + description: Vertical Pod Autoscaling automatically adjusts the resources + of pods controlled by it. + properties: + enabled: + description: Enables vertical pod autoscaling. + type: boolean + required: + - enabled + type: object + workloadIdentityConfig: + description: Configuration for the use of Kubernetes Service Accounts + in GCP IAM policies. + properties: + identityNamespace: + description: |- + DEPRECATED. This field will be removed in a future major release as it has been deprecated in the API. Use `workloadPool` instead; `workloadPool` field will supersede this field. + Enables workload identity. + type: string + workloadPool: + description: The workload pool to attach all Kubernetes service + accounts to. + type: string + type: object + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + endpoint: + description: The IP address of this cluster's Kubernetes master. + type: string + labelFingerprint: + description: The fingerprint of the set of labels for this cluster. + type: string + masterVersion: + description: The current version of the master in the cluster. This + may be different than the min_master_version set in the config if + the master has been updated by GKE. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + masterAuth: + description: DEPRECATED. Basic authentication was removed for + GKE cluster versions >= 1.19. The authentication information + for accessing the Kubernetes master. Some values in this block + are only returned by the API if your service account has permission + to get credentials for your GKE cluster. If you see an unexpected + diff unsetting your client cert, ensure you have the container.clusters.getCredentials + permission. + properties: + clientCertificate: + description: Base64 encoded public certificate used by clients + to authenticate to the cluster endpoint. + type: string + clusterCaCertificate: + description: Base64 encoded public certificate that is the + root of trust for the cluster. + type: string + type: object + privateClusterConfig: + description: Configuration for private clusters, clusters with + private nodes. + properties: + privateEndpoint: + description: The internal IP address of this cluster's master + endpoint. + type: string + publicEndpoint: + description: The external IP address of this cluster's master + endpoint. + type: string + type: object + type: object + operation: + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + servicesIpv4Cidr: + description: The IP address range of the Kubernetes services in this + cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are + typically put in the last /16 from the container CIDR. + type: string + tpuIpv4CidrBlock: + description: The IP address range of the Cloud TPUs in this cluster, + in CIDR notation (e.g. 1.2.3.4/29). + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: containernodepools.container.cnrm.cloud.google.com +spec: + group: container.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerNodePool + plural: containernodepools + shortNames: + - gcpcontainernodepool + - gcpcontainernodepools + singular: containernodepool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscaling: + description: Configuration required by cluster autoscaler to adjust + the size of the node pool to the current cluster usage. To disable + autoscaling, set minNodeCount and maxNodeCount to 0. + properties: + locationPolicy: + description: Location policy specifies the algorithm used when + scaling-up the node pool. "BALANCED" - Is a best effort policy + that aims to balance the sizes of available zones. "ANY" - Instructs + the cluster autoscaler to prioritize utilization of unused reservations, + and reduces preemption risk for Spot VMs. + type: string + maxNodeCount: + description: Maximum number of nodes per zone in the node pool. + Must be >= min_node_count. Cannot be used with total limits. + type: integer + minNodeCount: + description: Minimum number of nodes per zone in the node pool. + Must be >=0 and <= max_node_count. Cannot be used with total + limits. + type: integer + totalMaxNodeCount: + description: Maximum number of all nodes in the node pool. Must + be >= total_min_node_count. Cannot be used with per zone limits. + type: integer + totalMinNodeCount: + description: Minimum number of all nodes in the node pool. Must + be >=0 and <= total_max_node_count. Cannot be used with per + zone limits. + type: integer + type: object + clusterRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ContainerCluster` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + initialNodeCount: + description: Immutable. The initial number of nodes for the pool. + In regional or multi-zonal clusters, this is the number of nodes + per zone. Changing this will force recreation of the resource. + type: integer + location: + description: Immutable. The location (region or zone) of the cluster. + type: string + management: + description: Node management configuration, wherein auto-repair and + auto-upgrade is configured. + properties: + autoRepair: + description: Whether the nodes will be automatically repaired. + type: boolean + autoUpgrade: + description: Whether the nodes will be automatically upgraded. + type: boolean + type: object + maxPodsPerNode: + description: Immutable. The maximum number of pods per node in this + node pool. Note that this does not work on node pools which are + "route-based" - that is, node pools belonging to clusters that do + not have IP Aliasing enabled. + type: integer + namePrefix: + description: Immutable. Creates a unique name for the node pool beginning + with the specified prefix. Conflicts with name. + type: string + networkConfig: + description: Networking configuration for this NodePool. If specified, + it overrides the cluster-level defaults. + properties: + additionalNodeNetworkConfigs: + description: Immutable. We specify the additional node networks + for this node pool using this list. Each node network corresponds + to an additional interface. + items: + properties: + networkRef: + description: Immutable. Name of the VPC where the additional + interface belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subnetworkRef: + description: Immutable. Name of the subnetwork where the + additional interface belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeSubnetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + additionalPodNetworkConfigs: + description: Immutable. We specify the additional pod networks + for this node pool using this list. Each pod network corresponds + to an additional alias IP range for the node. + items: + properties: + maxPodsPerNode: + description: Immutable. The maximum number of pods per node + which use this pod network. + type: integer + secondaryPodRange: + description: Immutable. The name of the secondary range + on the subnet which provides IP address for this pod range. + type: string + subnetworkRef: + description: Immutable. Name of the subnetwork where the + additional pod network belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeSubnetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + createPodRange: + description: Immutable. Whether to create a new range for pod + IPs in this node pool. Defaults are provided for pod_range and + pod_ipv4_cidr_block if they are not specified. + type: boolean + enablePrivateNodes: + description: Whether nodes have internal IP addresses only. + type: boolean + podCidrOverprovisionConfig: + description: Immutable. Configuration for node-pool level pod + cidr overprovision. If not set, the cluster level setting will + be inherited. + properties: + disabled: + type: boolean + required: + - disabled + type: object + podIpv4CidrBlock: + description: Immutable. The IP address range for pod IPs in this + node pool. Only applicable if create_pod_range is true. Set + to blank to have a range chosen with the default size. Set to + /netmask (e.g. /14) to have a range chosen with a specific netmask. + Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific + range to use. + type: string + podRange: + description: Immutable. The ID of the secondary range for pod + IPs. If create_pod_range is true, this ID is used for the new + range. If create_pod_range is false, uses an existing secondary + range with this ID. + type: string + type: object + nodeConfig: + description: Immutable. The configuration of the nodepool. + properties: + advancedMachineFeatures: + description: Immutable. Specifies options for controlling advanced + machine features. + properties: + threadsPerCore: + description: Immutable. The number of threads per physical + core. To disable simultaneous multithreading (SMT) set this + to 1. If unset, the maximum number of threads supported + per core by the underlying processor is assumed. + type: integer + required: + - threadsPerCore + type: object + bootDiskKMSCryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + confidentialNodes: + description: 'Immutable. Configuration for the confidential nodes + feature, which makes nodes run on confidential VMs. Warning: + This configuration can''t be changed (or added/removed) after + pool creation without deleting and recreating the entire pool.' + properties: + enabled: + description: Immutable. Whether Confidential Nodes feature + is enabled for all nodes in this pool. + type: boolean + required: + - enabled + type: object + diskSizeGb: + description: Immutable. Size of the disk attached to each node, + specified in GB. The smallest allowed disk size is 10GB. + type: integer + diskType: + description: Immutable. Type of the disk attached to each node. + Such as pd-standard, pd-balanced or pd-ssd. + type: string + ephemeralStorageConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. + type: integer + required: + - localSsdCount + type: object + ephemeralStorageLocalSsdConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. + type: integer + required: + - localSsdCount + type: object + fastSocket: + description: Enable or disable NCCL Fast Socket in the node pool. + properties: + enabled: + description: Whether or not NCCL Fast Socket is enabled. + type: boolean + required: + - enabled + type: object + gcfsConfig: + description: Immutable. GCFS configuration for this node. + properties: + enabled: + description: Immutable. Whether or not GCFS is enabled. + type: boolean + required: + - enabled + type: object + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the accelerator cards + exposed to an instance. + type: integer + gpuDriverInstallationConfig: + description: Immutable. Configuration for auto installation + of GPU driver. + properties: + gpuDriverVersion: + description: Immutable. Mode for how the GPU driver + is installed. + type: string + required: + - gpuDriverVersion + type: object + gpuPartitionSize: + description: Immutable. Size of partitions to create on + the GPU. Valid values are described in the NVIDIA mig + user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). + type: string + gpuSharingConfig: + description: Immutable. Configuration for GPU sharing. + properties: + gpuSharingStrategy: + description: Immutable. The type of GPU sharing strategy + to enable on the GPU node. Possible values are described + in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig). + type: string + maxSharedClientsPerGpu: + description: Immutable. The maximum number of containers + that can share a GPU. + type: integer + required: + - gpuSharingStrategy + - maxSharedClientsPerGpu + type: object + type: + description: Immutable. The accelerator type resource name. + type: string + required: + - count + - type + type: object + type: array + gvnic: + description: Immutable. Enable or disable gvnic in the node pool. + properties: + enabled: + description: Immutable. Whether or not gvnic is enabled. + type: boolean + required: + - enabled + type: object + hostMaintenancePolicy: + description: Immutable. The maintenance policy for the hosts on + which the GKE VMs run on. + properties: + maintenanceInterval: + description: Immutable. . + type: string + required: + - maintenanceInterval + type: object + imageType: + description: The image type to use for this node. Note that for + a given image type, the latest version of it will be used. + type: string + kubeletConfig: + description: Node kubelet configs. + properties: + cpuCfsQuota: + description: Enable CPU CFS quota enforcement for containers + that specify CPU limits. + type: boolean + cpuCfsQuotaPeriod: + description: Set the CPU CFS quota period value 'cpu.cfs_period_us'. + type: string + cpuManagerPolicy: + description: Control the CPU management policy on the node. + type: string + podPidsLimit: + description: Controls the maximum number of processes allowed + to run in a pod. + type: integer + required: + - cpuManagerPolicy + type: object + labels: + additionalProperties: + type: string + description: The map of Kubernetes labels (key/value pairs) to + be applied to each node. These will added in addition to any + default label(s) that Kubernetes may apply to the node. + type: object + linuxNodeConfig: + description: Parameters that can be configured on Linux nodes. + properties: + cgroupMode: + description: cgroupMode specifies the cgroup mode to be used + on the node. + type: string + sysctls: + additionalProperties: + type: string + description: The Linux kernel parameters to be applied to + the nodes and all pods running on the nodes. + type: object + type: object + localNvmeSsdBlockConfig: + description: Immutable. Parameters for raw-block local NVMe SSDs. + properties: + localSsdCount: + description: Immutable. Number of raw-block local NVMe SSD + disks to be attached to the node. Each local SSD is 375 + GB in size. + type: integer + required: + - localSsdCount + type: object + localSsdCount: + description: Immutable. The number of local SSD disks to be attached + to the node. + type: integer + loggingVariant: + description: Type of logging agent that is used as the default + value for node pools in the cluster. Valid values include DEFAULT + and MAX_THROUGHPUT. + type: string + machineType: + description: Immutable. The name of a Google Compute Engine machine + type. + type: string + metadata: + additionalProperties: + type: string + description: Immutable. The metadata key/value pairs assigned + to instances in the cluster. + type: object + minCpuPlatform: + description: Immutable. Minimum CPU platform to be used by this + instance. The instance may be scheduled on the specified or + newer CPU platform. + type: string + nodeGroupRef: + description: |- + Immutable. Setting this field will assign instances + of this pool to run on the specified node group. This is useful + for running workloads on sole tenant nodes. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNodeGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + oauthScopes: + description: Immutable. The set of Google API scopes to be made + available on all of the node VMs. + items: + type: string + type: array + preemptible: + description: Immutable. Whether the nodes are created as preemptible + VM instances. + type: boolean + reservationAffinity: + description: Immutable. The reservation affinity configuration + for the node pool. + properties: + consumeReservationType: + description: Immutable. Corresponds to the type of reservation + consumption. + type: string + key: + description: Immutable. The label key of a reservation resource. + type: string + values: + description: Immutable. The label values of the reservation + resource. + items: + type: string + type: array + required: + - consumeReservationType + type: object + resourceLabels: + additionalProperties: + type: string + description: The GCE resource labels (a map of key/value pairs) + to be applied to the node pool. + type: object + sandboxConfig: + description: Immutable. Sandbox configuration for this node. + properties: + sandboxType: + description: Type of the sandbox to use for the node (e.g. + 'gvisor'). + type: string + required: + - sandboxType + type: object + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + shieldedInstanceConfig: + description: Immutable. Shielded Instance options. + properties: + enableIntegrityMonitoring: + description: Immutable. Defines whether the instance has integrity + monitoring enabled. + type: boolean + enableSecureBoot: + description: Immutable. Defines whether the instance has Secure + Boot enabled. + type: boolean + type: object + soleTenantConfig: + description: Immutable. Node affinity options for sole tenant + node pools. + properties: + nodeAffinity: + description: Immutable. . + items: + properties: + key: + description: Immutable. . + type: string + operator: + description: Immutable. . + type: string + values: + description: Immutable. . + items: + type: string + type: array + required: + - key + - operator + - values + type: object + type: array + required: + - nodeAffinity + type: object + spot: + description: Immutable. Whether the nodes are created as spot + VM instances. + type: boolean + tags: + description: The list of instance tags applied to all nodes. + items: + type: string + type: array + taint: + description: List of Kubernetes taints to be applied to each node. + items: + properties: + effect: + description: Effect for taint. + type: string + key: + description: Key for taint. + type: string + value: + description: Value for taint. + type: string + required: + - effect + - key + - value + type: object + type: array + workloadMetadataConfig: + description: The workload metadata configuration for this node. + properties: + mode: + description: Mode is the configuration for how to expose metadata + to workloads running on the node. + type: string + nodeMetadata: + description: DEPRECATED. Deprecated in favor of mode. NodeMetadata + is the configuration for how to expose metadata to the workloads + running on the node. + type: string + type: object + type: object + nodeCount: + description: The number of nodes per instance group. This field can + be used to update the number of nodes per instance group but should + not be used alongside autoscaling. + type: integer + nodeLocations: + description: The list of zones in which the node pool's nodes should + be located. Nodes must be in the region of their regional cluster + or in the same region as their cluster's zone for zonal clusters. + If unspecified, the cluster-level node_locations will be used. + items: + type: string + type: array + placementPolicy: + description: Immutable. Specifies the node placement policy. + properties: + policyNameRef: + description: Immutable. If set, refers to the name of a custom + resource policy supplied by the user. The resource policy must + be in the same project and region as the node pool. If not found, + InvalidArgument error is returned. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tpuTopology: + description: TPU placement topology for pod slice node pool. https://cloud.google.com/tpu/docs/types-topologies#tpu_topologies. + type: string + type: + description: Type defines the type of placement policy. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + upgradeSettings: + description: Specify node upgrade settings to change how many nodes + GKE attempts to upgrade at once. The number of nodes upgraded simultaneously + is the sum of max_surge and max_unavailable. The maximum number + of nodes upgraded simultaneously is limited to 20. + properties: + blueGreenSettings: + description: Settings for BlueGreen node pool upgrade. + properties: + nodePoolSoakDuration: + description: Time needed after draining entire blue pool. + After this period, blue pool will be cleaned up. + type: string + standardRolloutPolicy: + description: Standard rollout policy is the default policy + for blue-green. + properties: + batchNodeCount: + description: Number of blue nodes to drain in a batch. + type: integer + batchPercentage: + description: Percentage of the blue pool nodes to drain + in a batch. + type: number + batchSoakDuration: + description: Soak time after each batch gets drained. + type: string + type: object + required: + - standardRolloutPolicy + type: object + maxSurge: + description: The number of additional nodes that can be added + to the node pool during an upgrade. Increasing max_surge raises + the number of nodes that can be upgraded simultaneously. Can + be set to 0 or greater. + type: integer + maxUnavailable: + description: The number of nodes that can be simultaneously unavailable + during an upgrade. Increasing max_unavailable raises the number + of nodes that can be upgraded in parallel. Can be set to 0 or + greater. + type: integer + strategy: + description: Update strategy for the given nodepool. + type: string + type: object + version: + type: string + required: + - clusterRef + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + instanceGroupUrls: + description: The resource URLs of the managed instance groups associated + with this node pool. + items: + type: string + type: array + managedInstanceGroupUrls: + description: List of instance group URLs which have been assigned + to this node pool. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + version: + type: string + type: object + operation: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogentries.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogEntry + plural: datacatalogentries + shortNames: + - gcpdatacatalogentry + - gcpdatacatalogentries + singular: datacatalogentry + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Entry description, which can consist of several sentences + or paragraphs that describe entry contents. + type: string + displayName: + description: |- + Display information such as title and description. A short name to identify the entry, + for example, "Analytics Data - Jan 2011". + type: string + entryGroup: + description: Immutable. The name of the entry group this entry is + in. + type: string + entryId: + description: Immutable. The id of the entry to create. + type: string + gcsFilesetSpec: + description: Specification that applies to a Cloud Storage fileset. + This is only valid on entries of type FILESET. + properties: + filePatterns: + description: |- + Patterns to identify a set of files in Google Cloud Storage. + See [Cloud Storage documentation](https://cloud.google.com/storage/docs/gsutil/addlhelp/WildcardNames) + for more information. Note that bucket wildcards are currently not supported. Examples of valid filePatterns: + + * gs://bucket_name/dir/*: matches all files within bucket_name/dir directory. + * gs://bucket_name/dir/**: matches all files in bucket_name/dir spanning all subdirectories. + * gs://bucket_name/file*: matches files prefixed by file in bucket_name + * gs://bucket_name/??.txt: matches files with two characters followed by .txt in bucket_name + * gs://bucket_name/[aeiou].txt: matches files that contain a single vowel character followed by .txt in bucket_name + * gs://bucket_name/[a-m].txt: matches files that contain a, b, ... or m followed by .txt in bucket_name + * gs://bucket_name/a/*/b: matches all files in bucket_name that match a/*/b pattern, such as a/c/b, a/d/b + * gs://another_bucket/a.txt: matches gs://another_bucket/a.txt. + items: + type: string + type: array + sampleGcsFileSpecs: + description: Sample files contained in this fileset, not all files + contained in this fileset are represented here. + items: + properties: + filePath: + description: The full file path. + type: string + sizeBytes: + description: The size of the file, in bytes. + type: integer + type: object + type: array + required: + - filePatterns + type: object + linkedResource: + description: |- + The resource this metadata entry refers to. + For Google Cloud Platform resources, linkedResource is the full name of the resource. + For example, the linkedResource for a table resource from BigQuery is: + //bigquery.googleapis.com/projects/projectId/datasets/datasetId/tables/tableId + Output only when Entry is of type in the EntryType enum. For entries with userSpecifiedType, + this field is optional and defaults to an empty string. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + schema: + description: |- + Schema of the entry (e.g. BigQuery, GoogleSQL, Avro schema), as a json string. An entry might not have any schema + attached to it. See + https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.entryGroups.entries#schema + for what fields this schema can contain. + type: string + type: + description: |- + Immutable. The type of the entry. Only used for Entries with types in the EntryType enum. + Currently, only FILESET enum value is allowed. All other entries created through Data Catalog must use userSpecifiedType. Possible values: ["FILESET"]. + type: string + userSpecifiedSystem: + description: |- + This field indicates the entry's source system that Data Catalog does not integrate with. + userSpecifiedSystem strings must begin with a letter or underscore and can only contain letters, numbers, + and underscores; are case insensitive; must be at least 1 character and at most 64 characters long. + type: string + userSpecifiedType: + description: |- + Entry type if it does not fit any of the input-allowed values listed in EntryType enum above. + When creating an entry, users should check the enum values first, if nothing matches the entry + to be created, then provide a custom value, for example "my_special_type". + userSpecifiedType strings must begin with a letter or underscore and can only contain letters, + numbers, and underscores; are case insensitive; must be at least 1 character and at most 64 characters long. + type: string + required: + - entryGroup + - entryId + type: object + status: + properties: + bigqueryDateShardedSpec: + description: |- + Specification for a group of BigQuery tables with name pattern [prefix]YYYYMMDD. + Context: https://cloud.google.com/bigquery/docs/partitioned-tables#partitioning_versus_sharding. + items: + properties: + dataset: + description: |- + The Data Catalog resource name of the dataset entry the current table belongs to, for example, + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}. + type: string + shardCount: + description: Total number of shards. + type: integer + tablePrefix: + description: |- + The table name prefix of the shards. The name of any given shard is [tablePrefix]YYYYMMDD, + for example, for shard MyTable20180101, the tablePrefix is MyTable. + type: string + type: object + type: array + bigqueryTableSpec: + description: Specification that applies to a BigQuery table. This + is only valid on entries of type TABLE. + items: + properties: + tableSourceType: + description: The table source type. + type: string + tableSpec: + description: Spec of a BigQuery table. This field should only + be populated if tableSourceType is BIGQUERY_TABLE. + items: + properties: + groupedEntry: + description: |- + If the table is a dated shard, i.e., with name pattern [prefix]YYYYMMDD, groupedEntry is the + Data Catalog resource name of the date sharded grouped entry, for example, + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}. + Otherwise, groupedEntry is empty. + type: string + type: object + type: array + viewSpec: + description: Table view specification. This field should only + be populated if tableSourceType is BIGQUERY_VIEW. + items: + properties: + viewQuery: + description: The query that defines the table view. + type: string + type: object + type: array + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + integratedSystem: + description: This field indicates the entry's source system that Data + Catalog integrates with, such as BigQuery or Pub/Sub. + type: string + name: + description: |- + The Data Catalog resource name of the entry in URL format. + Example: projects/{project_id}/locations/{location}/entryGroups/{entryGroupId}/entries/{entryId}. + Note that this Entry and its child resources may not actually be stored in the location in this name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogentrygroups.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogEntryGroup + plural: datacatalogentrygroups + shortNames: + - gcpdatacatalogentrygroup + - gcpdatacatalogentrygroups + singular: datacatalogentrygroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Entry group description, which can consist of several + sentences or paragraphs that describe entry group contents. + type: string + displayName: + description: A short name to identify the entry group, for example, + "analytics data - jan 2011". + type: string + entryGroupId: + description: |- + Immutable. The id of the entry group to create. The id must begin with a letter or underscore, + contain only English letters, numbers and underscores, and be at most 64 characters. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. EntryGroup location region. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - entryGroupId + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The resource name of the entry group in URL format. + Example: projects/{project}/locations/{location}/entryGroups/{entryGroupId}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogpolicytags.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogPolicyTag + plural: datacatalogpolicytags + shortNames: + - gcpdatacatalogpolicytag + - gcpdatacatalogpolicytags + singular: datacatalogpolicytag + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Description of this policy tag. It must: contain only unicode characters, tabs, + newlines, carriage returns and page breaks; and be at most 2000 bytes long when + encoded in UTF-8. If not set, defaults to an empty description. + If not set, defaults to an empty description. + type: string + displayName: + description: |- + User defined name of this policy tag. It must: be unique within the parent + taxonomy; contain only unicode letters, numbers, underscores, dashes and spaces; + not start or end with spaces; and be at most 200 bytes long when encoded in UTF-8. + type: string + parentPolicyTagRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `DataCatalogPolicyTag` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + taxonomyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `DataCatalogTaxonomy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - displayName + - taxonomyRef + type: object + status: + properties: + childPolicyTags: + description: Resource names of child policy tags of this policy tag. + items: + type: string + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + Resource name of this policy tag, whose format is: + "projects/{project}/locations/{region}/taxonomies/{taxonomy}/policyTags/{policytag}". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogtags.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogTag + plural: datacatalogtags + shortNames: + - gcpdatacatalogtag + - gcpdatacatalogtags + singular: datacatalogtag + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + column: + description: |- + Resources like Entry can have schemas associated with them. This scope allows users to attach tags to an + individual column based on that schema. + + For attaching a tag to a nested column, use '.' to separate the column names. Example: + 'outer_column.inner_column'. + type: string + fields: + description: |- + This maps the ID of a tag field to the value of and additional information about that field. + Valid field IDs are defined by the tag's template. A tag must have at least 1 field and at most 500 fields. + items: + properties: + boolValue: + description: Holds the value for a tag field with boolean type. + type: boolean + displayName: + description: The display name of this field. + type: string + doubleValue: + description: Holds the value for a tag field with double type. + type: number + enumValue: + description: The display name of the enum value. + type: string + fieldName: + type: string + order: + description: |- + The order of this field with respect to other fields in this tag. For example, a higher value can indicate + a more important field. The value can be negative. Multiple fields can have the same order, and field orders + within a tag do not have to be sequential. + type: integer + stringValue: + description: Holds the value for a tag field with string type. + type: string + timestampValue: + description: Holds the value for a tag field with timestamp + type. + type: string + required: + - fieldName + type: object + type: array + parent: + description: |- + Immutable. The name of the parent this tag is attached to. This can be the name of an entry or an entry group. If an entry group, the tag will be attached to + all entries in that group. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + template: + description: |- + Immutable. The resource name of the tag template that this tag uses. Example: + projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId} + This field cannot be modified after creation. + type: string + required: + - fields + - template + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The resource name of the tag in URL format. Example: + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}/tags/{tag_id} or + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/tags/{tag_id} + where tag_id is a system-generated identifier. Note that this Tag may not actually be stored in the location in this name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + templateDisplayname: + description: The display name of the tag template. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogtagtemplates.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogTagTemplate + plural: datacatalogtagtemplates + shortNames: + - gcpdatacatalogtagtemplate + - gcpdatacatalogtagtemplates + singular: datacatalogtagtemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The display name for this template. + type: string + fields: + description: Set of tag template field IDs and the settings for the + field. This set is an exhaustive list of the allowed fields. This + set must contain at least one field and at most 500 fields. The + change of field_id will be resulting in re-creating of field. The + change of primitive_type will be resulting in re-creating of field, + however if the field is a required, you cannot update it. + items: + properties: + description: + description: A description for this field. + type: string + displayName: + description: The display name for this field. + type: string + fieldId: + type: string + isRequired: + description: Whether this is a required field. Defaults to false. + type: boolean + name: + description: 'The resource name of the tag template field in + URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}/fields/{field}.' + type: string + order: + description: |- + The order of this field with respect to other fields in this tag template. + A higher value indicates a more important field. The value can be negative. + Multiple fields can have the same order, and field orders within a tag do not have to be sequential. + type: integer + type: + description: The type of value this tag field can contain. + properties: + enumType: + description: |- + Represents an enum type. + Exactly one of 'primitive_type' or 'enum_type' must be set. + properties: + allowedValues: + description: |- + The set of allowed values for this enum. The display names of the + values must be case-insensitively unique within this set. Currently, + enum values can only be added to the list of allowed values. Deletion + and renaming of enum values are not supported. + Can have up to 500 allowed values. + items: + properties: + displayName: + description: The display name of the enum value. + type: string + required: + - displayName + type: object + type: array + required: + - allowedValues + type: object + primitiveType: + description: |- + Represents primitive types - string, bool etc. + Exactly one of 'primitive_type' or 'enum_type' must be set Possible values: ["DOUBLE", "STRING", "BOOL", "TIMESTAMP"]. + type: string + type: object + required: + - fieldId + - type + type: object + type: array + forceDelete: + description: This confirms the deletion of any possible tags using + this template. Must be set to true in order to delete the tag template. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. Template location region. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + tagTemplateId: + description: Immutable. The id of the tag template to create. + type: string + required: + - fields + - projectRef + - tagTemplateId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The resource name of the tag template in URL format. + Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogtaxonomies.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogTaxonomy + plural: datacatalogtaxonomies + shortNames: + - gcpdatacatalogtaxonomy + - gcpdatacatalogtaxonomies + singular: datacatalogtaxonomy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + activatedPolicyTypes: + description: |- + A list of policy types that are activated for this taxonomy. If not set, + defaults to an empty list. Possible values: ["POLICY_TYPE_UNSPECIFIED", "FINE_GRAINED_ACCESS_CONTROL"]. + items: + type: string + type: array + description: + description: |- + Description of this taxonomy. It must: contain only unicode characters, + tabs, newlines, carriage returns and page breaks; and be at most 2000 bytes + long when encoded in UTF-8. If not set, defaults to an empty description. + type: string + displayName: + description: |- + User defined name of this taxonomy. + It must: contain only unicode letters, numbers, underscores, dashes + and spaces; not start or end with spaces; and be at most 200 bytes + long when encoded in UTF-8. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. Taxonomy location region. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + Resource name of this taxonomy, whose format is: + "projects/{project}/locations/{region}/taxonomies/{taxonomy}". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dataflowflextemplatejobs.dataflow.cnrm.cloud.google.com +spec: + group: dataflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataflowFlexTemplateJob + listKind: DataflowFlexTemplateJobList + plural: dataflowflextemplatejobs + shortNames: + - gcpdataflowflextemplatejob + - gcpdataflowflextemplatejobs + singular: dataflowflextemplatejob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: DataflowFlexTemplateJob is the Schema for the DataflowFlexTemplateJob + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DataflowFlexTemplateJobSpec defines the desired state of + DataflowFlexTemplateJob + properties: + additionalExperiments: + description: Additional experiment flags for the job. + items: + type: string + type: array + autoscalingAlgorithm: + description: The algorithm to use for autoscaling + type: string + containerSpecGcsPath: + description: Cloud Storage path to a file with json serialized ContainerSpec + as content. + type: string + enableStreamingEngine: + description: Whether to enable Streaming Engine for the job. + type: boolean + ipConfiguration: + description: Configuration for VM IPs. + type: string + kmsKeyNameRef: + description: The Cloud KMS key for the job. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed KMSCryptoKey. + Should be in the format `projects/[kms_project_id]/locations/[region]/keyRings/[key_ring_id]/cryptoKeys/[key]`. + type: string + name: + description: The `name` of a `KMSCryptoKey` resource. + type: string + namespace: + description: The `namespace` of a `KMSCryptoKey` resource. + type: string + type: object + launcherMachineType: + description: The machine type to use for launching the job. The default + is n1-standard-1. + type: string + machineType: + description: The machine type to use for the job. Defaults to the + value from the template if not specified. + type: string + maxWorkers: + description: The maximum number of Google Compute Engine instances + to be made available to your pipeline during execution, from 1 to + 1000. + format: int32 + type: integer + networkRef: + description: Network to which VMs will be assigned. If empty or unspecified, + the service will use the network "default". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed Compute Network + resource. Should be in the format `projects//global/networks/`. + type: string + name: + description: The `name` field of a `ComputeNetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeNetwork` resource. + type: string + type: object + numWorkers: + description: The initial number of Google Compute Engine instances + for the job. + format: int32 + type: integer + parameters: + description: The parameters for FlexTemplate. Ex. {"num_workers":"5"} + type: object + x-kubernetes-preserve-unknown-fields: true + region: + description: Immutable. The region in which the created job should + run. + type: string + sdkContainerImage: + description: Docker registry location of container image to use for + the 'worker harness. Default is the container for the version of + the SDK. Note this field is only valid for portable pipelines. + type: string + serviceAccountEmailRef: + description: The email address of the service account to run the job + as. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + stagingLocation: + description: The Cloud Storage path for staging local files. Must + be a valid Cloud Storage URL, beginning with `gs://`. + type: string + subnetworkRef: + description: Subnetwork to which VMs will be assigned, if desired. + You can specify a subnetwork using either a complete URL or an abbreviated + path. Expected to be of the form "https://www.googleapis.com/compute/v1/projects/HOST_PROJECT_ID/regions/REGION/subnetworks/SUBNETWORK" + or "regions/REGION/subnetworks/SUBNETWORK". If the subnetwork is + located in a Shared VPC network, you must use the complete URL. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The ComputeSubnetwork selflink of form "projects/{{project}}/regions/{{region}}/subnetworks/{{name}}", + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `ComputeSubnetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeSubnetwork` resource. + type: string + type: object + tempLocation: + description: The Cloud Storage path to use for temporary files. Must + be a valid Cloud Storage URL, beginning with `gs://`. + type: string + transformNameMapping: + description: Map of transform name prefixes of the job to be replaced + with the corresponding name prefixes of the new job. Only applicable + when updating a pipeline. + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - containerSpecGcsPath + type: object + status: + description: DataflowFlexTemplateJobStatus defines the config connector + machine state of DataflowFlexTemplateJob + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + jobId: + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + state: + description: |- + The current state of the job. + + Jobs are created in the `JOB_STATE_STOPPED` state unless otherwise + specified. + + A job in the `JOB_STATE_RUNNING` state may asynchronously enter a + terminal state. After a job has reached a terminal state, no + further state updates may be made. + + This field may be mutated by the Cloud Dataflow service; + callers cannot mutate it. + type: string + type: + description: The type of Cloud Dataflow job. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dataflowjobs.dataflow.cnrm.cloud.google.com +spec: + group: dataflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataflowJob + plural: dataflowjobs + shortNames: + - gcpdataflowjob + - gcpdataflowjobs + singular: dataflowjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + additionalExperiments: + description: List of experiments that should be used by the job. An + example value is ["enable_stackdriver_agent_metrics"]. + items: + type: string + type: array + enableStreamingEngine: + description: Indicates if the job should use the streaming engine + feature. + type: boolean + ipConfiguration: + description: The configuration for VM IPs. Options are "WORKER_IP_PUBLIC" + or "WORKER_IP_PRIVATE". + type: string + kmsKeyRef: + description: The name for the Cloud KMS key for the job. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: The machine type to use for the job. + type: string + maxWorkers: + description: Immutable. The number of workers permitted to work on + the job. More workers may improve processing speed at additional + cost. + type: integer + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + parameters: + description: Key/Value pairs to be passed to the Dataflow job (as + used in the template). + type: object + x-kubernetes-preserve-unknown-fields: true + region: + description: Immutable. The region in which the created job should + run. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tempGcsLocation: + description: A writeable location on Google Cloud Storage for the + Dataflow job to dump its temporary data. + type: string + templateGcsPath: + description: The Google Cloud Storage path to the Dataflow job template. + type: string + transformNameMapping: + description: Only applicable when updating a pipeline. Map of transform + name prefixes of the job to be replaced with the corresponding name + prefixes of the new job. + type: object + x-kubernetes-preserve-unknown-fields: true + zone: + description: Immutable. The zone in which the created job should run. + If it is not provided, the provider zone is used. + type: string + required: + - tempGcsLocation + - templateGcsPath + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + jobId: + description: The unique ID of this job. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The current state of the resource, selected from the + JobState enum. + type: string + type: + description: The type of this job, selected from the JobType enum. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + name: dataformrepositories.dataform.cnrm.cloud.google.com +spec: + group: dataform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataformRepository + listKind: DataformRepositoryList + plural: dataformrepositories + shortNames: + - gcpdataformrepository + - gcpdataformrepositories + singular: dataformrepository + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DataformRepository is the Schema for the dataform API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Optional. The repository's user-friendly name. + type: string + gitRemoteSettings: + description: Optional. If set, configures this repository to be linked + to a Git remote. + properties: + authenticationTokenSecretVersionRef: + description: The name of the Secret Manager secret version to + use as an authentication token for Git operations. Must be in + the format projects/* /secrets/* /versions/*. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: ' If provided must be in the format `projects/*/secrets/*/versions/*`.' + type: string + name: + description: The `name` field of a `SecretManagerSecretVersion` + resource. + type: string + namespace: + description: The `metadata.namespace` field of a `SecretManagerSecretVersion` + resource. + type: string + type: object + defaultBranch: + description: The Git remote's default branch name. + type: string + sshAuthenticationConfig: + description: Authentication fields for remote uris using SSH protocol. + properties: + hostPublicKey: + description: Content of a public SSH key to verify an identity + of a remote Git host. + type: string + userPrivateKeySecretVersionRef: + description: The name of the Secret Manager secret version + to use as a ssh private key for Git operations. Must be + in the format projects/*/secrets/*/versions/* . + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: ' If provided must be in the format `projects/*/secrets/*/versions/*`.' + type: string + name: + description: The `name` field of a `SecretManagerSecretVersion` + resource. + type: string + namespace: + description: The `metadata.namespace` field of a `SecretManagerSecretVersion` + resource. + type: string + type: object + required: + - hostPublicKey + - userPrivateKeySecretVersionRef + type: object + url: + description: The Git remote's URL. + type: string + required: + - defaultBranch + - url + type: object + npmrcEnvironmentVariablesSecretVersionRef: + description: Optional. The name of the Secret Manager secret version + to be used to interpolate variables into the .npmrc file for package + installation operations. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: ' If provided must be in the format `projects/*/secrets/*/versions/*`.' + type: string + name: + description: The `name` field of a `SecretManagerSecretVersion` + resource. + type: string + namespace: + description: The `metadata.namespace` field of a `SecretManagerSecretVersion` + resource. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + region: + description: Immutable. A reference to the region. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccountRef: + description: Optional. The service account reference to run workflow + invocations under. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + setAuthenticatedUserAdmin: + description: Optional. Input only. If set to true, the authenticated + user will be granted the roles/dataform.admin role on the created + repository. + type: boolean + workspaceCompilationOverrides: + description: Optional. If set, fields of workspaceCompilationOverrides + override the default compilation settings that are specified in + dataform.json when creating workspace-scoped compilation results. + properties: + defaultDatabase: + description: Optional. The default database (Google Cloud project + ID). + type: string + schemaSuffix: + description: Optional. The suffix that should be appended to all + schema (BigQuery dataset ID) names. + type: string + tablePrefix: + description: Optional. The prefix that should be prepended to + all table names. + type: string + type: object + required: + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observations + of the DataformRepository's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the DataformReposity resource + in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + type: object + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: DataformRepository is the Schema for the dataform API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Optional. The repository's user-friendly name. + type: string + gitRemoteSettings: + description: Optional. If set, configures this repository to be linked + to a Git remote. + properties: + authenticationTokenSecretVersionRef: + description: The name of the Secret Manager secret version to + use as an authentication token for Git operations. Must be in + the format projects/* /secrets/* /versions/*. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: ' If provided must be in the format `projects/*/secrets/*/versions/*`.' + type: string + name: + description: The `name` field of a `SecretManagerSecretVersion` + resource. + type: string + namespace: + description: The `metadata.namespace` field of a `SecretManagerSecretVersion` + resource. + type: string + type: object + defaultBranch: + description: The Git remote's default branch name. + type: string + sshAuthenticationConfig: + description: Authentication fields for remote uris using SSH protocol. + properties: + hostPublicKey: + description: Content of a public SSH key to verify an identity + of a remote Git host. + type: string + userPrivateKeySecretVersionRef: + description: The name of the Secret Manager secret version + to use as a ssh private key for Git operations. Must be + in the format projects/*/secrets/*/versions/* . + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: ' If provided must be in the format `projects/*/secrets/*/versions/*`.' + type: string + name: + description: The `name` field of a `SecretManagerSecretVersion` + resource. + type: string + namespace: + description: The `metadata.namespace` field of a `SecretManagerSecretVersion` + resource. + type: string + type: object + required: + - hostPublicKey + - userPrivateKeySecretVersionRef + type: object + url: + description: The Git remote's URL. + type: string + required: + - defaultBranch + - url + type: object + npmrcEnvironmentVariablesSecretVersionRef: + description: Optional. The name of the Secret Manager secret version + to be used to interpolate variables into the .npmrc file for package + installation operations. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: ' If provided must be in the format `projects/*/secrets/*/versions/*`.' + type: string + name: + description: The `name` field of a `SecretManagerSecretVersion` + resource. + type: string + namespace: + description: The `metadata.namespace` field of a `SecretManagerSecretVersion` + resource. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + region: + description: Immutable. A reference to the region. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccountRef: + description: Optional. The service account reference to run workflow + invocations under. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + setAuthenticatedUserAdmin: + description: Optional. Input only. If set to true, the authenticated + user will be granted the roles/dataform.admin role on the created + repository. + type: boolean + workspaceCompilationOverrides: + description: Optional. If set, fields of workspaceCompilationOverrides + override the default compilation settings that are specified in + dataform.json when creating workspace-scoped compilation results. + properties: + defaultDatabase: + description: Optional. The default database (Google Cloud project + ID). + type: string + schemaSuffix: + description: Optional. The suffix that should be appended to all + schema (BigQuery dataset ID) names. + type: string + tablePrefix: + description: Optional. The prefix that should be prepended to + all table names. + type: string + type: object + required: + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observations + of the DataformRepository's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the DataformReposity resource + in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: datafusioninstances.datafusion.cnrm.cloud.google.com +spec: + group: datafusion.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataFusionInstance + plural: datafusioninstances + shortNames: + - gcpdatafusioninstance + - gcpdatafusioninstances + singular: datafusioninstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataprocServiceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + User-managed service account to set on Dataproc when Cloud Data Fusion creates Dataproc to run data processing pipelines. This allows users to have fine-grained access control on Dataproc's accesses to cloud resources. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. A description of this instance. + type: string + displayName: + description: Immutable. Display name for an instance. + type: string + enableStackdriverLogging: + description: Option to enable Stackdriver Logging. + type: boolean + enableStackdriverMonitoring: + description: Option to enable Stackdriver Monitoring. + type: boolean + location: + description: Immutable. The location for the resource + type: string + networkConfig: + description: Immutable. Network configuration options. These are required + when a private Data Fusion instance is to be created. + properties: + ipAllocation: + description: Immutable. The IP range in CIDR notation to use for + the managed Data Fusion instance nodes. This range must not + overlap with any other ranges used in the customer network. + type: string + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the network in the customer project with which the Tenant Project will be peered for executing pipelines. In case of shared VPC where the network resides in another host project the network should specified in the form of projects/{host-project-id}/global/networks/{network} + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + options: + additionalProperties: + type: string + description: Immutable. Map of additional options used to configure + the behavior of Data Fusion instance. + type: object + privateInstance: + description: Immutable. Specifies whether the Data Fusion instance + should be private. If set to true, all Data Fusion nodes will have + private IP addresses and will not be able to access the public internet. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. Required. Instance type. Possible values: + TYPE_UNSPECIFIED, BASIC, ENTERPRISE, DEVELOPER' + type: string + version: + description: Current version of the Data Fusion. + type: string + zone: + description: Immutable. Name of the zone in which the Data Fusion + instance will be created. Only DEVELOPER instances use this field. + type: string + required: + - location + - type + type: object + status: + properties: + apiEndpoint: + description: Output only. Endpoint on which the REST APIs is accessible. + type: string + availableVersion: + description: Available versions that the instance can be upgraded + to. + items: + properties: + availableFeatures: + description: Represents a list of available feature names for + a given version. + items: + type: string + type: array + defaultVersion: + description: Whether this is currently the default version for + Cloud Data Fusion + type: boolean + versionNumber: + description: The version number of the Data Fusion instance, + such as '6.0.1.0'. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time the instance was created. + format: date-time + type: string + gcsBucket: + description: Output only. Cloud Storage bucket generated by Data Fusion + in the customer project. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + p4ServiceAccount: + description: Output only. P4 service account for the customer project. + type: string + serviceEndpoint: + description: Output only. Endpoint on which the Data Fusion UI is + accessible. + type: string + state: + description: 'Output only. The current state of this Data Fusion instance. + Possible values: STATE_UNSPECIFIED, ENABLED, DISABLED, UNKNOWN' + type: string + stateMessage: + description: Output only. Additional information about the current + state of this Data Fusion instance if available. + type: string + tenantProjectId: + description: Output only. The name of the tenant project. + type: string + updateTime: + description: Output only. The time the instance was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dataprocautoscalingpolicies.dataproc.cnrm.cloud.google.com +spec: + group: dataproc.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataprocAutoscalingPolicy + plural: dataprocautoscalingpolicies + shortNames: + - gcpdataprocautoscalingpolicy + - gcpdataprocautoscalingpolicies + singular: dataprocautoscalingpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + basicAlgorithm: + properties: + cooldownPeriod: + description: 'Optional. Duration between scaling events. A scaling + period starts after the update operation from the previous event + has completed. Bounds: . Default: 2m.' + type: string + yarnConfig: + description: Required. YARN autoscaling configuration. + properties: + gracefulDecommissionTimeout: + description: Required. Timeout for YARN graceful decommissioning + of Node Managers. Specifies the duration to wait for jobs + to complete before forcefully removing workers (and potentially + interrupting jobs). Only applicable to downscaling operations. + type: string + scaleDownFactor: + description: Required. Fraction of average YARN pending memory + in the last cooldown period for which to remove workers. + A scale-down factor of 1 will result in scaling down so + that there is no available memory remaining after the update + (more aggressive scaling). A scale-down factor of 0 disables + removing workers, which can be beneficial for autoscaling + a single job. See . + format: double + type: number + scaleDownMinWorkerFraction: + description: 'Optional. Minimum scale-down threshold as a + fraction of total cluster size before scaling occurs. For + example, in a 20-worker cluster, a threshold of 0.1 means + the autoscaler must recommend at least a 2 worker scale-down + for the cluster to scale. A threshold of 0 means the autoscaler + will scale down on any recommended change. Bounds: . Default: + 0.0.' + format: double + type: number + scaleUpFactor: + description: Required. Fraction of average YARN pending memory + in the last cooldown period for which to add workers. A + scale-up factor of 1.0 will result in scaling up so that + there is no pending memory remaining after the update (more + aggressive scaling). A scale-up factor closer to 0 will + result in a smaller magnitude of scaling up (less aggressive + scaling). See . + format: double + type: number + scaleUpMinWorkerFraction: + description: 'Optional. Minimum scale-up threshold as a fraction + of total cluster size before scaling occurs. For example, + in a 20-worker cluster, a threshold of 0.1 means the autoscaler + must recommend at least a 2-worker scale-up for the cluster + to scale. A threshold of 0 means the autoscaler will scale + up on any recommended change. Bounds: . Default: 0.0.' + format: double + type: number + required: + - gracefulDecommissionTimeout + - scaleDownFactor + - scaleUpFactor + type: object + required: + - yarnConfig + type: object + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + secondaryWorkerConfig: + description: Optional. Describes how the autoscaler will operate for + secondary workers. + properties: + maxInstances: + description: 'Optional. Maximum number of instances for this group. + Note that by default, clusters will not use secondary workers. + Required for secondary workers if the minimum secondary instances + is set. Primary workers - Bounds: [min_instances, ). Secondary + workers - Bounds: [min_instances, ). Default: 0.' + format: int64 + type: integer + minInstances: + description: 'Optional. Minimum number of instances for this group. + Primary workers - Bounds: . Default: 0.' + format: int64 + type: integer + weight: + description: 'Optional. Weight for the instance group, which is + used to determine the fraction of total workers in the cluster + from this instance group. For example, if primary workers have + weight 2, and secondary workers have weight 1, the cluster will + have approximately 2 primary workers for each secondary worker. + The cluster may not reach the specified balance if constrained + by min/max bounds or other autoscaling settings. For example, + if `max_instances` for secondary workers is 0, then only primary + workers will be added. The cluster can also be out of balance + when created. If weight is not set on any instance group, the + cluster will default to equal weight for all groups: the cluster + will attempt to maintain an equal number of workers in each + group within the configured size bounds for each group. If weight + is set for one group only, the cluster will default to zero + weight on the unset group. For example if weight is set only + on primary workers, the cluster will use primary workers only + and no secondary workers.' + format: int64 + type: integer + type: object + workerConfig: + description: Required. Describes how the autoscaler will operate for + primary workers. + properties: + maxInstances: + description: 'Required. Maximum number of instances for this group. + Required for primary workers. Note that by default, clusters + will not use secondary workers. Required for secondary workers + if the minimum secondary instances is set. Primary workers - + Bounds: [min_instances, ). Secondary workers - Bounds: [min_instances, + ). Default: 0.' + format: int64 + type: integer + minInstances: + description: 'Optional. Minimum number of instances for this group. + Primary workers - Bounds: . Default: 0.' + format: int64 + type: integer + weight: + description: 'Optional. Weight for the instance group, which is + used to determine the fraction of total workers in the cluster + from this instance group. For example, if primary workers have + weight 2, and secondary workers have weight 1, the cluster will + have approximately 2 primary workers for each secondary worker. + The cluster may not reach the specified balance if constrained + by min/max bounds or other autoscaling settings. For example, + if `max_instances` for secondary workers is 0, then only primary + workers will be added. The cluster can also be out of balance + when created. If weight is not set on any instance group, the + cluster will default to equal weight for all groups: the cluster + will attempt to maintain an equal number of workers in each + group within the configured size bounds for each group. If weight + is set for one group only, the cluster will default to zero + weight on the unset group. For example if weight is set only + on primary workers, the cluster will use primary workers only + and no secondary workers.' + format: int64 + type: integer + required: + - maxInstances + type: object + required: + - basicAlgorithm + - location + - workerConfig + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dataprocclusters.dataproc.cnrm.cloud.google.com +spec: + group: dataproc.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataprocCluster + plural: dataprocclusters + shortNames: + - gcpdataproccluster + - gcpdataprocclusters + singular: dataproccluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + config: + description: Immutable. The cluster config. Note that Dataproc may + set default values, and values may change when clusters are updated. + properties: + autoscalingConfig: + description: Immutable. Optional. Autoscaling config for the policy + associated with the cluster. Cluster does not autoscale if this + field is unset. + properties: + policyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. + + Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + dataprocMetricConfig: + description: Immutable. Optional. The config for Dataproc metrics. + properties: + metrics: + description: Immutable. Required. Metrics sources to enable. + items: + properties: + metricOverrides: + description: 'Immutable. Optional. Specify one or more + [available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) + to collect for the metric course (for the `SPARK` + metric source, any [Spark metric] (https://spark.apache.org/docs/latest/monitoring.html#metrics) + can be specified). Provide metrics in the following + format: `METRIC_SOURCE:INSTANCE:GROUP:METRIC` Use + camelcase as appropriate. Examples: ``` yarn:ResourceManager:QueueMetrics:AppsCompleted + spark:driver:DAGScheduler:job.allJobs sparkHistoryServer:JVM:Memory:NonHeapMemoryUsage.committed + hiveserver2:JVM:Memory:NonHeapMemoryUsage.used ``` + Notes: * Only the specified overridden metrics will + be collected for the metric source. For example, if + one or more `spark:executive` metrics are listed as + metric overrides, other `SPARK` metrics will not be + collected. The collection of the default metrics for + other OSS metric sources is unaffected. For example, + if both `SPARK` andd `YARN` metric sources are enabled, + and overrides are provided for Spark metrics only, + all default YARN metrics will be collected.' + items: + type: string + type: array + metricSource: + description: 'Immutable. Required. Default metrics are + collected unless `metricOverrides` are specified for + the metric source (see [Available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) + for more information). Possible values: METRIC_SOURCE_UNSPECIFIED, + MONITORING_AGENT_DEFAULTS, HDFS, SPARK, YARN, SPARK_HISTORY_SERVER, + HIVESERVER2' + type: string + required: + - metricSource + type: object + type: array + required: + - metrics + type: object + encryptionConfig: + description: Immutable. Optional. Encryption settings for the + cluster. + properties: + gcePdKmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + endpointConfig: + description: Immutable. Optional. Port/endpoint configuration + for this cluster + properties: + enableHttpPortAccess: + description: Immutable. Optional. If true, enable http access + to specific ports on the cluster from external sources. + Defaults to false. + type: boolean + type: object + gceClusterConfig: + description: Immutable. Optional. The shared Compute Engine config + settings for all instances in a cluster. + properties: + confidentialInstanceConfig: + description: Immutable. Optional. Confidential Instance Config + for clusters using [Confidential VMs](https://cloud.google.com/compute/confidential-vm/docs). + properties: + enableConfidentialCompute: + description: Immutable. Optional. Defines whether the + instance should have confidential compute enabled. + type: boolean + type: object + internalIPOnly: + description: Immutable. Optional. If true, all instances in + the cluster will only have internal IP addresses. By default, + clusters are not restricted to internal IP addresses, and + will have ephemeral external IP addresses assigned to each + instance. This `internal_ip_only` restriction can only be + enabled for subnetwork enabled networks, and all off-cluster + dependencies must be configured to be accessible without + external IP addresses. + type: boolean + metadata: + additionalProperties: + type: string + description: Immutable. The Compute Engine metadata entries + to add to all instances (see [Project and instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). + type: object + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodeGroupAffinity: + description: Immutable. Optional. Node Group Affinity for + sole-tenant clusters. + properties: + nodeGroupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` + + Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - nodeGroupRef + type: object + privateIPv6GoogleAccess: + description: 'Immutable. Optional. The type of IPv6 access + for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, + INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' + type: string + reservationAffinity: + description: Immutable. Optional. Reservation Affinity for + consuming Zonal reservation. + properties: + consumeReservationType: + description: 'Immutable. Optional. Type of reservation + to consume Possible values: TYPE_UNSPECIFIED, NO_RESERVATION, + ANY_RESERVATION, SPECIFIC_RESERVATION' + type: string + key: + description: Immutable. Optional. Corresponds to the label + key of reservation resource. + type: string + values: + description: Immutable. Optional. Corresponds to the label + values of reservation resource. + items: + type: string + type: array + type: object + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + serviceAccountScopes: + description: 'Immutable. Optional. The URIs of service account + scopes to be included in Compute Engine instances. The following + base set of scopes is always included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly + * https://www.googleapis.com/auth/devstorage.read_write + * https://www.googleapis.com/auth/logging.write If no scopes + are specified, the following defaults are also provided: + * https://www.googleapis.com/auth/bigquery * https://www.googleapis.com/auth/bigtable.admin.table + * https://www.googleapis.com/auth/bigtable.data * https://www.googleapis.com/auth/devstorage.full_control' + items: + type: string + type: array + shieldedInstanceConfig: + description: Immutable. Optional. Shielded Instance Config + for clusters using [Compute Engine Shielded VMs](https://cloud.google.com/security/shielded-cloud/shielded-vm). + properties: + enableIntegrityMonitoring: + description: Immutable. Optional. Defines whether instances + have integrity monitoring enabled. + type: boolean + enableSecureBoot: + description: Immutable. Optional. Defines whether instances + have Secure Boot enabled. + type: boolean + enableVtpm: + description: Immutable. Optional. Defines whether instances + have the vTPM enabled. + type: boolean + type: object + subnetworkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tags: + description: Immutable. The Compute Engine tags to add to + all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). + items: + type: string + type: array + zone: + description: 'Immutable. Optional. The zone where the Compute + Engine cluster will be located. On a create request, it + is required in the "global" region. If omitted in a non-global + Dataproc region, the service will pick a zone in the corresponding + Compute Engine region. On a get request, zone will always + be present. A full URL, partial URI, or short name are valid. + Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` + * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + type: string + type: object + initializationActions: + description: 'Immutable. Optional. Commands to execute on each + node after config is completed. By default, executables are + run on master and all worker nodes. You can test a node''s `role` + metadata to run an executable on a master or worker node, as + shown below using `curl` (you can also use `wget`): ROLE=$(curl + -H Metadata-Flavor:Google http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) + if [[ "${ROLE}" == ''Master'' ]]; then ... master specific actions + ... else ... worker specific actions ... fi' + items: + properties: + executableFile: + description: Immutable. Required. Cloud Storage URI of executable + file. + type: string + executionTimeout: + description: Immutable. Optional. Amount of time executable + has to complete. Default is 10 minutes (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + Cluster creation fails with an explanatory error message + (the name of the executable that caused the error and + the exceeded timeout period) if the executable is not + completed at end of the timeout period. + type: string + required: + - executableFile + type: object + type: array + lifecycleConfig: + description: Immutable. Optional. Lifecycle setting for the cluster. + properties: + autoDeleteTime: + description: Immutable. Optional. The time when cluster will + be auto-deleted (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + autoDeleteTtl: + description: Immutable. Optional. The lifetime duration of + cluster. The cluster will be auto-deleted at the end of + this period. Minimum value is 10 minutes; maximum value + is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + idleDeleteTtl: + description: Immutable. Optional. The duration to keep the + cluster alive while idling (when no jobs are running). Passing + this threshold will cause the cluster to be deleted. Minimum + value is 5 minutes; maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + type: object + masterConfig: + description: Immutable. Optional. The Compute Engine config settings + for the master instance in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + metastoreConfig: + description: Immutable. Optional. Metastore configuration. + properties: + dataprocMetastoreServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Required. Resource name of an existing Dataproc + Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + type: string + name: + description: |- + [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - dataprocMetastoreServiceRef + type: object + secondaryWorkerConfig: + description: Immutable. Optional. The Compute Engine config settings + for additional worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + securityConfig: + description: Immutable. Optional. Security settings for the cluster. + properties: + identityConfig: + description: Immutable. Optional. Identity related configuration, + including service account based secure multi-tenancy user + mappings. + properties: + userServiceAccountMapping: + additionalProperties: + type: string + description: Immutable. Required. Map of user to service + account. + type: object + required: + - userServiceAccountMapping + type: object + kerberosConfig: + description: Immutable. Optional. Kerberos related configuration. + properties: + crossRealmTrustAdminServer: + description: Immutable. Optional. The admin server (IP + or hostname) for the remote trusted realm in a cross + realm trust relationship. + type: string + crossRealmTrustKdc: + description: Immutable. Optional. The KDC (IP or hostname) + for the remote trusted realm in a cross realm trust + relationship. + type: string + crossRealmTrustRealm: + description: Immutable. Optional. The remote realm the + Dataproc on-cluster KDC will trust, should the user + enable cross realm trust. + type: string + crossRealmTrustSharedPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the shared password + between the on-cluster Kerberos realm and the remote + trusted realm, in a cross realm trust relationship. + type: string + enableKerberos: + description: 'Immutable. Optional. Flag to indicate whether + to Kerberize the cluster (default: false). Set this + field to true to enable Kerberos on a cluster.' + type: boolean + kdcDbKey: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the master key of + the KDC database. + type: string + keyPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided key. For the self-signed certificate, + this password is generated by Dataproc. + type: string + keystore: + description: Immutable. Optional. The Cloud Storage URI + of the keystore file used for SSL encryption. If not + provided, Dataproc will provide a self-signed certificate. + type: string + keystorePassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided keystore. For the self-signed certificate, + this password is generated by Dataproc. + type: string + kmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The uri of the KMS key used to encrypt various sensitive files. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + realm: + description: Immutable. Optional. The name of the on-cluster + Kerberos realm. If not specified, the uppercased domain + of hostnames will be the realm. + type: string + rootPrincipalPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the root principal + password. + type: string + tgtLifetimeHours: + description: Immutable. Optional. The lifetime of the + ticket granting ticket, in hours. If not specified, + or user specifies 0, then default value 10 will be used. + format: int64 + type: integer + truststore: + description: Immutable. Optional. The Cloud Storage URI + of the truststore file used for SSL encryption. If not + provided, Dataproc will provide a self-signed certificate. + type: string + truststorePassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided truststore. For the self-signed certificate, + this password is generated by Dataproc. + type: string + type: object + type: object + softwareConfig: + description: Immutable. Optional. The config settings for software + inside the cluster. + properties: + imageVersion: + description: Immutable. Optional. The version of software + inside the cluster. It must be one of the supported [Dataproc + Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), + such as "1.2" (including a subminor version, such as "1.2.29"), + or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). + If unspecified, it defaults to the latest Debian version. + type: string + optionalComponents: + description: Immutable. Optional. The set of components to + activate on the cluster. + items: + type: string + type: array + properties: + additionalProperties: + type: string + description: 'Immutable. Optional. The properties to set on + daemon config files. Property keys are specified in `prefix:property` + format, for example `core:hadoop.tmp.dir`. The following + are supported prefixes and their mappings: * capacity-scheduler: + `capacity-scheduler.xml` * core: `core-site.xml` * distcp: + `distcp-default.xml` * hdfs: `hdfs-site.xml` * hive: `hive-site.xml` + * mapred: `mapred-site.xml` * pig: `pig.properties` * spark: + `spark-defaults.conf` * yarn: `yarn-site.xml` For more information, + see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + stagingBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tempBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + workerConfig: + description: Immutable. Optional. The Compute Engine config settings + for worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + type: object + location: + description: Immutable. The location for the resource, usually a GCP + region. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The Google Cloud Platform project ID that the cluster belongs to. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + virtualClusterConfig: + description: Immutable. Optional. The virtual cluster config is used + when creating a Dataproc cluster that does not directly control + the underlying compute resources, for example, when creating a [Dataproc-on-GKE + cluster](https://cloud.google.com/dataproc/docs/guides/dpgke/dataproc-gke). + Dataproc may set default values, and values may change when clusters + are updated. Exactly one of config or virtual_cluster_config must + be specified. + properties: + auxiliaryServicesConfig: + description: Immutable. Optional. Configuration of auxiliary services + used by this cluster. + properties: + metastoreConfig: + description: Immutable. Optional. The Hive Metastore configuration + for this workload. + properties: + dataprocMetastoreServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Required. Resource name of an existing + Dataproc Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + type: string + name: + description: |- + [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - dataprocMetastoreServiceRef + type: object + sparkHistoryServerConfig: + description: Immutable. Optional. The Spark History Server + configuration for the workload. + properties: + dataprocClusterRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. Resource name of an existing Dataproc Cluster to act as a Spark History Server for the workload. Example: * `projects/[project_id]/regions/[region]/clusters/[cluster_name]` + + Allowed value: The `selfLink` field of a `DataprocCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + kubernetesClusterConfig: + description: Immutable. Required. The configuration for running + the Dataproc cluster on Kubernetes. + properties: + gkeClusterConfig: + description: Immutable. Required. The configuration for running + the Dataproc cluster on GKE. + properties: + gkeClusterTargetRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A target GKE cluster to deploy to. It must be in the same project and region as the Dataproc cluster (the GKE cluster can be zonal or regional). Format: 'projects/{project}/locations/{location}/clusters/{cluster_id}' + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodePoolTarget: + description: Immutable. Optional. GKE node pools where + workloads will be scheduled. At least one node pool + must be assigned the `DEFAULT` GkeNodePoolTarget.Role. + If a `GkeNodePoolTarget` is not specified, Dataproc + constructs a `DEFAULT` `GkeNodePoolTarget`. Each role + can be given to only one `GkeNodePoolTarget`. All node + pools must have the same location settings. + items: + properties: + nodePoolConfig: + description: Immutable. Input only. The configuration + for the GKE node pool. If specified, Dataproc + attempts to create a node pool with the specified + shape. If one with the same name already exists, + it is verified against all specified fields. If + a field differs, the virtual cluster creation + will fail. If omitted, any node pool with the + specified name is used. If a node pool with the + specified name does not exist, Dataproc create + a node pool with default values. This is an input + only field. It will not be returned by the API. + properties: + autoscaling: + description: Immutable. Optional. The autoscaler + configuration for this node pool. The autoscaler + is enabled only when a valid configuration + is present. + properties: + maxNodeCount: + description: Immutable. The maximum number + of nodes in the node pool. Must be >= + min_node_count, and must be > 0. **Note:** + Quota must be sufficient to scale up the + cluster. + format: int64 + type: integer + minNodeCount: + description: Immutable. The minimum number + of nodes in the node pool. Must be >= + 0 and <= max_node_count. + format: int64 + type: integer + type: object + config: + description: Immutable. Optional. The node pool + configuration. + properties: + accelerators: + description: Immutable. Optional. A list + of [hardware accelerators](https://cloud.google.com/compute/docs/gpus) + to attach to each node. + items: + properties: + acceleratorCount: + description: Immutable. The number + of accelerator cards exposed to + an instance. + format: int64 + type: integer + acceleratorType: + description: Immutable. The accelerator + type resource namename (see GPUs + on Compute Engine). + type: string + gpuPartitionSize: + description: Immutable. Size of partitions + to create on the GPU. Valid values + are described in the NVIDIA [mig + user guide](https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). + type: string + type: object + type: array + bootDiskKmsKey: + description: 'Immutable. Optional. The [Customer + Managed Encryption Key (CMEK)] (https://cloud.google.com/kubernetes-engine/docs/how-to/using-cmek) + used to encrypt the boot disk attached + to each node in the node pool. Specify + the key using the following format: `projects/KEY_PROJECT_ID/locations/LOCATION/keyRings/RING_NAME/cryptoKeys/KEY_NAME`.' + type: string + ephemeralStorageConfig: + description: Immutable. Optional. Parameters + for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed + by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local + SSDs to use to back ephemeral storage. + Uses NVMe interfaces. Each local SSD + is 375 GB in size. If zero, it means + to disable using local SSDs as ephemeral + storage. + format: int64 + type: integer + type: object + localSsdCount: + description: Immutable. Optional. The number + of local SSD disks to attach to the node, + which is limited by the maximum number + of disks allowable per zone (see [Adding + Local SSDs](https://cloud.google.com/compute/docs/disks/local-ssd)). + format: int64 + type: integer + machineType: + description: Immutable. Optional. The name + of a Compute Engine [machine type](https://cloud.google.com/compute/docs/machine-types). + type: string + minCpuPlatform: + description: Immutable. Optional. [Minimum + CPU platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform) + to be used by this instance. The instance + may be scheduled on the specified or a + newer CPU platform. Specify the friendly + names of CPU platforms, such as "Intel + Haswell"` or Intel Sandy Bridge". + type: string + preemptible: + description: Immutable. Optional. Whether + the nodes are created as legacy [preemptible + VM instances] (https://cloud.google.com/compute/docs/instances/preemptible). + Also see Spot VMs, preemptible VM instances + without a maximum lifetime. Legacy and + Spot preemptible nodes cannot be used + in a node pool with the `CONTROLLER` [role] + (/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) + or in the DEFAULT node pool if the CONTROLLER + role is not assigned (the DEFAULT node + pool will assume the CONTROLLER role). + type: boolean + spot: + description: Immutable. Optional. Whether + the nodes are created as [Spot VM instances] + (https://cloud.google.com/compute/docs/instances/spot). + Spot VMs are the latest update to legacy + preemptible VMs. Spot VMs do not have + a maximum lifetime. Legacy and Spot preemptible + nodes cannot be used in a node pool with + the `CONTROLLER` [role](/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) + or in the DEFAULT node pool if the CONTROLLER + role is not assigned (the DEFAULT node + pool will assume the CONTROLLER role). + type: boolean + type: object + locations: + description: Immutable. Optional. The list of + Compute Engine [zones](https://cloud.google.com/compute/docs/zones#available) + where node pool nodes associated with a Dataproc + on GKE virtual cluster will be located. **Note:** + All node pools associated with a virtual cluster + must be located in the same region as the + virtual cluster, and they must be located + in the same zone within that region. If a + location is not specified during node pool + creation, Dataproc on GKE will choose the + zone. + items: + type: string + type: array + type: object + nodePoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The target GKE node pool. Format: 'projects/{project}/locations/{location}/clusters/{cluster}/nodePools/{node_pool}' + + Allowed value: The `selfLink` field of a `ContainerNodePool` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + roles: + description: Immutable. Required. The roles associated + with the GKE node pool. + items: + type: string + type: array + required: + - nodePoolRef + - roles + type: object + type: array + type: object + kubernetesNamespace: + description: Immutable. Optional. A namespace within the Kubernetes + cluster to deploy into. If this namespace does not exist, + it is created. If it exists, Dataproc verifies that another + Dataproc VirtualCluster is not installed into it. If not + specified, the name of the Dataproc Cluster is used. + type: string + kubernetesSoftwareConfig: + description: Immutable. Optional. The software configuration + for this Dataproc cluster running on Kubernetes. + properties: + componentVersion: + additionalProperties: + type: string + description: Immutable. The components that should be + installed in this Dataproc cluster. The key must be + a string from the KubernetesComponent enumeration. The + value is the version of the software to be installed. + At least one entry must be specified. + type: object + properties: + additionalProperties: + type: string + description: 'Immutable. The properties to set on daemon + config files. Property keys are specified in `prefix:property` + format, for example `spark:spark.kubernetes.container.image`. + The following are supported prefixes and their mappings: + * spark: `spark-defaults.conf` For more information, + see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + required: + - gkeClusterConfig + type: object + stagingBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging and temp buckets](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a `gs://...` URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kubernetesClusterConfig + type: object + required: + - location + type: object + status: + properties: + clusterUuid: + description: Output only. A cluster UUID (Unique Universal Identifier). + Dataproc generates this value when it creates the cluster. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + config: + properties: + endpointConfig: + properties: + httpPorts: + additionalProperties: + type: string + description: Output only. The map of port descriptions to + URLs. Will only be populated if enable_http_port_access + is true. + type: object + type: object + lifecycleConfig: + properties: + idleStartTime: + description: Output only. The time when cluster became idle + (most recent job finished) and became eligible for deletion + due to idleness (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + type: object + masterConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + secondaryWorkerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + workerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + type: object + metrics: + description: 'Output only. Contains cluster daemon metrics such as + HDFS and YARN stats. **Beta Feature**: This report is available + for testing purposes only. It may be changed before final release.' + properties: + hdfsMetrics: + additionalProperties: + type: string + description: The HDFS metrics. + type: object + yarnMetrics: + additionalProperties: + type: string + description: The YARN metrics. + type: object + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + status: + description: Output only. Cluster status. + properties: + detail: + description: Optional. Output only. Details of cluster's state. + type: string + state: + description: 'Output only. The cluster''s state. Possible values: + UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, + STOPPED, STARTING' + type: string + stateStartTime: + description: Output only. Time when this state was entered (see + JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + substate: + description: 'Output only. Additional state information that includes + status reported by the agent. Possible values: UNSPECIFIED, + UNHEALTHY, STALE_STATUS' + type: string + type: object + statusHistory: + description: Output only. The previous cluster status. + items: + properties: + detail: + description: Optional. Output only. Details of cluster's state. + type: string + state: + description: 'Output only. The cluster''s state. Possible values: + UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, + STOPPED, STARTING' + type: string + stateStartTime: + description: Output only. Time when this state was entered (see + JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + substate: + description: 'Output only. Additional state information that + includes status reported by the agent. Possible values: UNSPECIFIED, + UNHEALTHY, STALE_STATUS' + type: string + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dataprocworkflowtemplates.dataproc.cnrm.cloud.google.com +spec: + group: dataproc.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataprocWorkflowTemplate + plural: dataprocworkflowtemplates + shortNames: + - gcpdataprocworkflowtemplate + - gcpdataprocworkflowtemplates + singular: dataprocworkflowtemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dagTimeout: + description: Immutable. Optional. Timeout duration for the DAG of + jobs, expressed in seconds (see [JSON representation of duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + The timeout duration must be from 10 minutes ("600s") to 24 hours + ("86400s"). The timer begins when the first job is submitted. If + the workflow is running at the end of the timeout period, any remaining + jobs are cancelled, the workflow is ended, and if the workflow was + running on a [managed cluster](/dataproc/docs/concepts/workflows/using-workflows#configuring_or_selecting_a_cluster), + the cluster is deleted. + type: string + jobs: + description: Immutable. Required. The Directed Acyclic Graph of Jobs + to submit. + items: + properties: + hadoopJob: + description: Immutable. Optional. Job is a Hadoop job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted in the working directory of Hadoop drivers + and tasks. Supported file types: .jar, .tar, .tar.gz, + .tgz, or .zip.' + items: + type: string + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `-libjars` + or `-Dfoo=bar`, that can be set as job properties, since + a collision may occur that causes an incorrect job submission. + items: + type: string + type: array + fileUris: + description: Immutable. Optional. HCFS (Hadoop Compatible + Filesystem) URIs of files to be copied to the working + directory of Hadoop drivers and distributed tasks. Useful + for naively parallel tasks. + items: + type: string + type: array + jarFileUris: + description: Immutable. Optional. Jar file URIs to add to + the CLASSPATHs of the Hadoop driver and tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainClass: + description: Immutable. The name of the driver's main class. + The jar file containing the class must be in the default + CLASSPATH or specified in `jar_file_uris`. + type: string + mainJarFileUri: + description: 'Immutable. The HCFS URI of the jar file containing + the main class. Examples: ''gs://foo-bucket/analytics-binaries/extract-useful-metrics-mr.jar'' + ''hdfs:/tmp/test-samples/custom-wordcount.jar'' ''file:///home/usr/lib/hadoop-mapreduce/hadoop-mapreduce-examples.jar''' + type: string + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure Hadoop. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/hadoop/conf/*-site + and classes in user code. + type: object + type: object + hiveJob: + description: Immutable. Optional. Job is a Hive job. + properties: + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATH of the Hive server and Hadoop + MapReduce (MR) tasks. Can contain Hive SerDes and UDFs. + items: + type: string + type: array + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names and values, used to configure Hive. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/hadoop/conf/*-site.xml, + /etc/hive/conf/hive-site.xml, and classes in user code. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains Hive queries. + type: string + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + scriptVariables: + additionalProperties: + type: string + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Hive command: `SET + name="value";`).' + type: object + type: object + labels: + additionalProperties: + type: string + description: 'Immutable. Optional. The labels to associate with + this job. Label keys must be between 1 and 63 characters long, + and must conform to the following regular expression: p{Ll}p{Lo}{0,62} + Label values must be between 1 and 63 characters long, and + must conform to the following regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} + No more than 32 labels can be associated with a given job.' + type: object + pigJob: + description: Immutable. Optional. Job is a Pig job. + properties: + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATH of the Pig Client and Hadoop MapReduce + (MR) tasks. Can contain Pig UDFs. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure Pig. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/hadoop/conf/*-site.xml, + /etc/pig/conf/pig.properties, and classes in user code. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains the Pig queries. + type: string + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + scriptVariables: + additionalProperties: + type: string + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Pig command: `name=[value]`).' + type: object + type: object + prerequisiteStepIds: + description: Immutable. Optional. The optional list of prerequisite + job step_ids. If not specified, the job will start at the + beginning of workflow. + items: + type: string + type: array + prestoJob: + description: Immutable. Optional. Job is a Presto job. + properties: + clientTags: + description: Immutable. Optional. Presto client tags to + attach to this query + items: + type: string + type: array + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + outputFormat: + description: Immutable. Optional. The format in which query + output will be displayed. See the Presto documentation + for supported output formats + type: string + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values. Used to set Presto [session properties](https://prestodb.io/docs/current/sql/set-session.html) + Equivalent to using the --session flag in the Presto CLI + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains SQL queries. + type: string + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + type: object + pysparkJob: + description: Immutable. Optional. Job is a PySpark job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: + type: string + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: + type: string + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: + type: string + type: array + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATHs of the Python driver and tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainPythonFileUri: + description: Immutable. Required. The HCFS URI of the main + Python file to use as the driver. Must be a .py file. + type: string + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure PySpark. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + pythonFileUris: + description: 'Immutable. Optional. HCFS file URIs of Python + files to pass to the PySpark framework. Supported file + types: .py, .egg, and .zip.' + items: + type: string + type: array + required: + - mainPythonFileUri + type: object + scheduling: + description: Immutable. Optional. Job scheduling configuration. + properties: + maxFailuresPerHour: + description: Immutable. Optional. Maximum number of times + per hour a driver may be restarted as a result of driver + exiting with non-zero code before job is reported failed. + A job may be reported as thrashing if driver exits with + non-zero code 4 times within 10 minute window. Maximum + value is 10. + format: int64 + type: integer + maxFailuresTotal: + description: Immutable. Optional. Maximum number of times + in total a driver may be restarted as a result of driver + exiting with non-zero code before job is reported failed. + Maximum value is 240. + format: int64 + type: integer + type: object + sparkJob: + description: Immutable. Optional. Job is a Spark job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: + type: string + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: + type: string + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: + type: string + type: array + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATHs of the Spark driver and tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainClass: + description: Immutable. The name of the driver's main class. + The jar file that contains the class must be in the default + CLASSPATH or specified in `jar_file_uris`. + type: string + mainJarFileUri: + description: Immutable. The HCFS URI of the jar file that + contains the main class. + type: string + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure Spark. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + type: object + sparkRJob: + description: Immutable. Optional. Job is a SparkR job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: + type: string + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: + type: string + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainRFileUri: + description: Immutable. Required. The HCFS URI of the main + R file to use as the driver. Must be a .R file. + type: string + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure SparkR. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + required: + - mainRFileUri + type: object + sparkSqlJob: + description: Immutable. Optional. Job is a SparkSql job. + properties: + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to be added to the Spark CLASSPATH. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure Spark SQL's SparkConf. + Properties that conflict with values set by the Dataproc + API may be overwritten. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains SQL queries. + type: string + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + scriptVariables: + additionalProperties: + type: string + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Spark SQL command: + SET `name="value";`).' + type: object + type: object + stepId: + description: Immutable. Required. The step id. The id must be + unique among all jobs within the template. The step id is + used as prefix for job id, as job `goog-dataproc-workflow-step-id` + label, and in prerequisiteStepIds field from other steps. + The id must contain only letters (a-z, A-Z), numbers (0-9), + underscores (_), and hyphens (-). Cannot begin or end with + underscore or hyphen. Must consist of between 3 and 50 characters. + type: string + required: + - stepId + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + parameters: + description: Immutable. Optional. Template parameters whose values + are substituted into the template. Values for parameters must be + provided when the template is instantiated. + items: + properties: + description: + description: Immutable. Optional. Brief description of the parameter. + Must not exceed 1024 characters. + type: string + fields: + description: 'Immutable. Required. Paths to all fields that + the parameter replaces. A field is allowed to appear in at + most one parameter''s list of field paths. A field path is + similar in syntax to a google.protobuf.FieldMask. For example, + a field path that references the zone field of a workflow + template''s cluster selector would be specified as `placement.clusterSelector.zone`. + Also, field paths can reference fields using the following + syntax: * Values in maps can be referenced by key: * labels[''key''] + * placement.clusterSelector.clusterLabels[''key''] * placement.managedCluster.labels[''key''] + * placement.clusterSelector.clusterLabels[''key''] * jobs[''step-id''].labels[''key''] + * Jobs in the jobs list can be referenced by step-id: * jobs[''step-id''].hadoopJob.mainJarFileUri + * jobs[''step-id''].hiveJob.queryFileUri * jobs[''step-id''].pySparkJob.mainPythonFileUri + * jobs[''step-id''].hadoopJob.jarFileUris[0] * jobs[''step-id''].hadoopJob.archiveUris[0] + * jobs[''step-id''].hadoopJob.fileUris[0] * jobs[''step-id''].pySparkJob.pythonFileUris[0] + * Items in repeated fields can be referenced by a zero-based + index: * jobs[''step-id''].sparkJob.args[0] * Other examples: + * jobs[''step-id''].hadoopJob.properties[''key''] * jobs[''step-id''].hadoopJob.args[0] + * jobs[''step-id''].hiveJob.scriptVariables[''key''] * jobs[''step-id''].hadoopJob.mainJarFileUri + * placement.clusterSelector.zone It may not be possible to + parameterize maps and repeated fields in their entirety since + only individual map values and individual items in repeated + fields can be referenced. For example, the following field + paths are invalid: - placement.clusterSelector.clusterLabels + - jobs[''step-id''].sparkJob.args' + items: + type: string + type: array + name: + description: Immutable. Required. Parameter name. The parameter + name is used as the key, and paired with the parameter value, + which are passed to the template when the template is instantiated. + The name must contain only capital letters (A-Z), numbers + (0-9), and underscores (_), and must not start with a number. + The maximum length is 40 characters. + type: string + validation: + description: Immutable. Optional. Validation rules to be applied + to this parameter's value. + properties: + regex: + description: Immutable. Validation based on regular expressions. + properties: + regexes: + description: Immutable. Required. RE2 regular expressions + used to validate the parameter's value. The value + must match the regex in its entirety (substring matches + are not sufficient). + items: + type: string + type: array + required: + - regexes + type: object + values: + description: Immutable. Validation based on a list of allowed + values. + properties: + values: + description: Immutable. Required. List of allowed values + for the parameter. + items: + type: string + type: array + required: + - values + type: object + type: object + required: + - fields + - name + type: object + type: array + placement: + description: Immutable. Required. WorkflowTemplate scheduling information. + properties: + clusterSelector: + description: Immutable. Optional. A selector that chooses target + cluster for jobs based on metadata. The selector is evaluated + at the time each job is submitted. + properties: + clusterLabels: + additionalProperties: + type: string + description: Immutable. Required. The cluster labels. Cluster + must have all labels to match. + type: object + zone: + description: Immutable. Optional. The zone where workflow + process executes. This parameter does not affect the selection + of the cluster. If unspecified, the zone of the first cluster + matching the selector is used. + type: string + required: + - clusterLabels + type: object + managedCluster: + description: Immutable. A cluster that is managed by the workflow. + properties: + clusterName: + description: Immutable. Required. The cluster name prefix. + A unique cluster name will be formed by appending a random + suffix. The name must contain only lower-case letters (a-z), + numbers (0-9), and hyphens (-). Must begin with a letter. + Cannot begin or end with hyphen. Must consist of between + 2 and 35 characters. + type: string + config: + description: Immutable. Required. The cluster configuration. + properties: + autoscalingConfig: + description: Immutable. Optional. Autoscaling config for + the policy associated with the cluster. Cluster does + not autoscale if this field is unset. + properties: + policyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. + + Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + encryptionConfig: + description: Immutable. Optional. Encryption settings + for the cluster. + properties: + gcePdKmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + endpointConfig: + description: Immutable. Optional. Port/endpoint configuration + for this cluster + properties: + enableHttpPortAccess: + description: Immutable. Optional. If true, enable + http access to specific ports on the cluster from + external sources. Defaults to false. + type: boolean + type: object + gceClusterConfig: + description: Immutable. Optional. The shared Compute Engine + config settings for all instances in a cluster. + properties: + internalIPOnly: + description: Immutable. Optional. If true, all instances + in the cluster will only have internal IP addresses. + By default, clusters are not restricted to internal + IP addresses, and will have ephemeral external IP + addresses assigned to each instance. This `internal_ip_only` + restriction can only be enabled for subnetwork enabled + networks, and all off-cluster dependencies must + be configured to be accessible without external + IP addresses. + type: boolean + metadata: + additionalProperties: + type: string + description: Immutable. The Compute Engine metadata + entries to add to all instances (see [Project and + instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). + type: object + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodeGroupAffinity: + description: Immutable. Optional. Node Group Affinity + for sole-tenant clusters. + properties: + nodeGroupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` + + Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - nodeGroupRef + type: object + privateIPv6GoogleAccess: + description: 'Immutable. Optional. The type of IPv6 + access for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, + INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' + type: string + reservationAffinity: + description: Immutable. Optional. Reservation Affinity + for consuming Zonal reservation. + properties: + consumeReservationType: + description: 'Immutable. Optional. Type of reservation + to consume Possible values: TYPE_UNSPECIFIED, + NO_RESERVATION, ANY_RESERVATION, SPECIFIC_RESERVATION' + type: string + key: + description: Immutable. Optional. Corresponds + to the label key of reservation resource. + type: string + values: + description: Immutable. Optional. Corresponds + to the label values of reservation resource. + items: + type: string + type: array + type: object + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + serviceAccountScopes: + description: 'Immutable. Optional. The URIs of service + account scopes to be included in Compute Engine + instances. The following base set of scopes is always + included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly + * https://www.googleapis.com/auth/devstorage.read_write + * https://www.googleapis.com/auth/logging.write + If no scopes are specified, the following defaults + are also provided: * https://www.googleapis.com/auth/bigquery + * https://www.googleapis.com/auth/bigtable.admin.table + * https://www.googleapis.com/auth/bigtable.data + * https://www.googleapis.com/auth/devstorage.full_control' + items: + type: string + type: array + shieldedInstanceConfig: + description: Immutable. Optional. Shielded Instance + Config for clusters using Compute Engine Shielded + VMs. + properties: + enableIntegrityMonitoring: + description: Immutable. Optional. Defines whether + instances have integrity monitoring enabled. + Integrity monitoring compares the most recent + boot measurements to the integrity policy baseline + and returns a pair of pass/fail results depending + on whether they match or not. + type: boolean + enableSecureBoot: + description: Immutable. Optional. Defines whether + the instances have Secure Boot enabled. Secure + Boot helps ensure that the system only runs + authentic software by verifying the digital + signature of all boot components, and halting + the boot process if signature verification fails. + type: boolean + enableVtpm: + description: Immutable. Optional. Defines whether + the instance have the vTPM enabled. Virtual + Trusted Platform Module protects objects like + keys, certificates and enables Measured Boot + by performing the measurements needed to create + a known good boot baseline, called the integrity + policy baseline. + type: boolean + type: object + subnetworkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tags: + description: Immutable. The Compute Engine tags to + add to all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). + items: + type: string + type: array + zone: + description: 'Immutable. Optional. The zone where + the Compute Engine cluster will be located. On a + create request, it is required in the "global" region. + If omitted in a non-global Dataproc region, the + service will pick a zone in the corresponding Compute + Engine region. On a get request, zone will always + be present. A full URL, partial URI, or short name + are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` + * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + type: string + type: object + initializationActions: + description: 'Immutable. Optional. Commands to execute + on each node after config is completed. By default, + executables are run on master and all worker nodes. + You can test a node''s `role` metadata to run an executable + on a master or worker node, as shown below using `curl` + (you can also use `wget`): ROLE=$(curl -H Metadata-Flavor:Google + http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) + if [[ "${ROLE}" == ''Master'' ]]; then ... master specific + actions ... else ... worker specific actions ... fi' + items: + properties: + executableFile: + description: Immutable. Required. Cloud Storage + URI of executable file. + type: string + executionTimeout: + description: Immutable. Optional. Amount of time + executable has to complete. Default is 10 minutes + (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + Cluster creation fails with an explanatory error + message (the name of the executable that caused + the error and the exceeded timeout period) if + the executable is not completed at end of the + timeout period. + type: string + type: object + type: array + lifecycleConfig: + description: Immutable. Optional. Lifecycle setting for + the cluster. + properties: + autoDeleteTime: + description: Immutable. Optional. The time when cluster + will be auto-deleted (see JSON representation of + [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + autoDeleteTtl: + description: Immutable. Optional. The lifetime duration + of cluster. The cluster will be auto-deleted at + the end of this period. Minimum value is 10 minutes; + maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + idleDeleteTtl: + description: Immutable. Optional. The duration to + keep the cluster alive while idling (when no jobs + are running). Passing this threshold will cause + the cluster to be deleted. Minimum value is 5 minutes; + maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + type: object + masterConfig: + description: Immutable. Optional. The Compute Engine config + settings for the master instance in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + secondaryWorkerConfig: + description: Immutable. Optional. The Compute Engine config + settings for additional worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + securityConfig: + description: Immutable. Optional. Security settings for + the cluster. + properties: + kerberosConfig: + description: Immutable. Optional. Kerberos related + configuration. + properties: + crossRealmTrustAdminServer: + description: Immutable. Optional. The admin server + (IP or hostname) for the remote trusted realm + in a cross realm trust relationship. + type: string + crossRealmTrustKdc: + description: Immutable. Optional. The KDC (IP + or hostname) for the remote trusted realm in + a cross realm trust relationship. + type: string + crossRealmTrustRealm: + description: Immutable. Optional. The remote realm + the Dataproc on-cluster KDC will trust, should + the user enable cross realm trust. + type: string + crossRealmTrustSharedPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the shared + password between the on-cluster Kerberos realm + and the remote trusted realm, in a cross realm + trust relationship. + type: string + enableKerberos: + description: 'Immutable. Optional. Flag to indicate + whether to Kerberize the cluster (default: false). + Set this field to true to enable Kerberos on + a cluster.' + type: boolean + kdcDbKey: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the master + key of the KDC database. + type: string + keyPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided key. For the self-signed + certificate, this password is generated by Dataproc. + type: string + keystore: + description: Immutable. Optional. The Cloud Storage + URI of the keystore file used for SSL encryption. + If not provided, Dataproc will provide a self-signed + certificate. + type: string + keystorePassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided keystore. For the self-signed + certificate, this password is generated by Dataproc. + type: string + kmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The uri of the KMS key used to encrypt various sensitive files. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + realm: + description: Immutable. Optional. The name of + the on-cluster Kerberos realm. If not specified, + the uppercased domain of hostnames will be the + realm. + type: string + rootPrincipalPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the root + principal password. + type: string + tgtLifetimeHours: + description: Immutable. Optional. The lifetime + of the ticket granting ticket, in hours. If + not specified, or user specifies 0, then default + value 10 will be used. + format: int64 + type: integer + truststore: + description: Immutable. Optional. The Cloud Storage + URI of the truststore file used for SSL encryption. + If not provided, Dataproc will provide a self-signed + certificate. + type: string + truststorePassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided truststore. For the self-signed + certificate, this password is generated by Dataproc. + type: string + type: object + type: object + softwareConfig: + description: Immutable. Optional. The config settings + for software inside the cluster. + properties: + imageVersion: + description: Immutable. Optional. The version of software + inside the cluster. It must be one of the supported + [Dataproc Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), + such as "1.2" (including a subminor version, such + as "1.2.29"), or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). + If unspecified, it defaults to the latest Debian + version. + type: string + optionalComponents: + description: Immutable. Optional. The set of components + to activate on the cluster. + items: + type: string + type: array + properties: + additionalProperties: + type: string + description: 'Immutable. Optional. The properties + to set on daemon config files. Property keys are + specified in `prefix:property` format, for example + `core:hadoop.tmp.dir`. The following are supported + prefixes and their mappings: * capacity-scheduler: + `capacity-scheduler.xml` * core: `core-site.xml` + * distcp: `distcp-default.xml` * hdfs: `hdfs-site.xml` + * hive: `hive-site.xml` * mapred: `mapred-site.xml` + * pig: `pig.properties` * spark: `spark-defaults.conf` + * yarn: `yarn-site.xml` For more information, see + [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + stagingBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tempBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + workerConfig: + description: Immutable. Optional. The Compute Engine config + settings for worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + type: object + labels: + additionalProperties: + type: string + description: 'Immutable. Optional. The labels to associate + with this cluster. Label keys must be between 1 and 63 characters + long, and must conform to the following PCRE regular expression: + p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters + long, and must conform to the following PCRE regular expression: + [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated + with a given cluster.' + type: object + required: + - clusterName + - config + type: object + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - jobs + - location + - placement + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time template was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + placement: + properties: + managedCluster: + properties: + config: + properties: + endpointConfig: + properties: + httpPorts: + additionalProperties: + type: string + description: Output only. The map of port descriptions + to URLs. Will only be populated if enable_http_port_access + is true. + type: object + type: object + lifecycleConfig: + properties: + idleStartTime: + description: Output only. The time when cluster became + idle (most recent job finished) and became eligible + for deletion due to idleness (see JSON representation + of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + type: object + masterConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + secondaryWorkerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + workerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + type: object + type: object + type: object + updateTime: + description: Output only. The time template was last updated. + format: date-time + type: string + version: + description: Output only. The current version of this workflow template. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datastoreindexes.datastore.cnrm.cloud.google.com +spec: + group: datastore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DatastoreIndex + plural: datastoreindexes + shortNames: + - gcpdatastoreindex + - gcpdatastoreindexes + singular: datastoreindex + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + ancestor: + description: 'Immutable. Policy for including ancestors in the index. + Default value: "NONE" Possible values: ["NONE", "ALL_ANCESTORS"].' + type: string + kind: + description: Immutable. The entity kind which the index applies to. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + properties: + description: Immutable. An ordered list of properties to index on. + items: + properties: + direction: + description: 'Immutable. The direction the index should optimize + for sorting. Possible values: ["ASCENDING", "DESCENDING"].' + type: string + name: + description: Immutable. The property name to index. + type: string + required: + - direction + - name + type: object + type: array + resourceID: + description: Immutable. Optional. The service-generated indexId of + the resource. Used for acquisition only. Leave unset to create a + new resource. + type: string + required: + - kind + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + indexId: + description: The index id. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datastreamconnectionprofiles.datastream.cnrm.cloud.google.com +spec: + group: datastream.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DatastreamConnectionProfile + plural: datastreamconnectionprofiles + shortNames: + - gcpdatastreamconnectionprofile + - gcpdatastreamconnectionprofiles + singular: datastreamconnectionprofile + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bigqueryProfile: + description: BigQuery warehouse profile. + type: object + x-kubernetes-preserve-unknown-fields: true + displayName: + description: Display name. + type: string + forwardSshConnectivity: + description: Forward SSH tunnel connectivity. + properties: + hostname: + description: Hostname for the SSH tunnel. + type: string + password: + description: Immutable. SSH password. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the SSH tunnel. + type: integer + privateKey: + description: Immutable. SSH private key. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + description: Username for the SSH tunnel. + type: string + required: + - hostname + - username + type: object + gcsProfile: + description: Cloud Storage bucket profile. + properties: + bucket: + description: The Cloud Storage bucket name. + type: string + rootPath: + description: The root path inside the Cloud Storage bucket. + type: string + required: + - bucket + type: object + location: + description: Immutable. The name of the location this connection profile + is located in. + type: string + mysqlProfile: + description: MySQL database profile. + properties: + hostname: + description: Hostname for the MySQL connection. + type: string + password: + description: Password for the MySQL connection. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the MySQL connection. + type: integer + sslConfig: + description: SSL configuration for the MySQL connection. + properties: + caCertificate: + description: |- + Immutable. PEM-encoded certificate of the CA that signed the source database + server's certificate. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + caCertificateSet: + description: Indicates whether the clientKey field is set. + type: boolean + clientCertificate: + description: |- + Immutable. PEM-encoded certificate that will be used by the replica to + authenticate against the source database server. If this field + is used then the 'clientKey' and the 'caCertificate' fields are + mandatory. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + clientCertificateSet: + description: Indicates whether the clientCertificate field + is set. + type: boolean + clientKey: + description: |- + Immutable. PEM-encoded private key associated with the Client Certificate. + If this field is used then the 'client_certificate' and the + 'ca_certificate' fields are mandatory. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + clientKeySet: + description: Indicates whether the clientKey field is set. + type: boolean + type: object + username: + description: Username for the MySQL connection. + type: string + required: + - hostname + - password + - username + type: object + oracleProfile: + description: Oracle database profile. + properties: + connectionAttributes: + additionalProperties: + type: string + description: Connection string attributes. + type: object + databaseService: + description: Database for the Oracle connection. + type: string + hostname: + description: Hostname for the Oracle connection. + type: string + password: + description: Password for the Oracle connection. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the Oracle connection. + type: integer + username: + description: Username for the Oracle connection. + type: string + required: + - databaseService + - hostname + - password + - username + type: object + postgresqlProfile: + description: PostgreSQL database profile. + properties: + database: + description: Database for the PostgreSQL connection. + type: string + hostname: + description: Hostname for the PostgreSQL connection. + type: string + password: + description: Password for the PostgreSQL connection. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the PostgreSQL connection. + type: integer + username: + description: Username for the PostgreSQL connection. + type: string + required: + - database + - hostname + - password + - username + type: object + privateConnectivity: + description: Private connectivity. + properties: + privateConnection: + description: 'A reference to a private connection resource. Format: + ''projects/{project}/locations/{location}/privateConnections/{name}''.' + type: string + required: + - privateConnection + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The connectionProfileId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - displayName + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The resource's name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datastreamprivateconnections.datastream.cnrm.cloud.google.com +spec: + group: datastream.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DatastreamPrivateConnection + plural: datastreamprivateconnections + shortNames: + - gcpdatastreamprivateconnection + - gcpdatastreamprivateconnections + singular: datastreamprivateconnection + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Immutable. Display name. + type: string + location: + description: Immutable. The name of the location this private connection + is located in. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The privateConnectionId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + vpcPeeringConfig: + description: |- + Immutable. The VPC Peering configuration is used to create VPC peering + between Datastream and the consumer's VPC. + properties: + subnet: + description: Immutable. A free subnet for peering. (CIDR of /29). + type: string + vpc: + description: |- + Immutable. Fully qualified name of the VPC that Datastream will peer to. + Format: projects/{project}/global/{networks}/{name}. + type: string + required: + - subnet + - vpc + type: object + required: + - displayName + - location + - projectRef + - vpcPeeringConfig + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + error: + description: The PrivateConnection error in case of failure. + items: + properties: + details: + additionalProperties: + type: string + description: A list of messages that carry the error details. + type: object + message: + description: A message containing more information about the + error that occurred. + type: string + type: object + type: array + name: + description: The resource's name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: State of the PrivateConnection. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datastreamstreams.datastream.cnrm.cloud.google.com +spec: + group: datastream.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DatastreamStream + plural: datastreamstreams + shortNames: + - gcpdatastreamstream + - gcpdatastreamstreams + singular: datastreamstream + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backfillAll: + description: Backfill strategy to automatically backfill the Stream's + objects. Specific objects can be excluded. + properties: + mysqlExcludedObjects: + description: MySQL data source objects to avoid backfilling. + properties: + mysqlDatabases: + description: MySQL databases on the server. + items: + properties: + database: + description: Database name. + type: string + mysqlTables: + description: Tables in the database. + items: + properties: + mysqlColumns: + description: MySQL columns in the schema. When + unspecified as part of include/exclude objects, + includes/excludes everything. + items: + properties: + collation: + description: Column collation. + type: string + column: + description: Column name. + type: string + dataType: + description: |- + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column can + accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of the + column in the table. + type: integer + primaryKey: + description: Whether or not the column represents + a primary key. + type: boolean + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + required: + - database + type: object + type: array + required: + - mysqlDatabases + type: object + oracleExcludedObjects: + description: PostgreSQL data source objects to avoid backfilling. + properties: + oracleSchemas: + description: Oracle schemas/databases in the database server. + items: + properties: + oracleTables: + description: Tables in the database. + items: + properties: + oracleColumns: + description: Oracle columns in the schema. When + unspecified as part of include/exclude objects, + includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html. + type: string + encoding: + description: Column encoding. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column can + accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of the + column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column represents + a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Schema name. + type: string + required: + - schema + type: object + type: array + required: + - oracleSchemas + type: object + postgresqlExcludedObjects: + description: PostgreSQL data source objects to avoid backfilling. + properties: + postgresqlSchemas: + description: PostgreSQL schemas on the server. + items: + properties: + postgresqlTables: + description: Tables in the schema. + items: + properties: + postgresqlColumns: + description: PostgreSQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column can + accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of the + column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column represents + a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Database name. + type: string + required: + - schema + type: object + type: array + required: + - postgresqlSchemas + type: object + type: object + backfillNone: + description: Backfill strategy to disable automatic backfill for the + Stream's objects. + type: object + x-kubernetes-preserve-unknown-fields: true + customerManagedEncryptionKey: + description: |- + Immutable. A reference to a KMS encryption key. If provided, it will be used to encrypt the data. If left blank, data + will be encrypted using an internal Stream-specific encryption key provisioned through KMS. + type: string + desiredState: + description: Desired state of the Stream. Set this field to 'RUNNING' + to start the stream, and 'PAUSED' to pause the stream. + type: string + destinationConfig: + description: Destination connection profile configuration. + properties: + bigqueryDestinationConfig: + description: A configuration for how data should be loaded to + Cloud Storage. + properties: + dataFreshness: + description: |- + The guaranteed data freshness (in seconds) when querying tables created by the stream. + Editing this field will only affect new tables created in the future, but existing tables + will not be impacted. Lower values mean that queries will return fresher data, but may result in higher cost. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. + type: string + singleTargetDataset: + description: A single target dataset to which all data will + be streamed. + properties: + datasetId: + description: |- + Dataset ID in the format projects/{project}/datasets/{dataset_id} or + {project}:{dataset_id}. + type: string + required: + - datasetId + type: object + sourceHierarchyDatasets: + description: Destination datasets are created so that hierarchy + of the destination data objects matches the source hierarchy. + properties: + datasetTemplate: + description: Dataset template used for dynamic dataset + creation. + properties: + datasetIdPrefix: + description: |- + If supplied, every created dataset will have its name prefixed by the provided value. + The prefix and name will be separated by an underscore. i.e. _. + type: string + kmsKeyName: + description: |- + Immutable. Describes the Cloud KMS encryption key that will be used to protect destination BigQuery + table. The BigQuery Service Account associated with your project requires access to this + encryption key. i.e. projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{cryptoKey}. + See https://cloud.google.com/bigquery/docs/customer-managed-encryption for more information. + type: string + location: + description: |- + The geographic location where the dataset should reside. + See https://cloud.google.com/bigquery/docs/locations for supported locations. + type: string + required: + - location + type: object + required: + - datasetTemplate + type: object + type: object + destinationConnectionProfile: + description: 'Immutable. Destination connection profile resource. + Format: projects/{project}/locations/{location}/connectionProfiles/{name}.' + type: string + gcsDestinationConfig: + description: A configuration for how data should be loaded to + Cloud Storage. + properties: + avroFileFormat: + description: AVRO file format configuration. + type: object + x-kubernetes-preserve-unknown-fields: true + fileRotationInterval: + description: |- + The maximum duration for which new events are added before a file is closed and a new file is created. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. + type: string + fileRotationMb: + description: The maximum file size to be saved in the bucket. + type: integer + jsonFileFormat: + description: JSON file format configuration. + properties: + compression: + description: 'Compression of the loaded JSON file. Possible + values: ["NO_COMPRESSION", "GZIP"].' + type: string + schemaFileFormat: + description: 'The schema file format along JSON data files. + Possible values: ["NO_SCHEMA_FILE", "AVRO_SCHEMA_FILE"].' + type: string + type: object + path: + description: Path inside the Cloud Storage bucket to write + data to. + type: string + type: object + required: + - destinationConnectionProfile + type: object + displayName: + description: Display name. + type: string + location: + description: Immutable. The name of the location this stream is located + in. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The streamId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceConfig: + description: Source connection profile configuration. + properties: + mysqlSourceConfig: + description: MySQL data source configuration. + properties: + excludeObjects: + description: MySQL objects to exclude from the stream. + properties: + mysqlDatabases: + description: MySQL databases on the server. + items: + properties: + database: + description: Database name. + type: string + mysqlTables: + description: Tables in the database. + items: + properties: + mysqlColumns: + description: MySQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + collation: + description: Column collation. + type: string + column: + description: Column name. + type: string + dataType: + description: |- + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + required: + - database + type: object + type: array + required: + - mysqlDatabases + type: object + includeObjects: + description: MySQL objects to retrieve from the source. + properties: + mysqlDatabases: + description: MySQL databases on the server. + items: + properties: + database: + description: Database name. + type: string + mysqlTables: + description: Tables in the database. + items: + properties: + mysqlColumns: + description: MySQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + collation: + description: Column collation. + type: string + column: + description: Column name. + type: string + dataType: + description: |- + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + required: + - database + type: object + type: array + required: + - mysqlDatabases + type: object + maxConcurrentBackfillTasks: + description: |- + Maximum number of concurrent backfill tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + type: integer + maxConcurrentCdcTasks: + description: |- + Maximum number of concurrent CDC tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + type: integer + type: object + oracleSourceConfig: + description: MySQL data source configuration. + properties: + dropLargeObjects: + description: Configuration to drop large object values. + type: object + x-kubernetes-preserve-unknown-fields: true + excludeObjects: + description: Oracle objects to exclude from the stream. + properties: + oracleSchemas: + description: Oracle schemas/databases in the database + server. + items: + properties: + oracleTables: + description: Tables in the database. + items: + properties: + oracleColumns: + description: Oracle columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html. + type: string + encoding: + description: Column encoding. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Schema name. + type: string + required: + - schema + type: object + type: array + required: + - oracleSchemas + type: object + includeObjects: + description: Oracle objects to retrieve from the source. + properties: + oracleSchemas: + description: Oracle schemas/databases in the database + server. + items: + properties: + oracleTables: + description: Tables in the database. + items: + properties: + oracleColumns: + description: Oracle columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html. + type: string + encoding: + description: Column encoding. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Schema name. + type: string + required: + - schema + type: object + type: array + required: + - oracleSchemas + type: object + maxConcurrentBackfillTasks: + description: |- + Maximum number of concurrent backfill tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + type: integer + maxConcurrentCdcTasks: + description: |- + Maximum number of concurrent CDC tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + type: integer + streamLargeObjects: + description: Configuration to drop large object values. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + postgresqlSourceConfig: + description: PostgreSQL data source configuration. + properties: + excludeObjects: + description: PostgreSQL objects to exclude from the stream. + properties: + postgresqlSchemas: + description: PostgreSQL schemas on the server. + items: + properties: + postgresqlTables: + description: Tables in the schema. + items: + properties: + postgresqlColumns: + description: PostgreSQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Database name. + type: string + required: + - schema + type: object + type: array + required: + - postgresqlSchemas + type: object + includeObjects: + description: PostgreSQL objects to retrieve from the source. + properties: + postgresqlSchemas: + description: PostgreSQL schemas on the server. + items: + properties: + postgresqlTables: + description: Tables in the schema. + items: + properties: + postgresqlColumns: + description: PostgreSQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Database name. + type: string + required: + - schema + type: object + type: array + required: + - postgresqlSchemas + type: object + maxConcurrentBackfillTasks: + description: |- + Maximum number of concurrent backfill tasks. The number should be non + negative. If not set (or set to 0), the system's default value will be used. + type: integer + publication: + description: |- + The name of the publication that includes the set of all tables + that are defined in the stream's include_objects. + type: string + replicationSlot: + description: |- + The name of the logical replication slot that's configured with + the pgoutput plugin. + type: string + required: + - publication + - replicationSlot + type: object + sourceConnectionProfile: + description: 'Immutable. Source connection profile resource. Format: + projects/{project}/locations/{location}/connectionProfiles/{name}.' + type: string + required: + - sourceConnectionProfile + type: object + required: + - destinationConfig + - displayName + - location + - projectRef + - sourceConfig + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The stream's name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The state of the stream. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: deploymentmanagerdeployments.deploymentmanager.cnrm.cloud.google.com +spec: + group: deploymentmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DeploymentManagerDeployment + plural: deploymentmanagerdeployments + shortNames: + - gcpdeploymentmanagerdeployment + - gcpdeploymentmanagerdeployments + singular: deploymentmanagerdeployment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + createPolicy: + description: |- + Immutable. Set the policy to use for creating new resources. Only used on + create and update. Valid values are 'CREATE_OR_ACQUIRE' (default) or + 'ACQUIRE'. If set to 'ACQUIRE' and resources do not already exist, + the deployment will fail. Note that updating this field does not + actually affect the deployment, just how it is updated. Default value: "CREATE_OR_ACQUIRE" Possible values: ["ACQUIRE", "CREATE_OR_ACQUIRE"]. + type: string + deletePolicy: + description: |- + Immutable. Set the policy to use for deleting new resources on update/delete. + Valid values are 'DELETE' (default) or 'ABANDON'. If 'DELETE', + resource is deleted after removal from Deployment Manager. If + 'ABANDON', the resource is only removed from Deployment Manager + and is not actually deleted. Note that updating this field does not + actually change the deployment, just how it is updated. Default value: "DELETE" Possible values: ["ABANDON", "DELETE"]. + type: string + description: + description: Optional user-provided description of deployment. + type: string + preview: + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + target: + description: |- + Parameters that define your deployment, including the deployment + configuration and relevant templates. + properties: + config: + description: The root configuration file to use for this deployment. + properties: + content: + description: The full YAML contents of your configuration + file. + type: string + required: + - content + type: object + imports: + description: |- + Specifies import files for this configuration. This can be + used to import templates or other files. For example, you might + import a text file in order to use the file in a template. + items: + properties: + content: + description: The full contents of the template that you + want to import. + type: string + name: + description: |- + The name of the template to import, as declared in the YAML + configuration. + type: string + type: object + type: array + required: + - config + type: object + required: + - projectRef + - target + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + deploymentId: + description: Unique identifier for deployment. Output only. + type: string + manifest: + description: |- + Output only. URL of the manifest representing the last manifest that + was successfully deployed. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server defined URL for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowagents.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowAgent + plural: dialogflowagents + shortNames: + - gcpdialogflowagent + - gcpdialogflowagents + singular: dialogflowagent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + apiVersion: + description: |- + API version displayed in Dialogflow console. If not specified, V2 API is assumed. Clients are free to query + different service endpoints for different API versions. However, bots connectors and webhook calls will follow + the specified API version. + * API_VERSION_V1: Legacy V1 API. + * API_VERSION_V2: V2 API. + * API_VERSION_V2_BETA_1: V2beta1 API. Possible values: ["API_VERSION_V1", "API_VERSION_V2", "API_VERSION_V2_BETA_1"]. + type: string + avatarUri: + description: |- + The URI of the agent's avatar, which are used throughout the Dialogflow console. When an image URL is entered + into this field, the Dialogflow will save the image in the backend. The address of the backend image returned + from the API will be shown in the [avatarUriBackend] field. + type: string + classificationThreshold: + description: |- + To filter out false positive results and still get variety in matched natural language inputs for your agent, + you can tune the machine learning classification threshold. If the returned score value is less than the threshold + value, then a fallback intent will be triggered or, if there are no fallback intents defined, no intent will be + triggered. The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the + default of 0.3 is used. + type: number + defaultLanguageCode: + description: |- + Immutable. The default language of the agent as a language tag. [See Language Support](https://cloud.google.com/dialogflow/docs/reference/language) + for a list of the currently supported language codes. This field cannot be updated after creation. + type: string + description: + description: The description of this agent. The maximum length is + 500 characters. If exceeded, the request is rejected. + type: string + displayName: + description: The name of this agent. + type: string + enableLogging: + description: Determines whether this agent should log conversation + queries. + type: boolean + matchMode: + description: |- + Determines how intents are detected from user queries. + * MATCH_MODE_HYBRID: Best for agents with a small number of examples in intents and/or wide use of templates + syntax and composite entities. + * MATCH_MODE_ML_ONLY: Can be used for agents with a large number of examples in intents, especially the ones + using @sys.any or very large developer entities. Possible values: ["MATCH_MODE_HYBRID", "MATCH_MODE_ML_ONLY"]. + type: string + resourceID: + description: Immutable. Optional. The project of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + supportedLanguageCodes: + description: The list of all languages supported by this agent (except + for the defaultLanguageCode). + items: + type: string + type: array + tier: + type: string + timeZone: + description: |- + The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, + Europe/Paris. + type: string + required: + - defaultLanguageCode + - displayName + - timeZone + type: object + status: + properties: + avatarUriBackend: + description: |- + The URI of the agent's avatar as returned from the API. Output only. To provide an image URL for the agent avatar, + the [avatarUri] field can be used. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxagents.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXAgent + plural: dialogflowcxagents + shortNames: + - gcpdialogflowcxagent + - gcpdialogflowcxagents + singular: dialogflowcxagent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + avatarUri: + description: The URI of the agent's avatar. Avatars are used throughout + the Dialogflow console and in the self-hosted Web Demo integration. + type: string + defaultLanguageCode: + description: |- + Immutable. The default language of the agent as a language tag. [See Language Support](https://cloud.google.com/dialogflow/cx/docs/reference/language) + for a list of the currently supported language codes. This field cannot be updated after creation. + type: string + description: + description: The description of this agent. The maximum length is + 500 characters. If exceeded, the request is rejected. + type: string + displayName: + description: The human-readable name of the agent, unique within the + location. + type: string + enableSpellCorrection: + description: Indicates if automatic spell correction is enabled in + detect intent requests. + type: boolean + enableStackdriverLogging: + description: Determines whether this agent should log conversation + queries. + type: boolean + location: + description: |- + Immutable. The name of the location this agent is located in. + + ~> **Note:** The first time you are deploying an Agent in your project you must configure location settings. + This is a one time step but at the moment you can only [configure location settings](https://cloud.google.com/dialogflow/cx/docs/concept/region#location-settings) via the Dialogflow CX console. + Another options is to use global location so you don't need to manually configure location settings. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + securitySettings: + description: 'Name of the SecuritySettings reference for the agent. + Format: projects//locations//securitySettings/.' + type: string + speechToTextSettings: + description: Settings related to speech recognition. + properties: + enableSpeechAdaptation: + description: Whether to use speech adaptation for speech recognition. + type: boolean + type: object + supportedLanguageCodes: + description: The list of all languages supported by this agent (except + for the default_language_code). + items: + type: string + type: array + timeZone: + description: |- + The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, + Europe/Paris. + type: string + required: + - defaultLanguageCode + - displayName + - location + - projectRef + - timeZone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The unique identifier of the agent. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + startFlow: + description: 'Name of the start flow in this agent. A start flow will + be automatically created when the agent is created, and can only + be deleted by deleting the agent. Format: projects//locations//agents//flows/.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxentitytypes.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXEntityType + plural: dialogflowcxentitytypes + shortNames: + - gcpdialogflowcxentitytype + - gcpdialogflowcxentitytypes + singular: dialogflowcxentitytype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoExpansionMode: + description: |- + Represents kinds of entities. + * AUTO_EXPANSION_MODE_UNSPECIFIED: Auto expansion disabled for the entity. + * AUTO_EXPANSION_MODE_DEFAULT: Allows an agent to recognize values that have not been explicitly listed in the entity. Possible values: ["AUTO_EXPANSION_MODE_DEFAULT", "AUTO_EXPANSION_MODE_UNSPECIFIED"]. + type: string + displayName: + description: The human-readable name of the entity type, unique within + the agent. + type: string + enableFuzzyExtraction: + description: Enables fuzzy entity extraction during classification. + type: boolean + entities: + description: The collection of entity entries associated with the + entity type. + items: + properties: + synonyms: + description: |- + A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym could be green onions. + For KIND_LIST entity types: This collection must contain exactly one synonym equal to value. + items: + type: string + type: array + value: + description: |- + The primary value associated with this entity entry. For example, if the entity type is vegetable, the value could be scallions. + For KIND_MAP entity types: A canonical value to be used in place of synonyms. + For KIND_LIST entity types: A string that can contain references to other entity types (with or without aliases). + type: string + type: object + type: array + excludedPhrases: + description: |- + Collection of exceptional words and phrases that shouldn't be matched. For example, if you have a size entity type with entry giant(an adjective), you might consider adding giants(a noun) as an exclusion. + If the kind of entity type is KIND_MAP, then the phrases specified by entities and excluded phrases should be mutually exclusive. + items: + properties: + value: + description: The word or phrase to be excluded. + type: string + type: object + type: array + kind: + description: |- + Indicates whether the entity type can be automatically expanded. + * KIND_MAP: Map entity types allow mapping of a group of synonyms to a canonical value. + * KIND_LIST: List entity types contain a set of entries that do not map to canonical values. However, list entity types can contain references to other entity types (with or without aliases). + * KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: ["KIND_MAP", "KIND_LIST", "KIND_REGEXP"]. + type: string + languageCode: + description: |- + Immutable. The language of the following fields in entityType: + EntityType.entities.value + EntityType.entities.synonyms + EntityType.excluded_phrases.value + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + parent: + description: |- + Immutable. The agent to create a entity type for. + Format: projects//locations//agents/. + type: string + redact: + description: Indicates whether parameters of the entity type should + be redacted in log. If redaction is enabled, page parameters and + intent parameters referring to the entity type will be replaced + by parameter name when logging. + type: boolean + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - entities + - kind + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the entity type. + Format: projects//locations//agents//entityTypes/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxflows.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXFlow + plural: dialogflowcxflows + shortNames: + - gcpdialogflowcxflow + - gcpdialogflowcxflows + singular: dialogflowcxflow + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the flow. The maximum length is 500 + characters. If exceeded, the request is rejected. + type: string + displayName: + description: The human-readable name of the flow. + type: string + eventHandlers: + description: |- + A flow's event handlers serve two purposes: + They are responsible for handling events (e.g. no match, webhook errors) in the flow. + They are inherited by every page's [event handlers][Page.event_handlers], which can be used to handle common events regardless of the current page. Event handlers defined in the page have higher priority than those defined in the flow. + Unlike transitionRoutes, these handlers are evaluated on a first-match basis. The first one that matches the event get executed, with the rest being ignored. + items: + properties: + event: + description: The name of the event to handle. + type: string + name: + description: The unique identifier of this event handler. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the event occurs. + Handling webhook errors with a fulfillment enabled with webhook + could cause infinite loop. It is invalid to specify such fulfillment + for a handler handling webhooks. + properties: + conditionalCases: + description: Conditional cases for this fulfillment. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema. + type: string + type: object + type: array + messages: + description: The list of rich message responses to present + to the user. + items: + properties: + channel: + description: The channel which the response is associated + with. Clients can specify the channel via QueryParameters.channel, + and only associated channel response will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded. + * In a webhook response when you determine that you handled the customer issue. + properties: + metadata: + description: Custom metadata. Dialogflow doesn't + impose any structure on this. + type: string + type: object + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation. + * In a webhook response when you determine that the customer issue can only be handled by a human. + properties: + metadata: + description: Custom metadata. Dialogflow doesn't + impose any structure on this. + type: string + type: object + outputAudioText: + description: A text or ssml response that is preferentially + used for TTS output audio synthesis, as described + in the comment on the ResponseMessage message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + ssml: + description: The SSML text to be synthesized. + For more information, see SSML. + type: string + text: + description: The raw text to be synthesized. + type: string + type: object + payload: + description: A custom, platform-specific payload. + type: string + playAudio: + description: Specifies an audio clip to be played + by the client as part of the response. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + audioUri: + description: URI of the audio clip. Dialogflow + does not impose any validation on this value. + It is specific to the client that reads it. + type: string + required: + - audioUri + type: object + telephonyTransferCall: + description: Represents the signal that telles the + client to transfer the phone call connected to the + agent to a third-party endpoint. + properties: + phoneNumber: + description: Transfer the call to a phone number + in E.164 format. + type: string + required: + - phoneNumber + type: object + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + setParameterActions: + description: Set parameter values before executing the webhook. + items: + properties: + parameter: + description: Display name of the parameter. + type: string + value: + description: The new JSON-encoded value of the parameter. + A null value clears the parameter. + type: string + type: object + type: array + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + languageCode: + description: |- + Immutable. The language of the following fields in flow: + Flow.event_handlers.trigger_fulfillment.messages + Flow.event_handlers.trigger_fulfillment.conditional_cases + Flow.transition_routes.trigger_fulfillment.messages + Flow.transition_routes.trigger_fulfillment.conditional_cases + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + nluSettings: + description: NLU related settings of the flow. + properties: + classificationThreshold: + description: |- + To filter out false positive results and still get variety in matched natural language inputs for your agent, you can tune the machine learning classification threshold. + If the returned score value is less than the threshold value, then a no-match event will be triggered. The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the default of 0.3 is used. + type: number + modelTrainingMode: + description: |- + Indicates NLU model training mode. + * MODEL_TRAINING_MODE_AUTOMATIC: NLU model training is automatically triggered when a flow gets modified. User can also manually trigger model training in this mode. + * MODEL_TRAINING_MODE_MANUAL: User needs to manually trigger NLU model training. Best for large flows whose models take long time to train. Possible values: ["MODEL_TRAINING_MODE_AUTOMATIC", "MODEL_TRAINING_MODE_MANUAL"]. + type: string + modelType: + description: |- + Indicates the type of NLU model. + * MODEL_TYPE_STANDARD: Use standard NLU model. + * MODEL_TYPE_ADVANCED: Use advanced NLU model. Possible values: ["MODEL_TYPE_STANDARD", "MODEL_TYPE_ADVANCED"]. + type: string + type: object + parent: + description: |- + Immutable. The agent to create a flow for. + Format: projects//locations//agents/. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + transitionRouteGroups: + description: |- + A flow's transition route group serve two purposes: + They are responsible for matching the user's first utterances in the flow. + They are inherited by every page's [transition route groups][Page.transition_route_groups]. Transition route groups defined in the page have higher priority than those defined in the flow. + Format:projects//locations//agents//flows//transitionRouteGroups/. + items: + type: string + type: array + transitionRoutes: + description: |- + A flow's transition routes serve two purposes: + They are responsible for matching the user's first utterances in the flow. + They are inherited by every page's [transition routes][Page.transition_routes] and can support use cases such as the user saying "help" or "can I talk to a human?", which can be handled in a common way regardless of the current page. Transition routes defined in the page have higher priority than those defined in the flow. + + TransitionRoutes are evalauted in the following order: + TransitionRoutes with intent specified. + TransitionRoutes with only condition specified. + TransitionRoutes with intent specified are inherited by pages in the flow. + items: + properties: + condition: + description: |- + The condition to evaluate against form parameters or session parameters. + At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + intent: + description: |- + The unique identifier of an Intent. + Format: projects//locations//agents//intents/. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + name: + description: The unique identifier of this transition route. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the condition is satisfied. + At least one of triggerFulfillment and target must be specified. + When both are defined, triggerFulfillment is executed first. + properties: + conditionalCases: + description: Conditional cases for this fulfillment. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema. + type: string + type: object + type: array + messages: + description: The list of rich message responses to present + to the user. + items: + properties: + channel: + description: The channel which the response is associated + with. Clients can specify the channel via QueryParameters.channel, + and only associated channel response will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded. + * In a webhook response when you determine that you handled the customer issue. + properties: + metadata: + description: Custom metadata. Dialogflow doesn't + impose any structure on this. + type: string + type: object + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation. + * In a webhook response when you determine that the customer issue can only be handled by a human. + properties: + metadata: + description: Custom metadata. Dialogflow doesn't + impose any structure on this. + type: string + type: object + outputAudioText: + description: A text or ssml response that is preferentially + used for TTS output audio synthesis, as described + in the comment on the ResponseMessage message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + ssml: + description: The SSML text to be synthesized. + For more information, see SSML. + type: string + text: + description: The raw text to be synthesized. + type: string + type: object + payload: + description: A custom, platform-specific payload. + type: string + playAudio: + description: Specifies an audio clip to be played + by the client as part of the response. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + audioUri: + description: URI of the audio clip. Dialogflow + does not impose any validation on this value. + It is specific to the client that reads it. + type: string + required: + - audioUri + type: object + telephonyTransferCall: + description: Represents the signal that telles the + client to transfer the phone call connected to the + agent to a third-party endpoint. + properties: + phoneNumber: + description: Transfer the call to a phone number + in E.164 format. + type: string + required: + - phoneNumber + type: object + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + setParameterActions: + description: Set parameter values before executing the webhook. + items: + properties: + parameter: + description: Display name of the parameter. + type: string + value: + description: The new JSON-encoded value of the parameter. + A null value clears the parameter. + type: string + type: object + type: array + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the flow. + Format: projects//locations//agents//flows/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxintents.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXIntent + plural: dialogflowcxintents + shortNames: + - gcpdialogflowcxintent + - gcpdialogflowcxintents + singular: dialogflowcxintent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: 'Human readable description for better understanding + an intent like its scope, content, result etc. Maximum character + limit: 140 characters.' + type: string + displayName: + description: The human-readable name of the intent, unique within + the agent. + type: string + isFallback: + description: |- + Indicates whether this is a fallback intent. Currently only default fallback intent is allowed in the agent, which is added upon agent creation. + Adding training phrases to fallback intent is useful in the case of requests that are mistakenly matched, since training phrases assigned to fallback intents act as negative examples that triggers no-match event. + type: boolean + languageCode: + description: |- + Immutable. The language of the following fields in intent: + Intent.training_phrases.parts.text + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + parameters: + description: The collection of parameters associated with the intent. + items: + properties: + entityType: + description: |- + The entity type of the parameter. + Format: projects/-/locations/-/agents/-/entityTypes/ for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects//locations//agents//entityTypes/ for developer entity types. + type: string + id: + description: The unique identifier of the parameter. This field + is used by training phrases to annotate their parts. + type: string + isList: + description: Indicates whether the parameter represents a list + of values. + type: boolean + redact: + description: |- + Indicates whether the parameter content should be redacted in log. If redaction is enabled, the parameter content will be replaced by parameter name during logging. + Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled. + type: boolean + required: + - entityType + - id + type: object + type: array + parent: + description: |- + Immutable. The agent to create an intent for. + Format: projects//locations//agents/. + type: string + priority: + description: |- + The priority of this intent. Higher numbers represent higher priorities. + If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds to the Normal priority in the console. + If the supplied value is negative, the intent is ignored in runtime detect intent requests. + type: integer + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + trainingPhrases: + description: The collection of training phrases the agent is trained + on to identify the intent. + items: + properties: + id: + description: The unique identifier of the training phrase. + type: string + parts: + description: |- + The ordered list of training phrase parts. The parts are concatenated in order to form the training phrase. + Note: The API does not automatically annotate training phrases like the Dialogflow Console does. + Note: Do not forget to include whitespace at part boundaries, so the training phrase is well formatted when the parts are concatenated. + If the training phrase does not need to be annotated with parameters, you just need a single part with only the Part.text field set. + If you want to annotate the training phrase, you must create multiple parts, where the fields of each part are populated in one of two ways: + Part.text is set to a part of the phrase that has no parameters. + Part.text is set to a part of the phrase that you want to annotate, and the parameterId field is set. + items: + properties: + parameterId: + description: The parameter used to annotate this part + of the training phrase. This field is required for annotated + parts of the training phrase. + type: string + text: + description: The text for this part. + type: string + required: + - text + type: object + type: array + repeatCount: + description: Indicates how many times this example was added + to the intent. + type: integer + required: + - parts + type: object + type: array + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the intent. + Format: projects//locations//agents//intents/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxpages.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXPage + plural: dialogflowcxpages + shortNames: + - gcpdialogflowcxpage + - gcpdialogflowcxpages + singular: dialogflowcxpage + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The human-readable name of the page, unique within the + agent. + type: string + entryFulfillment: + description: The fulfillment to call when the session is entering + the page. + properties: + conditionalCases: + description: Conditional cases for this fulfillment. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema. + type: string + type: object + type: array + messages: + description: The list of rich message responses to present to + the user. + items: + properties: + channel: + description: The channel which the response is associated + with. Clients can specify the channel via QueryParameters.channel, + and only associated channel response will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded. + * In a webhook response when you determine that you handled the customer issue. + properties: + metadata: + description: Custom metadata. Dialogflow doesn't impose + any structure on this. + type: string + type: object + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation. + * In a webhook response when you determine that the customer issue can only be handled by a human. + properties: + metadata: + description: Custom metadata. Dialogflow doesn't impose + any structure on this. + type: string + type: object + outputAudioText: + description: A text or ssml response that is preferentially + used for TTS output audio synthesis, as described in the + comment on the ResponseMessage message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message can + be interrupted by the end user's speech and the client + can then starts the next Dialogflow request. + type: boolean + ssml: + description: The SSML text to be synthesized. For more + information, see SSML. + type: string + text: + description: The raw text to be synthesized. + type: string + type: object + payload: + description: A custom, platform-specific payload. + type: string + playAudio: + description: Specifies an audio clip to be played by the + client as part of the response. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message can + be interrupted by the end user's speech and the client + can then starts the next Dialogflow request. + type: boolean + audioUri: + description: URI of the audio clip. Dialogflow does + not impose any validation on this value. It is specific + to the client that reads it. + type: string + required: + - audioUri + type: object + telephonyTransferCall: + description: Represents the signal that telles the client + to transfer the phone call connected to the agent to a + third-party endpoint. + properties: + phoneNumber: + description: Transfer the call to a phone number in + E.164 format. + type: string + required: + - phoneNumber + type: object + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message can + be interrupted by the end user's speech and the client + can then starts the next Dialogflow request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently queued + fulfillment response messages in streaming APIs. If a webhook + is specified, it happens before Dialogflow invokes webhook. + Warning: 1) This flag only affects streaming API. Responses + are still queued and returned once in non-streaming API. 2) + The flag can be enabled in any fulfillment but only the first + 3 partial responses will be returned. You may only want to apply + it to fulfillments that have slow webhooks.' + type: boolean + setParameterActions: + description: Set parameter values before executing the webhook. + items: + properties: + parameter: + description: Display name of the parameter. + type: string + value: + description: The new JSON-encoded value of the parameter. + A null value clears the parameter. + type: string + type: object + type: array + tag: + description: The tag used by the webhook to identify which fulfillment + is being called. This field is required if webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + eventHandlers: + description: Handlers associated with the page to handle events such + as webhook errors, no match or no input. + items: + properties: + event: + description: The name of the event to handle. + type: string + name: + description: The unique identifier of this event handler. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the event occurs. + Handling webhook errors with a fulfillment enabled with webhook + could cause infinite loop. It is invalid to specify such fulfillment + for a handler handling webhooks. + properties: + conditionalCases: + description: Conditional cases for this fulfillment. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema. + type: string + type: object + type: array + messages: + description: The list of rich message responses to present + to the user. + items: + properties: + channel: + description: The channel which the response is associated + with. Clients can specify the channel via QueryParameters.channel, + and only associated channel response will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded. + * In a webhook response when you determine that you handled the customer issue. + properties: + metadata: + description: Custom metadata. Dialogflow doesn't + impose any structure on this. + type: string + type: object + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation. + * In a webhook response when you determine that the customer issue can only be handled by a human. + properties: + metadata: + description: Custom metadata. Dialogflow doesn't + impose any structure on this. + type: string + type: object + outputAudioText: + description: A text or ssml response that is preferentially + used for TTS output audio synthesis, as described + in the comment on the ResponseMessage message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + ssml: + description: The SSML text to be synthesized. + For more information, see SSML. + type: string + text: + description: The raw text to be synthesized. + type: string + type: object + payload: + description: A custom, platform-specific payload. + type: string + playAudio: + description: Specifies an audio clip to be played + by the client as part of the response. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + audioUri: + description: URI of the audio clip. Dialogflow + does not impose any validation on this value. + It is specific to the client that reads it. + type: string + required: + - audioUri + type: object + telephonyTransferCall: + description: Represents the signal that telles the + client to transfer the phone call connected to the + agent to a third-party endpoint. + properties: + phoneNumber: + description: Transfer the call to a phone number + in E.164 format. + type: string + required: + - phoneNumber + type: object + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + setParameterActions: + description: Set parameter values before executing the webhook. + items: + properties: + parameter: + description: Display name of the parameter. + type: string + value: + description: The new JSON-encoded value of the parameter. + A null value clears the parameter. + type: string + type: object + type: array + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + form: + description: The form associated with the page, used for collecting + parameters relevant to the page. + properties: + parameters: + description: Parameters to collect from the user. + items: + properties: + defaultValue: + description: The default value of an optional parameter. + If the parameter is required, the default value will be + ignored. + type: string + displayName: + description: The human-readable name of the parameter, unique + within the form. + type: string + entityType: + description: |- + The entity type of the parameter. + Format: projects/-/locations/-/agents/-/entityTypes/ for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects//locations//agents//entityTypes/ for developer entity types. + type: string + fillBehavior: + description: Defines fill behavior for the parameter. + properties: + initialPromptFulfillment: + description: The fulfillment to provide the initial + prompt that the agent can present to the user in order + to fill the parameter. + properties: + conditionalCases: + description: Conditional cases for this fulfillment. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema. + type: string + type: object + type: array + messages: + description: The list of rich message responses + to present to the user. + items: + properties: + channel: + description: The channel which the response + is associated with. Clients can specify + the channel via QueryParameters.channel, + and only associated channel response will + be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded. + * In a webhook response when you determine that you handled the customer issue. + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on this. + type: string + type: object + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation. + * In a webhook response when you determine that the customer issue can only be handled by a human. + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on this. + type: string + type: object + outputAudioText: + description: A text or ssml response that + is preferentially used for TTS output audio + synthesis, as described in the comment on + the ResponseMessage message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this + message can be interrupted by the end + user's speech and the client can then + starts the next Dialogflow request. + type: boolean + ssml: + description: The SSML text to be synthesized. + For more information, see SSML. + type: string + text: + description: The raw text to be synthesized. + type: string + type: object + payload: + description: A custom, platform-specific payload. + type: string + playAudio: + description: Specifies an audio clip to be + played by the client as part of the response. + properties: + allowPlaybackInterruption: + description: Whether the playback of this + message can be interrupted by the end + user's speech and the client can then + starts the next Dialogflow request. + type: boolean + audioUri: + description: URI of the audio clip. Dialogflow + does not impose any validation on this + value. It is specific to the client + that reads it. + type: string + required: + - audioUri + type: object + telephonyTransferCall: + description: Represents the signal that telles + the client to transfer the phone call connected + to the agent to a third-party endpoint. + properties: + phoneNumber: + description: Transfer the call to a phone + number in E.164 format. + type: string + required: + - phoneNumber + type: object + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this + message can be interrupted by the end + user's speech and the client can then + starts the next Dialogflow request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming + APIs. If a webhook is specified, it happens before + Dialogflow invokes webhook. Warning: 1) This flag + only affects streaming API. Responses are still + queued and returned once in non-streaming API. + 2) The flag can be enabled in any fulfillment + but only the first 3 partial responses will be + returned. You may only want to apply it to fulfillments + that have slow webhooks.' + type: boolean + setParameterActions: + description: Set parameter values before executing + the webhook. + items: + properties: + parameter: + description: Display name of the parameter. + type: string + value: + description: The new JSON-encoded value of + the parameter. A null value clears the parameter. + type: string + type: object + type: array + tag: + description: The tag used by the webhook to identify + which fulfillment is being called. This field + is required if webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + repromptEventHandlers: + description: |- + The handlers for parameter-level events, used to provide reprompt for the parameter or transition to a different page/flow. The supported events are: + * sys.no-match-, where N can be from 1 to 6 + * sys.no-match-default + * sys.no-input-, where N can be from 1 to 6 + * sys.no-input-default + * sys.invalid-parameter + [initialPromptFulfillment][initialPromptFulfillment] provides the first prompt for the parameter. + If the user's response does not fill the parameter, a no-match/no-input event will be triggered, and the fulfillment associated with the sys.no-match-1/sys.no-input-1 handler (if defined) will be called to provide a prompt. The sys.no-match-2/sys.no-input-2 handler (if defined) will respond to the next no-match/no-input event, and so on. + A sys.no-match-default or sys.no-input-default handler will be used to handle all following no-match/no-input events after all numbered no-match/no-input handlers for the parameter are consumed. + A sys.invalid-parameter handler can be defined to handle the case where the parameter values have been invalidated by webhook. For example, if the user's response fill the parameter, however the parameter was invalidated by webhook, the fulfillment associated with the sys.invalid-parameter handler (if defined) will be called to provide a prompt. + If the event handler for the corresponding event can't be found on the parameter, initialPromptFulfillment will be re-prompted. + items: + properties: + event: + description: The name of the event to handle. + type: string + name: + description: The unique identifier of this event + handler. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the + event occurs. Handling webhook errors with a + fulfillment enabled with webhook could cause + infinite loop. It is invalid to specify such + fulfillment for a handler handling webhooks. + properties: + conditionalCases: + description: Conditional cases for this fulfillment. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema. + type: string + type: object + type: array + messages: + description: The list of rich message responses + to present to the user. + items: + properties: + channel: + description: The channel which the response + is associated with. Clients can specify + the channel via QueryParameters.channel, + and only associated channel response + will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded. + * In a webhook response when you determine that you handled the customer issue. + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on + this. + type: string + type: object + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation. + * In a webhook response when you determine that the customer issue can only be handled by a human. + properties: + metadata: + description: Custom metadata. Dialogflow + doesn't impose any structure on + this. + type: string + type: object + outputAudioText: + description: A text or ssml response + that is preferentially used for TTS + output audio synthesis, as described + in the comment on the ResponseMessage + message. + properties: + allowPlaybackInterruption: + description: Whether the playback + of this message can be interrupted + by the end user's speech and the + client can then starts the next + Dialogflow request. + type: boolean + ssml: + description: The SSML text to be + synthesized. For more information, + see SSML. + type: string + text: + description: The raw text to be + synthesized. + type: string + type: object + payload: + description: A custom, platform-specific + payload. + type: string + playAudio: + description: Specifies an audio clip + to be played by the client as part + of the response. + properties: + allowPlaybackInterruption: + description: Whether the playback + of this message can be interrupted + by the end user's speech and the + client can then starts the next + Dialogflow request. + type: boolean + audioUri: + description: URI of the audio clip. + Dialogflow does not impose any + validation on this value. It is + specific to the client that reads + it. + type: string + required: + - audioUri + type: object + telephonyTransferCall: + description: Represents the signal that + telles the client to transfer the + phone call connected to the agent + to a third-party endpoint. + properties: + phoneNumber: + description: Transfer the call to + a phone number in E.164 format. + type: string + required: + - phoneNumber + type: object + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback + of this message can be interrupted + by the end user's speech and the + client can then starts the next + Dialogflow request. + type: boolean + text: + description: A collection of text + responses. + items: + type: string + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return + currently queued fulfillment response messages + in streaming APIs. If a webhook is specified, + it happens before Dialogflow invokes webhook. + Warning: 1) This flag only affects streaming + API. Responses are still queued and returned + once in non-streaming API. 2) The flag can + be enabled in any fulfillment but only the + first 3 partial responses will be returned. + You may only want to apply it to fulfillments + that have slow webhooks.' + type: boolean + setParameterActions: + description: Set parameter values before executing + the webhook. + items: + properties: + parameter: + description: Display name of the parameter. + type: string + value: + description: The new JSON-encoded value + of the parameter. A null value clears + the parameter. + type: string + type: object + type: array + tag: + description: The tag used by the webhook to + identify which fulfillment is being called. + This field is required if webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: + projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + type: object + isList: + description: Indicates whether the parameter represents + a list of values. + type: boolean + redact: + description: |- + Indicates whether the parameter content should be redacted in log. + If redaction is enabled, the parameter content will be replaced by parameter name during logging. Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled. + type: boolean + required: + description: |- + Indicates whether the parameter is required. Optional parameters will not trigger prompts; however, they are filled if the user specifies them. + Required parameters must be filled before form filling concludes. + type: boolean + type: object + type: array + type: object + languageCode: + description: |- + Immutable. The language of the following fields in page: + + Page.entry_fulfillment.messages + Page.entry_fulfillment.conditional_cases + Page.event_handlers.trigger_fulfillment.messages + Page.event_handlers.trigger_fulfillment.conditional_cases + Page.form.parameters.fill_behavior.initial_prompt_fulfillment.messages + Page.form.parameters.fill_behavior.initial_prompt_fulfillment.conditional_cases + Page.form.parameters.fill_behavior.reprompt_event_handlers.messages + Page.form.parameters.fill_behavior.reprompt_event_handlers.conditional_cases + Page.transition_routes.trigger_fulfillment.messages + Page.transition_routes.trigger_fulfillment.conditional_cases + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + parent: + description: |- + Immutable. The flow to create a page for. + Format: projects//locations//agents//flows/. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + transitionRouteGroups: + description: |- + Ordered list of TransitionRouteGroups associated with the page. Transition route groups must be unique within a page. + If multiple transition routes within a page scope refer to the same intent, then the precedence order is: page's transition route -> page's transition route group -> flow's transition routes. + If multiple transition route groups within a page contain the same intent, then the first group in the ordered list takes precedence. + Format:projects//locations//agents//flows//transitionRouteGroups/. + items: + type: string + type: array + transitionRoutes: + description: |- + A list of transitions for the transition rules of this page. They route the conversation to another page in the same flow, or another flow. + When we are in a certain page, the TransitionRoutes are evalauted in the following order: + TransitionRoutes defined in the page with intent specified. + TransitionRoutes defined in the transition route groups with intent specified. + TransitionRoutes defined in flow with intent specified. + TransitionRoutes defined in the transition route groups with intent specified. + TransitionRoutes defined in the page with only condition specified. + TransitionRoutes defined in the transition route groups with only condition specified. + items: + properties: + condition: + description: |- + The condition to evaluate against form parameters or session parameters. + At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + intent: + description: |- + The unique identifier of an Intent. + Format: projects//locations//agents//intents/. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + name: + description: The unique identifier of this transition route. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the condition is satisfied. + At least one of triggerFulfillment and target must be specified. + When both are defined, triggerFulfillment is executed first. + properties: + conditionalCases: + description: Conditional cases for this fulfillment. + items: + properties: + cases: + description: |- + A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored. + See [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema. + type: string + type: object + type: array + messages: + description: The list of rich message responses to present + to the user. + items: + properties: + channel: + description: The channel which the response is associated + with. Clients can specify the channel via QueryParameters.channel, + and only associated channel response will be returned. + type: string + conversationSuccess: + description: |- + Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about. + Dialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded. + * In a webhook response when you determine that you handled the customer issue. + properties: + metadata: + description: Custom metadata. Dialogflow doesn't + impose any structure on this. + type: string + type: object + liveAgentHandoff: + description: |- + Indicates that the conversation should be handed off to a live agent. + Dialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures. + You may set this, for example: + * In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation. + * In a webhook response when you determine that the customer issue can only be handled by a human. + properties: + metadata: + description: Custom metadata. Dialogflow doesn't + impose any structure on this. + type: string + type: object + outputAudioText: + description: A text or ssml response that is preferentially + used for TTS output audio synthesis, as described + in the comment on the ResponseMessage message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + ssml: + description: The SSML text to be synthesized. + For more information, see SSML. + type: string + text: + description: The raw text to be synthesized. + type: string + type: object + payload: + description: A custom, platform-specific payload. + type: string + playAudio: + description: Specifies an audio clip to be played + by the client as part of the response. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + audioUri: + description: URI of the audio clip. Dialogflow + does not impose any validation on this value. + It is specific to the client that reads it. + type: string + required: + - audioUri + type: object + telephonyTransferCall: + description: Represents the signal that telles the + client to transfer the phone call connected to the + agent to a third-party endpoint. + properties: + phoneNumber: + description: Transfer the call to a phone number + in E.164 format. + type: string + required: + - phoneNumber + type: object + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + setParameterActions: + description: Set parameter values before executing the webhook. + items: + properties: + parameter: + description: Display name of the parameter. + type: string + value: + description: The new JSON-encoded value of the parameter. + A null value clears the parameter. + type: string + type: object + type: array + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the page. + Format: projects//locations//agents//flows//pages/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxwebhooks.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXWebhook + plural: dialogflowcxwebhooks + shortNames: + - gcpdialogflowcxwebhook + - gcpdialogflowcxwebhooks + singular: dialogflowcxwebhook + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + disabled: + description: Indicates whether the webhook is disabled. + type: boolean + displayName: + description: The human-readable name of the webhook, unique within + the agent. + type: string + enableSpellCorrection: + description: Indicates if automatic spell correction is enabled in + detect intent requests. + type: boolean + enableStackdriverLogging: + description: Determines whether this agent should log conversation + queries. + type: boolean + genericWebService: + description: Configuration for a generic web service. + properties: + allowedCaCerts: + description: Specifies a list of allowed custom CA certificates + (in DER format) for HTTPS verification. + items: + type: string + type: array + requestHeaders: + additionalProperties: + type: string + description: Immutable. The HTTP request headers to send together + with webhook requests. + type: object + uri: + description: Whether to use speech adaptation for speech recognition. + type: string + required: + - uri + type: object + parent: + description: |- + Immutable. The agent to create a webhook for. + Format: projects//locations//agents/. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + securitySettings: + description: 'Name of the SecuritySettings reference for the agent. + Format: projects//locations//securitySettings/.' + type: string + serviceDirectory: + description: Configuration for a Service Directory service. + properties: + genericWebService: + description: The name of Service Directory service. + properties: + allowedCaCerts: + description: Specifies a list of allowed custom CA certificates + (in DER format) for HTTPS verification. + items: + type: string + type: array + requestHeaders: + additionalProperties: + type: string + description: Immutable. The HTTP request headers to send together + with webhook requests. + type: object + uri: + description: Whether to use speech adaptation for speech recognition. + type: string + required: + - uri + type: object + service: + description: The name of Service Directory service. + type: string + required: + - genericWebService + - service + type: object + timeout: + description: Webhook execution timeout. + type: string + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the webhook. + Format: projects//locations//agents//webhooks/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + startFlow: + description: 'Name of the start flow in this agent. A start flow will + be automatically created when the agent is created, and can only + be deleted by deleting the agent. Format: projects//locations//agents//flows/.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowentitytypes.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowEntityType + plural: dialogflowentitytypes + shortNames: + - gcpdialogflowentitytype + - gcpdialogflowentitytypes + singular: dialogflowentitytype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The name of this entity type to be displayed on the console. + type: string + enableFuzzyExtraction: + description: Enables fuzzy entity extraction during classification. + type: boolean + entities: + description: The collection of entity entries associated with the + entity type. + items: + properties: + synonyms: + description: |- + A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym + could be green onions. + For KIND_LIST entity types: + * This collection must contain exactly one synonym equal to value. + items: + type: string + type: array + value: + description: |- + The primary value associated with this entity entry. For example, if the entity type is vegetable, the value + could be scallions. + For KIND_MAP entity types: + * A reference value to be used in place of synonyms. + For KIND_LIST entity types: + * A string that can contain references to other entity types (with or without aliases). + type: string + required: + - synonyms + - value + type: object + type: array + kind: + description: |- + Indicates the kind of entity type. + * KIND_MAP: Map entity types allow mapping of a group of synonyms to a reference value. + * KIND_LIST: List entity types contain a set of entries that do not map to reference values. However, list entity + types can contain references to other entity types (with or without aliases). + * KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: ["KIND_MAP", "KIND_LIST", "KIND_REGEXP"]. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - kind + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the entity type. + Format: projects//agent/entityTypes/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowfulfillments.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowFulfillment + plural: dialogflowfulfillments + shortNames: + - gcpdialogflowfulfillment + - gcpdialogflowfulfillments + singular: dialogflowfulfillment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The human-readable name of the fulfillment, unique within + the agent. + type: string + enabled: + description: Whether fulfillment is enabled. + type: boolean + features: + description: The field defines whether the fulfillment is enabled + for certain features. + items: + properties: + type: + description: |- + The type of the feature that enabled for fulfillment. + * SMALLTALK: Fulfillment is enabled for SmallTalk. Possible values: ["SMALLTALK"]. + type: string + required: + - type + type: object + type: array + genericWebService: + description: 'Represents configuration for a generic web service. + Dialogflow supports two mechanisms for authentications: - Basic + authentication with username and password. - Authentication with + additional authentication headers.' + properties: + password: + description: The password for HTTP Basic authentication. + type: string + requestHeaders: + additionalProperties: + type: string + description: The HTTP request headers to send together with fulfillment + requests. + type: object + uri: + description: The fulfillment URI for receiving POST requests. + It must use https protocol. + type: string + username: + description: The user name for HTTP Basic authentication. + type: string + required: + - uri + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the fulfillment. + Format: projects//agent/fulfillment - projects//locations//agent/fulfillment. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowintents.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowIntent + plural: dialogflowintents + shortNames: + - gcpdialogflowintent + - gcpdialogflowintents + singular: dialogflowintent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: |- + The name of the action associated with the intent. + Note: The action name must not contain whitespaces. + type: string + defaultResponsePlatforms: + description: |- + The list of platforms for which the first responses will be copied from the messages in PLATFORM_UNSPECIFIED + (i.e. default platform). Possible values: ["FACEBOOK", "SLACK", "TELEGRAM", "KIK", "SKYPE", "LINE", "VIBER", "ACTIONS_ON_GOOGLE", "GOOGLE_HANGOUTS"]. + items: + type: string + type: array + displayName: + description: The name of this intent to be displayed on the console. + type: string + events: + description: |- + The collection of event names that trigger the intent. If the collection of input contexts is not empty, all of + the contexts must be present in the active user session for an event to trigger this intent. See the + [events reference](https://cloud.google.com/dialogflow/docs/events-overview) for more details. + items: + type: string + type: array + inputContextNames: + description: |- + The list of context names required for this intent to be triggered. + Format: projects//agent/sessions/-/contexts/. + items: + type: string + type: array + isFallback: + description: Indicates whether this is a fallback intent. + type: boolean + mlDisabled: + description: |- + Indicates whether Machine Learning is disabled for the intent. + Note: If mlDisabled setting is set to true, then this intent is not taken into account during inference in ML + ONLY match mode. Also, auto-markup in the UI is turned off. + type: boolean + parentFollowupIntentName: + description: |- + Immutable. The unique identifier of the parent intent in the chain of followup intents. + Format: projects//agent/intents/. + type: string + priority: + description: |- + The priority of this intent. Higher numbers represent higher priorities. + - If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds + to the Normal priority in the console. + - If the supplied value is negative, the intent is ignored in runtime detect intent requests. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resetContexts: + description: Indicates whether to delete all contexts in the current + session when this intent is matched. + type: boolean + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + webhookState: + description: |- + Indicates whether webhooks are enabled for the intent. + * WEBHOOK_STATE_ENABLED: Webhook is enabled in the agent and in the intent. + * WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING: Webhook is enabled in the agent and in the intent. Also, each slot + filling prompt is forwarded to the webhook. Possible values: ["WEBHOOK_STATE_ENABLED", "WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING"]. + type: string + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + followupIntentInfo: + description: |- + Information about all followup intents that have this intent as a direct or indirect parent. We populate this field + only in the output. + items: + properties: + followupIntentName: + description: |- + The unique identifier of the followup intent. + Format: projects//agent/intents/. + type: string + parentFollowupIntentName: + description: |- + The unique identifier of the followup intent's parent. + Format: projects//agent/intents/. + type: string + type: object + type: array + name: + description: |- + The unique identifier of this intent. + Format: projects//agent/intents/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + rootFollowupIntentName: + description: |- + The unique identifier of the root intent in the chain of followup intents. It identifies the correct followup + intents chain for this intent. + Format: projects//agent/intents/. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: discoveryenginedatastores.discoveryengine.cnrm.cloud.google.com +spec: + group: discoveryengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DiscoveryEngineDataStore + listKind: DiscoveryEngineDataStoreList + plural: discoveryenginedatastores + shortNames: + - gcpdiscoveryenginedatastore + - gcpdiscoveryenginedatastores + singular: discoveryenginedatastore + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DiscoveryEngineDataStore is the Schema for the DiscoveryEngineDataStore + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DiscoveryEngineDataStoreSpec defines the desired state of + DiscoveryEngineDataStore + properties: + collection: + description: Immutable. The collection for the DataStore. + type: string + x-kubernetes-validations: + - message: Collection field is immutable + rule: self == oldSelf + contentConfig: + description: Immutable. The content config of the data store. If this + field is unset, the server behavior defaults to [ContentConfig.NO_CONTENT][google.cloud.discoveryengine.v1.DataStore.ContentConfig.NO_CONTENT]. + type: string + displayName: + description: |- + Required. The data store display name. + + This field must be a UTF-8 encoded string with a length limit of 128 + characters. Otherwise, an INVALID_ARGUMENT error is returned. + type: string + industryVertical: + description: Immutable. The industry vertical that the data store + registers. + type: string + location: + description: Immutable. The location for the resource. + type: string + x-kubernetes-validations: + - message: Location field is immutable + rule: self == oldSelf + projectRef: + description: The ID of the project in which the resource belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: Immutable. The DiscoveryEngineDataStore name. If not + given, the metadata.name will be used. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + solutionTypes: + description: |- + The solutions that the data store enrolls. Available solutions for each + [industry_vertical][google.cloud.discoveryengine.v1.DataStore.industry_vertical]: + + * `MEDIA`: `SOLUTION_TYPE_RECOMMENDATION` and `SOLUTION_TYPE_SEARCH`. + * `SITE_SEARCH`: `SOLUTION_TYPE_SEARCH` is automatically enrolled. Other + solutions cannot be enrolled. + items: + type: string + type: array + workspaceConfig: + description: Config to store data store type configuration for workspace + data. This must be set when [DataStore.content_config][google.cloud.discoveryengine.v1.DataStore.content_config] + is set as [DataStore.ContentConfig.GOOGLE_WORKSPACE][google.cloud.discoveryengine.v1.DataStore.ContentConfig.GOOGLE_WORKSPACE]. + properties: + dasherCustomerID: + description: Obfuscated Dasher customer ID. + type: string + superAdminEmailAddress: + description: Optional. The super admin email address for the workspace + that will be used for access token generation. For now we only + use it for Native Google Drive connector data ingestion. + type: string + superAdminServiceAccount: + description: Optional. The super admin service account for the + workspace that will be used for access token generation. For + now we only use it for Native Google Drive connector data ingestion. + type: string + type: + description: The Google Workspace data source. + type: string + type: object + required: + - collection + - location + - projectRef + type: object + status: + description: DiscoveryEngineDataStoreStatus defines the config connector + machine state of DiscoveryEngineDataStore + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the DiscoveryEngineDataStore resource + in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + billingEstimation: + description: Output only. Data size estimation for billing. + properties: + structuredDataSize: + description: Data size for structured data in terms of bytes. + format: int64 + type: integer + structuredDataUpdateTime: + description: Last updated timestamp for structured data. + type: string + unstructuredDataSize: + description: Data size for unstructured data in terms of bytes. + format: int64 + type: integer + unstructuredDataUpdateTime: + description: Last updated timestamp for unstructured data. + type: string + websiteDataSize: + description: Data size for websites in terms of bytes. + format: int64 + type: integer + websiteDataUpdateTime: + description: Last updated timestamp for websites. + type: string + type: object + createTime: + description: Output only. Timestamp the [DataStore][google.cloud.discoveryengine.v1.DataStore] + was created at. + type: string + defaultSchemaID: + description: Output only. The id of the default [Schema][google.cloud.discoveryengine.v1.Schema] + associated to this data store. + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: discoveryengineengines.discoveryengine.cnrm.cloud.google.com +spec: + group: discoveryengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DiscoveryEngineEngine + listKind: DiscoveryEngineEngineList + plural: discoveryengineengines + shortNames: + - gcpdiscoveryengineengine + - gcpdiscoveryengineengines + singular: discoveryengineengine + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DiscoveryEngineEngine is the Schema for the DiscoveryEngineEngine + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DiscoveryEngineEngineSpec defines the desired state of DiscoveryEngineEngine + properties: + chatEngineConfig: + description: Configurations for the Chat Engine. Only applicable if + solution_type is SOLUTION_TYPE_CHAT. + properties: + agentCreationConfig: + description: |- + The configurationt generate the Dialogflow agent that is associated to + this Engine. + + Note that these configurations are one-time consumed by + and passed to Dialogflow service. It means they cannot be retrieved using + [EngineService.GetEngine][google.cloud.discoveryengine.v1.EngineService.GetEngine] + or + [EngineService.ListEngines][google.cloud.discoveryengine.v1.EngineService.ListEngines] + API after engine creation. + properties: + business: + description: Name of the company, organization or other entity + that the agent represents. Used for knowledge connector + LLM prompt and for knowledge search. + type: string + defaultLanguageCode: + description: Required. The default language of the agent as + a language tag. See [Language Support](https://cloud.google.com/dialogflow/docs/reference/language) + for a list of the currently supported language codes. + type: string + location: + description: 'Agent location for Agent creation, supported + values: global/us/eu. If not provided, us Engine will create + Agent using us-central-1 by default; eu Engine will create + Agent using eu-west-1 by default.' + type: string + timeZone: + description: Required. The time zone of the agent from the + [time zone database](https://www.iana.org/time-zones), e.g., + America/New_York, Europe/Paris. + type: string + type: object + dialogflowAgentToLink: + description: |- + The resource name of an exist Dialogflow agent to link to this Chat + Engine. Customers can either provide `agent_creation_config` to create + agent or provide an agent name that links the agent with the Chat engine. + + Format: `projects//locations//agents/`. + + Note that the `dialogflow_agent_to_link` are one-time consumed by and + passed to Dialogflow service. It means they cannot be retrieved using + [EngineService.GetEngine][google.cloud.discoveryengine.v1.EngineService.GetEngine] + or + [EngineService.ListEngines][google.cloud.discoveryengine.v1.EngineService.ListEngines] + API after engine creation. Use + [ChatEngineMetadata.dialogflow_agent][google.cloud.discoveryengine.v1.Engine.ChatEngineMetadata.dialogflow_agent] + for actual agent association after Engine is created. + type: string + type: object + collection: + description: Immutable. The collection for the Engine. + type: string + commonConfig: + description: Common config spec that specifies the metadata of the + engine. + properties: + companyName: + description: The name of the company, business or entity that + is associated with the engine. Setting this may help improve + LLM related features. + type: string + type: object + dataStoreRefs: + description: The data stores associated with this engine. For SOLUTION_TYPE_SEARCH + and SOLUTION_TYPE_RECOMMENDATION type of engines, they can only + associate with at most one data store. If solution_type is SOLUTION_TYPE_CHAT, + multiple DataStores in the same Collection can be associated here. + Note that when used in CreateEngineRequest, one DataStore must be + provided as the system will use it for necessary initializations. + items: + description: DiscoveryEngineDataStoreRef defines the resource reference + to DiscoveryEngineDataStore, which "External" field holds the + GCP identifier for the KRM object. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed DiscoveryEngineDataStore + resource. Should be in the format "projects//locations//datastores/". + type: string + name: + description: The name of a DiscoveryEngineDataStore resource. + type: string + namespace: + description: The namespace of a DiscoveryEngineDataStore resource. + type: string + type: object + type: array + disableAnalytics: + description: Optional. Whether to disable analytics for searches performed + on this engine. + type: boolean + displayName: + description: Required. The display name of the engine. Should be human + readable. UTF-8 encoded string with limit of 1024 characters. + type: string + industryVertical: + description: 'The industry vertical that the engine registers. The + restriction of the Engine industry vertical is based on DataStore: + If unspecified, default to `GENERIC`. Vertical on Engine has to + match vertical of the DataStore linked to the engine.' + type: string + location: + description: Immutable. Location of the resource. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: Immutable. The DiscoveryEngineChatEngine name. If not + given, the metadata.name will be used. + type: string + searchEngineConfig: + description: Configurations for the Search Engine. Only applicable + if solution_type is SOLUTION_TYPE_SEARCH. + properties: + searchAddOns: + description: The add-on that this search engine enables. + items: + type: string + type: array + searchTier: + description: |- + The search feature tier of this engine. + + Different tiers might have different + pricing. To learn more, check the pricing documentation. + + Defaults to + [SearchTier.SEARCH_TIER_STANDARD][google.cloud.discoveryengine.v1.SearchTier.SEARCH_TIER_STANDARD] + if not specified. + type: string + type: object + solutionType: + description: Required. The solutions of the engine. + type: string + required: + - collection + - displayName + - location + - projectRef + - solutionType + type: object + status: + description: DiscoveryEngineEngineStatus defines the config connector + machine state of DiscoveryEngineEngine + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the DiscoveryEngineEngine resource + in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpdeidentifytemplates.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPDeidentifyTemplate + plural: dlpdeidentifytemplates + shortNames: + - gcpdlpdeidentifytemplate + - gcpdlpdeidentifytemplates + singular: dlpdeidentifytemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - organizationRef + - required: + - projectRef + properties: + deidentifyConfig: + description: The core content of the template. + properties: + infoTypeTransformations: + description: Treat the dataset as free-form text and apply the + same free text transformation everywhere. + properties: + transformations: + description: Required. Transformation for each infoType. Cannot + specify more than one for a given infoType. + items: + properties: + infoTypes: + description: InfoTypes to apply the transformation to. + An empty list will cause this transformation to apply + to all findings that correspond to infoTypes that + were requested in `InspectConfig`. + items: + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType + names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + primitiveTransformation: + description: Required. Primitive transformation to apply + to the infoType. + properties: + bucketingConfig: + description: Bucketing + properties: + buckets: + description: Set of buckets. Ranges must be + non-overlapping. + items: + properties: + max: + description: Upper bound of the range, + exclusive; type must match min. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + min: + description: Lower bound of the range, + inclusive. Type should be the same as + max if used. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + replacementValue: + description: Required. Replacement value + for this bucket. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - replacementValue + type: object + type: array + type: object + characterMaskConfig: + description: Mask + properties: + charactersToIgnore: + description: When masking a string, items in + this list will be skipped when replacing characters. + For example, if the input string is `555-555-5555` + and you instruct Cloud DLP to skip `-` and + mask 5 characters with `*`, Cloud DLP returns + `***-**5-5555`. + items: + properties: + charactersToSkip: + description: Characters to not transform + when masking. + type: string + commonCharactersToIgnore: + description: 'Common characters to not + transform when masking. Useful to avoid + removing punctuation. Possible values: + COMMON_CHARS_TO_IGNORE_UNSPECIFIED, + NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE, + PUNCTUATION, WHITESPACE' + type: string + type: object + type: array + maskingCharacter: + description: Character to use to mask the sensitive + values—for example, `*` for an alphabetic + string such as a name, or `0` for a numeric + string such as ZIP code or credit card number. + This string must have a length of 1. If not + supplied, this value defaults to `*` for strings, + and `0` for digits. + type: string + numberToMask: + description: Number of characters to mask. If + not set, all matching chars will be masked. + Skipped characters do not count towards this + tally. + format: int64 + type: integer + reverseOrder: + description: Mask characters in reverse order. + For example, if `masking_character` is `0`, + `number_to_mask` is `14`, and `reverse_order` + is `false`, then the input string `1234-5678-9012-3456` + is masked as `00000000000000-3456`. If `masking_character` + is `*`, `number_to_mask` is `3`, and `reverse_order` + is `true`, then the string `12345` is masked + as `12***`. + type: boolean + type: object + cryptoDeterministicConfig: + description: Deterministic Crypto + properties: + context: + description: 'A context may be used for higher + security and maintaining referential integrity + such that the same identifier in two different + contexts will be given a distinct surrogate. + The context is appended to plaintext value + being encrypted. On decryption the provided + context is validated against the value used + during encryption. If a context was provided + during encryption, same context must be provided + during decryption as well. If the context + is not set, plaintext would be used as is + for encryption. If the context is set but: + 1. there is no record present when transforming + a given value or 2. the field is not present + when transforming a given value, plaintext + would be used as is for encryption. Note that + case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s.' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: The key used by the encryption + function. For deterministic encryption using + AES-SIV, the provided key is internally expanded + to 64 bytes prior to use. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + surrogateInfoType: + description: 'The custom info type to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom info type followed + by the number of characters comprising the + surrogate. The following scheme defines the + format: {info type name}({surrogate character + count}):{surrogate} For example, if the name + of custom info type is ''MY_TOKEN_INFO_TYPE'' + and the surrogate is ''abc'', the full replacement + value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' + This annotation identifies the surrogate when + inspecting content using the custom info type + ''Surrogate''. This facilitates reversal of + the surrogate when it occurs in free text. + Note: For record transformations where the + entire cell in a table is being transformed, + surrogates are not mandatory. Surrogates are + used to denote the location of the token and + are necessary for re-identification in free + form text. In order for inspection to work + properly, the name of this info type must + not occur naturally anywhere in your data; + otherwise, inspection may either - reverse + a surrogate that does not correspond to an + actual identifier - be unable to parse the + surrogate and result in an error Therefore, + choose your custom info type name carefully + after considering what your data looks like. + One way to select a name that has a high chance + of yielding reliable detection is to include + one or more unicode characters that are highly + improbable to exist in your data. For example, + assuming your data is entered from a regular + ASCII keyboard, the symbol with the hex code + point 29DD might be used like so: ⧝MY_TOKEN_TYPE.' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: object + cryptoHashConfig: + description: Crypto + properties: + cryptoKey: + description: The key used by the hash function. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + type: object + cryptoReplaceFfxFpeConfig: + description: Ffx-Fpe + properties: + commonAlphabet: + description: 'Common alphabets. Possible values: + FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC, + HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC' + type: string + context: + description: 'The ''tweak'', a context may be + used for higher security since the same identifier + in two different contexts won''t be given + the same surrogate. If the context is not + set, a default tweak will be used. If the + context is set but: 1. there is no record + present when transforming a given value or + 1. the field is not present when transforming + a given value, a default tweak will be used. + Note that case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s. Currently, the referenced + field may be of value type integer or string. + The tweak is constructed as a sequence of + bytes in big endian byte order such that: + - a 64 bit integer is encoded followed by + a single byte of value 1 - a string is encoded + in UTF-8 format followed by a single byte + of value 2' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Required. The key used by the encryption + algorithm. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + customAlphabet: + description: 'This is supported by mapping these + to the alphanumeric characters that the FFX + mode natively supports. This happens before/after + encryption/decryption. Each character listed + must appear only once. Number of characters + must be in the range [2, 95]. This must be + encoded as ASCII. The order of characters + does not matter. The full list of allowed + characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz + ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' + type: string + radix: + description: The native way to select the alphabet. + Must be in the range [2, 95]. + format: int64 + type: integer + surrogateInfoType: + description: 'The custom infoType to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom infoType followed by + the number of characters comprising the surrogate. + The following scheme defines the format: info_type_name(surrogate_character_count):surrogate + For example, if the name of custom infoType + is ''MY_TOKEN_INFO_TYPE'' and the surrogate + is ''abc'', the full replacement value will + be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation + identifies the surrogate when inspecting content + using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). + This facilitates reversal of the surrogate + when it occurs in free text. In order for + inspection to work properly, the name of this + infoType must not occur naturally anywhere + in your data; otherwise, inspection may find + a surrogate that does not correspond to an + actual identifier. Therefore, choose your + custom infoType name carefully after considering + what your data looks like. One way to select + a name that has a high chance of yielding + reliable detection is to include one or more + unicode characters that are highly improbable + to exist in your data. For example, assuming + your data is entered from a regular ASCII + keyboard, the symbol with the hex code point + 29DD might be used like so: ⧝MY_TOKEN_TYPE' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + required: + - cryptoKey + type: object + dateShiftConfig: + description: Date Shift + properties: + context: + description: Points to the field that contains + the context, for example, an entity id. If + set, must also set cryptoKey. If set, shift + will be consistent for the given context. + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Causes the shift to be computed + based on this key and the context. This results + in the same shift for the same context and + crypto_key. If set, must also set context. + Can only be applied to table items. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + lowerBoundDays: + description: Required. For example, -5 means + shift date to at most 5 days back in the past. + format: int64 + type: integer + upperBoundDays: + description: Required. Range of shift in days. + Actual shift will be selected at random within + this range (inclusive ends). Negative means + shift to earlier in time. Must not be more + than 365250 days (1000 years) each direction. + For example, 3 means shift date to at most + 3 days into the future. + format: int64 + type: integer + required: + - lowerBoundDays + - upperBoundDays + type: object + fixedSizeBucketingConfig: + description: Fixed size bucketing + properties: + bucketSize: + description: 'Required. Size of each bucket + (except for minimum and maximum buckets). + So if `lower_bound` = 10, `upper_bound` = + 89, and `bucket_size` = 10, then the following + buckets would be used: -10, 10-20, 20-30, + 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, + 89+. Precision up to 2 decimals works.' + format: double + type: number + lowerBound: + description: Required. Lower bound value of + buckets. All values less than `lower_bound` + are grouped together into a single bucket; + for example if `lower_bound` = 10, then all + values less than 10 are replaced with the + value "-10". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + upperBound: + description: Required. Upper bound value of + buckets. All values greater than upper_bound + are grouped together into a single bucket; + for example if `upper_bound` = 89, then all + values greater than 89 are replaced with the + value "89+". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - bucketSize + - lowerBound + - upperBound + type: object + redactConfig: + description: Redact + type: object + x-kubernetes-preserve-unknown-fields: true + replaceConfig: + description: Replace with a specified value. + properties: + newValue: + description: Value to replace it with. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + type: object + replaceWithInfoTypeConfig: + description: Replace with infotype + type: object + x-kubernetes-preserve-unknown-fields: true + timePartConfig: + description: Time extraction + properties: + partToExtract: + description: 'The part of the time to keep. + Possible values: TIME_PART_UNSPECIFIED, YEAR, + MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR, + HOUR_OF_DAY' + type: string + type: object + type: object + required: + - primitiveTransformation + type: object + type: array + required: + - transformations + type: object + recordTransformations: + description: Treat the dataset as structured. Transformations + can be applied to specific locations within structured datasets, + such as transforming a column within a table. + properties: + fieldTransformations: + description: Transform the record by applying various field + transformations. + items: + properties: + condition: + description: 'Only apply the transformation if the condition + evaluates to true for the given `RecordCondition`. + The conditions are allowed to reference fields that + are not used in the actual transformation. Example + Use Cases: - Apply a different bucket transformation + to an age column if the zip code column for the same + record is within a specific range. - Redact a field + if the date of birth field is greater than 85.' + properties: + expressions: + description: An expression. + properties: + conditions: + description: Conditions to apply to the expression. + properties: + conditions: + description: A collection of conditions. + items: + properties: + field: + description: Required. Field within + the record this condition is evaluated + against. + properties: + name: + description: Name describing the + field. + type: string + type: object + operator: + description: 'Required. Operator used + to compare the field or infoType + to the value. Possible values: LOGICAL_OPERATOR_UNSPECIFIED, + AND' + type: string + value: + description: Value to compare against. + [Mandatory, except for `EXISTS` + tests.] + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - field + - operator + type: object + type: array + type: object + logicalOperator: + description: 'The operator to apply to the result + of conditions. Default and currently only + supported value is `AND`. Possible values: + LOGICAL_OPERATOR_UNSPECIFIED, AND' + type: string + type: object + type: object + fields: + description: Required. Input field(s) to apply the transformation + to. When you have columns that reference their position + within a list, omit the index from the FieldId. FieldId + name matching ignores the index. For example, instead + of "contact.nums[0].type", use "contact.nums.type". + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + infoTypeTransformations: + description: Treat the contents of the field as free + text, and selectively transform content that matches + an `InfoType`. + properties: + transformations: + description: Required. Transformation for each infoType. + Cannot specify more than one for a given infoType. + items: + properties: + infoTypes: + description: InfoTypes to apply the transformation + to. An empty list will cause this transformation + to apply to all findings that correspond + to infoTypes that were requested in `InspectConfig`. + items: + properties: + name: + description: Name of the information + type. Either a name of your choosing + when creating a CustomInfoType, or + one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data + Catalog, infoType names should conform + to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + primitiveTransformation: + description: Required. Primitive transformation + to apply to the infoType. + properties: + bucketingConfig: + description: Bucketing + properties: + buckets: + description: Set of buckets. Ranges + must be non-overlapping. + items: + properties: + max: + description: Upper bound of + the range, exclusive; type + must match min. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of + a month. Must be from + 1 to 31 and valid + for the year and month, + or 0 to specify a + year by itself or + a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of + a year. Must be from + 1 to 12, or 0 to specify + a year without a month + and day. + format: int64 + type: integer + year: + description: Year of + the date. Must be + from 1 to 9999, or + 0 to specify a date + without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week + Possible values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of + day in 24 hour format. + Should be from 0 to + 23. An API may choose + to allow the value + "24:00:00" for scenarios + like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes + of hour of day. Must + be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions + of seconds in nanoseconds. + Must be from 0 to + 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds + of minutes of the + time. Must normally + be from 0 to 59. An + API may allow the + value 60 if it allows + leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + min: + description: Lower bound of + the range, inclusive. Type + should be the same as max + if used. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of + a month. Must be from + 1 to 31 and valid + for the year and month, + or 0 to specify a + year by itself or + a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of + a year. Must be from + 1 to 12, or 0 to specify + a year without a month + and day. + format: int64 + type: integer + year: + description: Year of + the date. Must be + from 1 to 9999, or + 0 to specify a date + without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week + Possible values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of + day in 24 hour format. + Should be from 0 to + 23. An API may choose + to allow the value + "24:00:00" for scenarios + like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes + of hour of day. Must + be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions + of seconds in nanoseconds. + Must be from 0 to + 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds + of minutes of the + time. Must normally + be from 0 to 59. An + API may allow the + value 60 if it allows + leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + replacementValue: + description: Required. Replacement + value for this bucket. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of + a month. Must be from + 1 to 31 and valid + for the year and month, + or 0 to specify a + year by itself or + a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of + a year. Must be from + 1 to 12, or 0 to specify + a year without a month + and day. + format: int64 + type: integer + year: + description: Year of + the date. Must be + from 1 to 9999, or + 0 to specify a date + without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week + Possible values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of + day in 24 hour format. + Should be from 0 to + 23. An API may choose + to allow the value + "24:00:00" for scenarios + like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes + of hour of day. Must + be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions + of seconds in nanoseconds. + Must be from 0 to + 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds + of minutes of the + time. Must normally + be from 0 to 59. An + API may allow the + value 60 if it allows + leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - replacementValue + type: object + type: array + type: object + characterMaskConfig: + description: Mask + properties: + charactersToIgnore: + description: When masking a string, + items in this list will be skipped + when replacing characters. For example, + if the input string is `555-555-5555` + and you instruct Cloud DLP to skip + `-` and mask 5 characters with `*`, + Cloud DLP returns `***-**5-5555`. + items: + properties: + charactersToSkip: + description: Characters to not + transform when masking. + type: string + commonCharactersToIgnore: + description: 'Common characters + to not transform when masking. + Useful to avoid removing punctuation. + Possible values: COMMON_CHARS_TO_IGNORE_UNSPECIFIED, + NUMERIC, ALPHA_UPPER_CASE, + ALPHA_LOWER_CASE, PUNCTUATION, + WHITESPACE' + type: string + type: object + type: array + maskingCharacter: + description: Character to use to mask + the sensitive values—for example, + `*` for an alphabetic string such + as a name, or `0` for a numeric + string such as ZIP code or credit + card number. This string must have + a length of 1. If not supplied, + this value defaults to `*` for strings, + and `0` for digits. + type: string + numberToMask: + description: Number of characters + to mask. If not set, all matching + chars will be masked. Skipped characters + do not count towards this tally. + format: int64 + type: integer + reverseOrder: + description: Mask characters in reverse + order. For example, if `masking_character` + is `0`, `number_to_mask` is `14`, + and `reverse_order` is `false`, + then the input string `1234-5678-9012-3456` + is masked as `00000000000000-3456`. + If `masking_character` is `*`, `number_to_mask` + is `3`, and `reverse_order` is `true`, + then the string `12345` is masked + as `12***`. + type: boolean + type: object + cryptoDeterministicConfig: + description: Deterministic Crypto + properties: + context: + description: 'A context may be used + for higher security and maintaining + referential integrity such that + the same identifier in two different + contexts will be given a distinct + surrogate. The context is appended + to plaintext value being encrypted. + On decryption the provided context + is validated against the value used + during encryption. If a context + was provided during encryption, + same context must be provided during + decryption as well. If the context + is not set, plaintext would be used + as is for encryption. If the context + is set but: 1. there is no record + present when transforming a given + value or 2. the field is not present + when transforming a given value, + plaintext would be used as is for + encryption. Note that case (1) is + expected when an `InfoTypeTransformation` + is applied to both structured and + non-structured `ContentItem`s.' + properties: + name: + description: Name describing the + field. + type: string + type: object + cryptoKey: + description: The key used by the encryption + function. For deterministic encryption + using AES-SIV, the provided key + is internally expanded to 64 bytes + prior to use. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + surrogateInfoType: + description: 'The custom info type + to annotate the surrogate with. + This annotation will be applied + to the surrogate by prefixing it + with the name of the custom info + type followed by the number of characters + comprising the surrogate. The following + scheme defines the format: {info + type name}({surrogate character + count}):{surrogate} For example, + if the name of custom info type + is ''MY_TOKEN_INFO_TYPE'' and the + surrogate is ''abc'', the full replacement + value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' + This annotation identifies the surrogate + when inspecting content using the + custom info type ''Surrogate''. + This facilitates reversal of the + surrogate when it occurs in free + text. Note: For record transformations + where the entire cell in a table + is being transformed, surrogates + are not mandatory. Surrogates are + used to denote the location of the + token and are necessary for re-identification + in free form text. In order for + inspection to work properly, the + name of this info type must not + occur naturally anywhere in your + data; otherwise, inspection may + either - reverse a surrogate that + does not correspond to an actual + identifier - be unable to parse + the surrogate and result in an error + Therefore, choose your custom info + type name carefully after considering + what your data looks like. One way + to select a name that has a high + chance of yielding reliable detection + is to include one or more unicode + characters that are highly improbable + to exist in your data. For example, + assuming your data is entered from + a regular ASCII keyboard, the symbol + with the hex code point 29DD might + be used like so: ⧝MY_TOKEN_TYPE.' + properties: + name: + description: Name of the information + type. Either a name of your + choosing when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: object + cryptoHashConfig: + description: Crypto + properties: + cryptoKey: + description: The key used by the hash + function. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + type: object + cryptoReplaceFfxFpeConfig: + description: Ffx-Fpe + properties: + commonAlphabet: + description: 'Common alphabets. Possible + values: FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, + NUMERIC, HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, + ALPHA_NUMERIC' + type: string + context: + description: 'The ''tweak'', a context + may be used for higher security + since the same identifier in two + different contexts won''t be given + the same surrogate. If the context + is not set, a default tweak will + be used. If the context is set but: + 1. there is no record present when + transforming a given value or 1. + the field is not present when transforming + a given value, a default tweak will + be used. Note that case (1) is expected + when an `InfoTypeTransformation` + is applied to both structured and + non-structured `ContentItem`s. Currently, + the referenced field may be of value + type integer or string. The tweak + is constructed as a sequence of + bytes in big endian byte order such + that: - a 64 bit integer is encoded + followed by a single byte of value + 1 - a string is encoded in UTF-8 + format followed by a single byte + of value 2' + properties: + name: + description: Name describing the + field. + type: string + type: object + cryptoKey: + description: Required. The key used + by the encryption algorithm. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + customAlphabet: + description: 'This is supported by + mapping these to the alphanumeric + characters that the FFX mode natively + supports. This happens before/after + encryption/decryption. Each character + listed must appear only once. Number + of characters must be in the range + [2, 95]. This must be encoded as + ASCII. The order of characters does + not matter. The full list of allowed + characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz + ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' + type: string + radix: + description: The native way to select + the alphabet. Must be in the range + [2, 95]. + format: int64 + type: integer + surrogateInfoType: + description: 'The custom infoType + to annotate the surrogate with. + This annotation will be applied + to the surrogate by prefixing it + with the name of the custom infoType + followed by the number of characters + comprising the surrogate. The following + scheme defines the format: info_type_name(surrogate_character_count):surrogate + For example, if the name of custom + infoType is ''MY_TOKEN_INFO_TYPE'' + and the surrogate is ''abc'', the + full replacement value will be: + ''MY_TOKEN_INFO_TYPE(3):abc'' This + annotation identifies the surrogate + when inspecting content using the + custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). + This facilitates reversal of the + surrogate when it occurs in free + text. In order for inspection to + work properly, the name of this + infoType must not occur naturally + anywhere in your data; otherwise, + inspection may find a surrogate + that does not correspond to an actual + identifier. Therefore, choose your + custom infoType name carefully after + considering what your data looks + like. One way to select a name that + has a high chance of yielding reliable + detection is to include one or more + unicode characters that are highly + improbable to exist in your data. + For example, assuming your data + is entered from a regular ASCII + keyboard, the symbol with the hex + code point 29DD might be used like + so: ⧝MY_TOKEN_TYPE' + properties: + name: + description: Name of the information + type. Either a name of your + choosing when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + required: + - cryptoKey + type: object + dateShiftConfig: + description: Date Shift + properties: + context: + description: Points to the field that + contains the context, for example, + an entity id. If set, must also + set cryptoKey. If set, shift will + be consistent for the given context. + properties: + name: + description: Name describing the + field. + type: string + type: object + cryptoKey: + description: Causes the shift to be + computed based on this key and the + context. This results in the same + shift for the same context and crypto_key. + If set, must also set context. Can + only be applied to table items. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + lowerBoundDays: + description: Required. For example, + -5 means shift date to at most 5 + days back in the past. + format: int64 + type: integer + upperBoundDays: + description: Required. Range of shift + in days. Actual shift will be selected + at random within this range (inclusive + ends). Negative means shift to earlier + in time. Must not be more than 365250 + days (1000 years) each direction. + For example, 3 means shift date + to at most 3 days into the future. + format: int64 + type: integer + required: + - lowerBoundDays + - upperBoundDays + type: object + fixedSizeBucketingConfig: + description: Fixed size bucketing + properties: + bucketSize: + description: 'Required. Size of each + bucket (except for minimum and maximum + buckets). So if `lower_bound` = + 10, `upper_bound` = 89, and `bucket_size` + = 10, then the following buckets + would be used: -10, 10-20, 20-30, + 30-40, 40-50, 50-60, 60-70, 70-80, + 80-89, 89+. Precision up to 2 decimals + works.' + format: double + type: number + lowerBound: + description: Required. Lower bound + value of buckets. All values less + than `lower_bound` are grouped together + into a single bucket; for example + if `lower_bound` = 10, then all + values less than 10 are replaced + with the value "-10". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + upperBound: + description: Required. Upper bound + value of buckets. All values greater + than upper_bound are grouped together + into a single bucket; for example + if `upper_bound` = 89, then all + values greater than 89 are replaced + with the value "89+". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - bucketSize + - lowerBound + - upperBound + type: object + redactConfig: + description: Redact + type: object + x-kubernetes-preserve-unknown-fields: true + replaceConfig: + description: Replace with a specified + value. + properties: + newValue: + description: Value to replace it with. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + type: object + replaceWithInfoTypeConfig: + description: Replace with infotype + type: object + x-kubernetes-preserve-unknown-fields: true + timePartConfig: + description: Time extraction + properties: + partToExtract: + description: 'The part of the time + to keep. Possible values: TIME_PART_UNSPECIFIED, + YEAR, MONTH, DAY_OF_MONTH, DAY_OF_WEEK, + WEEK_OF_YEAR, HOUR_OF_DAY' + type: string + type: object + type: object + required: + - primitiveTransformation + type: object + type: array + required: + - transformations + type: object + primitiveTransformation: + description: Apply the transformation to the entire + field. + properties: + bucketingConfig: + description: Bucketing + properties: + buckets: + description: Set of buckets. Ranges must be + non-overlapping. + items: + properties: + max: + description: Upper bound of the range, + exclusive; type must match min. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + min: + description: Lower bound of the range, + inclusive. Type should be the same as + max if used. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + replacementValue: + description: Required. Replacement value + for this bucket. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - replacementValue + type: object + type: array + type: object + characterMaskConfig: + description: Mask + properties: + charactersToIgnore: + description: When masking a string, items in + this list will be skipped when replacing characters. + For example, if the input string is `555-555-5555` + and you instruct Cloud DLP to skip `-` and + mask 5 characters with `*`, Cloud DLP returns + `***-**5-5555`. + items: + properties: + charactersToSkip: + description: Characters to not transform + when masking. + type: string + commonCharactersToIgnore: + description: 'Common characters to not + transform when masking. Useful to avoid + removing punctuation. Possible values: + COMMON_CHARS_TO_IGNORE_UNSPECIFIED, + NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE, + PUNCTUATION, WHITESPACE' + type: string + type: object + type: array + maskingCharacter: + description: Character to use to mask the sensitive + values—for example, `*` for an alphabetic + string such as a name, or `0` for a numeric + string such as ZIP code or credit card number. + This string must have a length of 1. If not + supplied, this value defaults to `*` for strings, + and `0` for digits. + type: string + numberToMask: + description: Number of characters to mask. If + not set, all matching chars will be masked. + Skipped characters do not count towards this + tally. + format: int64 + type: integer + reverseOrder: + description: Mask characters in reverse order. + For example, if `masking_character` is `0`, + `number_to_mask` is `14`, and `reverse_order` + is `false`, then the input string `1234-5678-9012-3456` + is masked as `00000000000000-3456`. If `masking_character` + is `*`, `number_to_mask` is `3`, and `reverse_order` + is `true`, then the string `12345` is masked + as `12***`. + type: boolean + type: object + cryptoDeterministicConfig: + description: Deterministic Crypto + properties: + context: + description: 'A context may be used for higher + security and maintaining referential integrity + such that the same identifier in two different + contexts will be given a distinct surrogate. + The context is appended to plaintext value + being encrypted. On decryption the provided + context is validated against the value used + during encryption. If a context was provided + during encryption, same context must be provided + during decryption as well. If the context + is not set, plaintext would be used as is + for encryption. If the context is set but: + 1. there is no record present when transforming + a given value or 2. the field is not present + when transforming a given value, plaintext + would be used as is for encryption. Note that + case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s.' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: The key used by the encryption + function. For deterministic encryption using + AES-SIV, the provided key is internally expanded + to 64 bytes prior to use. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + surrogateInfoType: + description: 'The custom info type to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom info type followed + by the number of characters comprising the + surrogate. The following scheme defines the + format: {info type name}({surrogate character + count}):{surrogate} For example, if the name + of custom info type is ''MY_TOKEN_INFO_TYPE'' + and the surrogate is ''abc'', the full replacement + value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' + This annotation identifies the surrogate when + inspecting content using the custom info type + ''Surrogate''. This facilitates reversal of + the surrogate when it occurs in free text. + Note: For record transformations where the + entire cell in a table is being transformed, + surrogates are not mandatory. Surrogates are + used to denote the location of the token and + are necessary for re-identification in free + form text. In order for inspection to work + properly, the name of this info type must + not occur naturally anywhere in your data; + otherwise, inspection may either - reverse + a surrogate that does not correspond to an + actual identifier - be unable to parse the + surrogate and result in an error Therefore, + choose your custom info type name carefully + after considering what your data looks like. + One way to select a name that has a high chance + of yielding reliable detection is to include + one or more unicode characters that are highly + improbable to exist in your data. For example, + assuming your data is entered from a regular + ASCII keyboard, the symbol with the hex code + point 29DD might be used like so: ⧝MY_TOKEN_TYPE.' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: object + cryptoHashConfig: + description: Crypto + properties: + cryptoKey: + description: The key used by the hash function. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + type: object + cryptoReplaceFfxFpeConfig: + description: Ffx-Fpe + properties: + commonAlphabet: + description: 'Common alphabets. Possible values: + FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC, + HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC' + type: string + context: + description: 'The ''tweak'', a context may be + used for higher security since the same identifier + in two different contexts won''t be given + the same surrogate. If the context is not + set, a default tweak will be used. If the + context is set but: 1. there is no record + present when transforming a given value or + 1. the field is not present when transforming + a given value, a default tweak will be used. + Note that case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s. Currently, the referenced + field may be of value type integer or string. + The tweak is constructed as a sequence of + bytes in big endian byte order such that: + - a 64 bit integer is encoded followed by + a single byte of value 1 - a string is encoded + in UTF-8 format followed by a single byte + of value 2' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Required. The key used by the encryption + algorithm. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + customAlphabet: + description: 'This is supported by mapping these + to the alphanumeric characters that the FFX + mode natively supports. This happens before/after + encryption/decryption. Each character listed + must appear only once. Number of characters + must be in the range [2, 95]. This must be + encoded as ASCII. The order of characters + does not matter. The full list of allowed + characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz + ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' + type: string + radix: + description: The native way to select the alphabet. + Must be in the range [2, 95]. + format: int64 + type: integer + surrogateInfoType: + description: 'The custom infoType to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom infoType followed by + the number of characters comprising the surrogate. + The following scheme defines the format: info_type_name(surrogate_character_count):surrogate + For example, if the name of custom infoType + is ''MY_TOKEN_INFO_TYPE'' and the surrogate + is ''abc'', the full replacement value will + be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation + identifies the surrogate when inspecting content + using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). + This facilitates reversal of the surrogate + when it occurs in free text. In order for + inspection to work properly, the name of this + infoType must not occur naturally anywhere + in your data; otherwise, inspection may find + a surrogate that does not correspond to an + actual identifier. Therefore, choose your + custom infoType name carefully after considering + what your data looks like. One way to select + a name that has a high chance of yielding + reliable detection is to include one or more + unicode characters that are highly improbable + to exist in your data. For example, assuming + your data is entered from a regular ASCII + keyboard, the symbol with the hex code point + 29DD might be used like so: ⧝MY_TOKEN_TYPE' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + required: + - cryptoKey + type: object + dateShiftConfig: + description: Date Shift + properties: + context: + description: Points to the field that contains + the context, for example, an entity id. If + set, must also set cryptoKey. If set, shift + will be consistent for the given context. + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Causes the shift to be computed + based on this key and the context. This results + in the same shift for the same context and + crypto_key. If set, must also set context. + Can only be applied to table items. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + lowerBoundDays: + description: Required. For example, -5 means + shift date to at most 5 days back in the past. + format: int64 + type: integer + upperBoundDays: + description: Required. Range of shift in days. + Actual shift will be selected at random within + this range (inclusive ends). Negative means + shift to earlier in time. Must not be more + than 365250 days (1000 years) each direction. + For example, 3 means shift date to at most + 3 days into the future. + format: int64 + type: integer + required: + - lowerBoundDays + - upperBoundDays + type: object + fixedSizeBucketingConfig: + description: Fixed size bucketing + properties: + bucketSize: + description: 'Required. Size of each bucket + (except for minimum and maximum buckets). + So if `lower_bound` = 10, `upper_bound` = + 89, and `bucket_size` = 10, then the following + buckets would be used: -10, 10-20, 20-30, + 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, + 89+. Precision up to 2 decimals works.' + format: double + type: number + lowerBound: + description: Required. Lower bound value of + buckets. All values less than `lower_bound` + are grouped together into a single bucket; + for example if `lower_bound` = 10, then all + values less than 10 are replaced with the + value "-10". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + upperBound: + description: Required. Upper bound value of + buckets. All values greater than upper_bound + are grouped together into a single bucket; + for example if `upper_bound` = 89, then all + values greater than 89 are replaced with the + value "89+". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - bucketSize + - lowerBound + - upperBound + type: object + redactConfig: + description: Redact + type: object + x-kubernetes-preserve-unknown-fields: true + replaceConfig: + description: Replace with a specified value. + properties: + newValue: + description: Value to replace it with. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + type: object + replaceWithInfoTypeConfig: + description: Replace with infotype + type: object + x-kubernetes-preserve-unknown-fields: true + timePartConfig: + description: Time extraction + properties: + partToExtract: + description: 'The part of the time to keep. + Possible values: TIME_PART_UNSPECIFIED, YEAR, + MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR, + HOUR_OF_DAY' + type: string + type: object + type: object + required: + - fields + type: object + type: array + recordSuppressions: + description: Configuration defining which records get suppressed + entirely. Records that match any suppression rule are omitted + from the output. + items: + properties: + condition: + description: A condition that when it evaluates to true + will result in the record being evaluated to be suppressed + from the transformed content. + properties: + expressions: + description: An expression. + properties: + conditions: + description: Conditions to apply to the expression. + properties: + conditions: + description: A collection of conditions. + items: + properties: + field: + description: Required. Field within + the record this condition is evaluated + against. + properties: + name: + description: Name describing the + field. + type: string + type: object + operator: + description: 'Required. Operator used + to compare the field or infoType + to the value. Possible values: LOGICAL_OPERATOR_UNSPECIFIED, + AND' + type: string + value: + description: Value to compare against. + [Mandatory, except for `EXISTS` + tests.] + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - field + - operator + type: object + type: array + type: object + logicalOperator: + description: 'The operator to apply to the result + of conditions. Default and currently only + supported value is `AND`. Possible values: + LOGICAL_OPERATOR_UNSPECIFIED, AND' + type: string + type: object + type: object + type: object + type: array + type: object + transformationErrorHandling: + description: Mode for handling transformation errors. If left + unspecified, the default mode is `TransformationErrorHandling.ThrowError`. + properties: + leaveUntransformed: + description: Ignore errors + type: object + x-kubernetes-preserve-unknown-fields: true + throwError: + description: Throw an error + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + description: + description: Short description (max 256 chars). + type: string + displayName: + description: Display name (max 256 chars). + type: string + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of an inspectTemplate. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of an inspectTemplate. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpinspecttemplates.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPInspectTemplate + plural: dlpinspecttemplates + shortNames: + - gcpdlpinspecttemplate + - gcpdlpinspecttemplates + singular: dlpinspecttemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - organizationRef + - required: + - projectRef + properties: + description: + description: Short description (max 256 chars). + type: string + displayName: + description: Display name (max 256 chars). + type: string + inspectConfig: + description: The core content of the template. Configuration of the + scanning process. + properties: + contentOptions: + description: List of options defining data content to scan. If + empty, text, images, and other content will be included. + items: + type: string + type: array + customInfoTypes: + description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes + to learn more. + items: + properties: + dictionary: + description: A list of phrases to detect as a CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in Cloud + Storage. Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path + (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases to search for. + properties: + words: + description: Words or phrases defining the dictionary. + The dictionary must contain at least one phrase + and every phrase must contain at least 2 characters + that are letters or digits. [required] + items: + type: string + type: array + type: object + type: object + exclusionType: + description: 'If set to EXCLUSION_TYPE_EXCLUDE this infoType + will not cause a finding to be returned. It still can + be used for rules matching. Possible values: EXCLUSION_TYPE_UNSPECIFIED, + EXCLUSION_TYPE_EXCLUDE' + type: string + infoType: + description: CustomInfoType can either be a new infoType, + or an extension of built-in infoType, when the name matches + one of existing infoTypes and that infoType is specified + in `InspectContent.info_types` field. Specifying the latter + adds findings to the one detected by the system. If built-in + info type is not specified in `InspectContent.info_types` + list then the name is treated as a custom info type. + properties: + name: + description: Name of the information type. Either a + name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + likelihood: + description: 'Likelihood to return for this CustomInfoType. + This base value can be altered by a detection rule if + the finding meets the criteria specified by the rule. + Defaults to `VERY_LIKELY` if not specified. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, + LIKELY, VERY_LIKELY' + type: string + regex: + description: Regular expression based CustomInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract as + findings. When not specified, the entire match is + returned. No more than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. + Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository on GitHub. + type: string + type: object + storedType: + description: Load an existing `StoredInfoType` resource + for use in `InspectDataSource`. Not currently supported + in `InspectContent`. + properties: + createTime: + description: Timestamp indicating when the version of + the `StoredInfoType` used for inspection was created. + Output-only field, populated by the system. + format: date-time + type: string + nameRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. + + Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + surrogateType: + description: Message for detecting output from deidentification + transformations that support reversing. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + excludeInfoTypes: + description: When true, excludes type information of the findings. + type: boolean + includeQuote: + description: When true, a contextual quote from the data that + triggered a finding is included in the response; see Finding.quote. + type: boolean + infoTypes: + description: Restricts what info_types to look for. The values + must correspond to InfoType values returned by ListInfoTypes + or listed at https://cloud.google.com/dlp/docs/infotypes-reference. + When no InfoTypes or CustomInfoTypes are specified in a request, + the system may automatically choose what detectors to run. By + default this may be all types, but may change over time as detectors + are updated. If you need precise control and predictability + as to what detectors are run you should specify specific InfoTypes + listed in the reference, otherwise a default list will be used, + which may change over time. + items: + properties: + name: + description: Name of the information type. Either a name + of your choosing when creating a CustomInfoType, or one + of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud DLP + results to Data Catalog, infoType names should conform + to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + limits: + description: Configuration to control the number of findings returned. + properties: + maxFindingsPerInfoType: + description: Configuration of findings limit given for specified + infoTypes. + items: + properties: + infoType: + description: Type of information the findings limit + applies to. Only one limit per info_type should be + provided. If InfoTypeLimit does not have an info_type, + the DLP API applies the limit against all info_types + that are found but not specified in another InfoTypeLimit. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType names + should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + maxFindings: + description: Max findings limit for the given infoType. + format: int64 + type: integer + type: object + type: array + maxFindingsPerItem: + description: Max number of findings that will be returned + for each item scanned. When set within `InspectJobConfig`, + the maximum returned is 2000 regardless if this is set higher. + When set within `InspectContentRequest`, this field is ignored. + format: int64 + type: integer + maxFindingsPerRequest: + description: Max number of findings that will be returned + per request/job. When set within `InspectContentRequest`, + the maximum returned is 2000 regardless if this is set higher. + format: int64 + type: integer + type: object + minLikelihood: + description: 'Only returns findings equal or above this threshold. + The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood + to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + ruleSet: + description: Set of rules to apply to the findings for this InspectConfig. + Exclusion rules, contained in the set are executed in the end, + other rules are executed in the order they are specified for + each info type. + items: + properties: + infoTypes: + description: List of infoTypes this rule set is applied + to. + items: + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + rules: + description: Set of rules to be applied to infoTypes. The + rules are applied in order. + items: + properties: + exclusionRule: + description: Exclusion rule. + properties: + dictionary: + description: Dictionary which defines the rule. + properties: + cloudStoragePath: + description: Newline-delimited file of words + in Cloud Storage. Only a single file is + accepted. + properties: + path: + description: 'A url representing a file + or path (no wildcards) in Cloud Storage. + Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases to search + for. + properties: + words: + description: Words or phrases defining + the dictionary. The dictionary must + contain at least one phrase and every + phrase must contain at least 2 characters + that are letters or digits. [required] + items: + type: string + type: array + type: object + type: object + excludeInfoTypes: + description: Set of infoTypes for which findings + would affect this rule. + properties: + infoTypes: + description: InfoType list in ExclusionRule + rule drops a finding when it overlaps or + contained within with a finding of an infoType + from this list. For example, for `InspectionRuleSet.info_types` + containing "PHONE_NUMBER"` and `exclusion_rule` + containing `exclude_info_types.info_types` + with "EMAIL_ADDRESS" the phone number findings + are dropped if they overlap with EMAIL_ADDRESS + finding. That leads to "555-222-2222@example.org" + to generate only a single finding, namely + email address. + items: + properties: + name: + description: Name of the information + type. Either a name of your choosing + when creating a CustomInfoType, or + one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data + Catalog, infoType names should conform + to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + type: object + matchingType: + description: 'How the rule is applied, see MatchingType + documentation for details. Possible values: + MATCHING_TYPE_UNSPECIFIED, MATCHING_TYPE_FULL_MATCH, + MATCHING_TYPE_PARTIAL_MATCH, MATCHING_TYPE_INVERSE_MATCH' + type: string + regex: + description: Regular expression which defines + the rule. + properties: + groupIndexes: + description: The index of the submatch to + extract as findings. When not specified, + the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + type: object + hotwordRule: + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch to + extract as findings. When not specified, + the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply to + all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a finding + to a fixed value. Possible values: LIKELIHOOD_UNSPECIFIED, + VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, + VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the likelihood + by the specified number of levels. For example, + if a finding would be `POSSIBLE` without + the detection rule and `relative_likelihood` + is 1, then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to `UNLIKELY`. + Likelihood may never drop below `VERY_UNLIKELY` + or exceed `VERY_LIKELY`, so applying an + adjustment of 1 followed by an adjustment + of -1 when base likelihood is `VERY_LIKELY` + will result in a final likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within which + the entire hotword must reside. The total length + of the window cannot exceed 1000 characters. + Note that the finding itself will be included + in the window, so that hotwords may be used + to match substrings of the finding itself. For + example, the certainty of a phone number regex + "(d{3}) d{3}-d{4}" could be adjusted upwards + if the area code is known to be the local area + code of a company office using the hotword regex + "(xxx)", where "xxx" is the area code in question. + properties: + windowAfter: + description: Number of characters after the + finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before the + finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + type: object + type: array + type: object + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of an inspectTemplate. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of an inspectTemplate. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpjobtriggers.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPJobTrigger + plural: dlpjobtriggers + shortNames: + - gcpdlpjobtrigger + - gcpdlpjobtriggers + singular: dlpjobtrigger + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: User provided description (max 256 chars) + type: string + displayName: + description: Display name (max 100 chars) + type: string + inspectJob: + description: For inspect jobs, a snapshot of the configuration. + properties: + actions: + description: Actions to execute at the completion of the job. + items: + properties: + jobNotificationEmails: + description: Enable email notification for project owners + and editors on job's completion/failure. + type: object + x-kubernetes-preserve-unknown-fields: true + pubSub: + description: Publish a notification to a pubsub topic. + properties: + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Cloud Pub/Sub topic to send notifications to. The topic must have given publishing access rights to the DLP API service account executing the long running DlpJob sending the notifications. Format is projects/{project}/topics/{topic}. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + publishFindingsToCloudDataCatalog: + description: Publish findings to Cloud Datahub. + type: object + x-kubernetes-preserve-unknown-fields: true + publishSummaryToCscc: + description: Publish summary to Cloud Security Command Center + (Alpha). + type: object + x-kubernetes-preserve-unknown-fields: true + publishToStackdriver: + description: Enable Stackdriver metric dlp.googleapis.com/finding_count. + type: object + x-kubernetes-preserve-unknown-fields: true + saveFindings: + description: Save resulting findings in a provided location. + properties: + outputConfig: + description: Location to store findings outside of DLP. + properties: + dlpStorage: + description: Store findings directly to DLP. If + neither this or bigquery is chosen only summary + stats of total infotype count will be stored. + Quotes will not be stored to dlp findings. If + quotes are needed, store to BigQuery. Currently + only for inspect jobs. + type: object + x-kubernetes-preserve-unknown-fields: true + outputSchema: + description: 'Schema used for writing the findings + for Inspect jobs. This field is only used for + Inspect and must be unspecified for Risk jobs. + Columns are derived from the `Finding` object. + If appending to an existing table, any columns + from the predefined schema that are missing will + be added. No columns in the existing table will + be deleted. If unspecified, then all available + columns will be used for a new table or an (existing) + table with no schema, and no changes will be made + to an existing table that has a schema. Only for + use with external storage. Possible values: OUTPUT_SCHEMA_UNSPECIFIED, + BASIC_COLUMNS, GCS_COLUMNS, DATASTORE_COLUMNS, + BIG_QUERY_COLUMNS, ALL_COLUMNS' + type: string + table: + description: 'Store findings in an existing table + or a new table in an existing dataset. If table_id + is not set a new one will be generated for you + with the following format: dlp_googleapis_yyyy_mm_dd_[dlp_job_id]. + Pacific timezone will be used for generating the + date details. For Inspect, each column in an existing + output table must have the same name, type, and + mode of a field in the `Finding` object. For Risk, + an existing output table should be the output + of a previous Risk analysis job run on the same + source table, with the same privacy metric and + quasi-identifiers. Risk jobs that analyze the + same table but compute a different privacy metric, + or use different sets of quasi-identifiers, cannot + store their results in the same table.' + properties: + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + type: object + type: object + type: array + inspectConfig: + description: How and what to scan for. + properties: + customInfoTypes: + description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes + to learn more. + items: + properties: + detectionRules: + description: Set of detection rules to apply to all + findings of this CustomInfoType. Rules are applied + in order that they are specified. Not supported for + the `surrogate_type` CustomInfoType. + items: + properties: + hotwordRule: + description: Hotword-based detection rule. + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply + to all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a + finding to a fixed value. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the + likelihood by the specified number of + levels. For example, if a finding would + be `POSSIBLE` without the detection + rule and `relative_likelihood` is 1, + then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to + `UNLIKELY`. Likelihood may never drop + below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, + so applying an adjustment of 1 followed + by an adjustment of -1 when base likelihood + is `VERY_LIKELY` will result in a final + likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within + which the entire hotword must reside. The + total length of the window cannot exceed + 1000 characters. Note that the finding itself + will be included in the window, so that + hotwords may be used to match substrings + of the finding itself. For example, the + certainty of a phone number regex "(d{3}) + d{3}-d{4}" could be adjusted upwards if + the area code is known to be the local area + code of a company office using the hotword + regex "(xxx)", where "xxx" is the area code + in question. + properties: + windowAfter: + description: Number of characters after + the finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before + the finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + dictionary: + description: A list of phrases to detect as a CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in + Cloud Storage. Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path + (no wildcards) in Cloud Storage. Example: + gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases to search + for. + properties: + words: + description: Words or phrases defining the dictionary. + The dictionary must contain at least one phrase + and every phrase must contain at least 2 characters + that are letters or digits. [required] + items: + type: string + type: array + type: object + type: object + exclusionType: + description: 'If set to EXCLUSION_TYPE_EXCLUDE this + infoType will not cause a finding to be returned. + It still can be used for rules matching. Possible + values: EXCLUSION_TYPE_UNSPECIFIED, EXCLUSION_TYPE_EXCLUDE' + type: string + infoType: + description: CustomInfoType can either be a new infoType, + or an extension of built-in infoType, when the name + matches one of existing infoTypes and that infoType + is specified in `InspectContent.info_types` field. + Specifying the latter adds findings to the one detected + by the system. If built-in info type is not specified + in `InspectContent.info_types` list then the name + is treated as a custom info type. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType names + should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this InfoType. + type: string + type: object + likelihood: + description: 'Likelihood to return for this CustomInfoType. + This base value can be altered by a detection rule + if the finding meets the criteria specified by the + rule. Defaults to `VERY_LIKELY` if not specified. + Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + regex: + description: Regular expression based CustomInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract + as findings. When not specified, the entire match + is returned. No more than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. + Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository on + GitHub. + type: string + type: object + storedType: + description: Load an existing `StoredInfoType` resource + for use in `InspectDataSource`. Not currently supported + in `InspectContent`. + properties: + createTime: + description: Timestamp indicating when the version + of the `StoredInfoType` used for inspection was + created. Output-only field, populated by the system. + format: date-time + type: string + nameRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. + + Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + surrogateType: + description: Message for detecting output from deidentification + transformations that support reversing. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + excludeInfoTypes: + description: When true, excludes type information of the findings. + This is not used for data profiling. + type: boolean + includeQuote: + description: When true, a contextual quote from the data that + triggered a finding is included in the response; see Finding.quote. + This is not used for data profiling. + type: boolean + infoTypes: + description: Restricts what info_types to look for. The values + must correspond to InfoType values returned by ListInfoTypes + or listed at https://cloud.google.com/dlp/docs/infotypes-reference. + When no InfoTypes or CustomInfoTypes are specified in a + request, the system may automatically choose what detectors + to run. By default this may be all types, but may change + over time as detectors are updated. If you need precise + control and predictability as to what detectors are run + you should specify specific InfoTypes listed in the reference, + otherwise a default list will be used, which may change + over time. + items: + properties: + name: + description: Name of the information type. Either a + name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + limits: + description: Configuration to control the number of findings + returned. This is not used for data profiling. + properties: + maxFindingsPerInfoType: + description: Configuration of findings limit given for + specified infoTypes. + items: + properties: + infoType: + description: Type of information the findings limit + applies to. Only one limit per info_type should + be provided. If InfoTypeLimit does not have an + info_type, the DLP API applies the limit against + all info_types that are found but not specified + in another InfoTypeLimit. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType + names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this + InfoType. + type: string + type: object + maxFindings: + description: Max findings limit for the given infoType. + format: int64 + type: integer + type: object + type: array + maxFindingsPerItem: + description: Max number of findings that will be returned + for each item scanned. When set within `InspectJobConfig`, + the maximum returned is 2000 regardless if this is set + higher. When set within `InspectContentRequest`, this + field is ignored. + format: int64 + type: integer + maxFindingsPerRequest: + description: Max number of findings that will be returned + per request/job. When set within `InspectContentRequest`, + the maximum returned is 2000 regardless if this is set + higher. + format: int64 + type: integer + type: object + minLikelihood: + description: 'Only returns findings equal or above this threshold. + The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood + to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, + VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + ruleSet: + description: Set of rules to apply to the findings for this + InspectConfig. Exclusion rules, contained in the set are + executed in the end, other rules are executed in the order + they are specified for each info type. + items: + properties: + infoTypes: + description: List of infoTypes this rule set is applied + to. + items: + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType + names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this InfoType. + type: string + type: object + type: array + rules: + description: Set of rules to be applied to infoTypes. + The rules are applied in order. + items: + properties: + exclusionRule: + description: Exclusion rule. + properties: + dictionary: + description: Dictionary which defines the + rule. + properties: + cloudStoragePath: + description: Newline-delimited file of + words in Cloud Storage. Only a single + file is accepted. + properties: + path: + description: 'A url representing a + file or path (no wildcards) in Cloud + Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases + to search for. + properties: + words: + description: Words or phrases defining + the dictionary. The dictionary must + contain at least one phrase and + every phrase must contain at least + 2 characters that are letters or + digits. [required] + items: + type: string + type: array + type: object + type: object + excludeInfoTypes: + description: Set of infoTypes for which findings + would affect this rule. + properties: + infoTypes: + description: InfoType list in ExclusionRule + rule drops a finding when it overlaps + or contained within with a finding of + an infoType from this list. For example, + for `InspectionRuleSet.info_types` containing + "PHONE_NUMBER"` and `exclusion_rule` + containing `exclude_info_types.info_types` + with "EMAIL_ADDRESS" the phone number + findings are dropped if they overlap + with EMAIL_ADDRESS finding. That leads + to "555-222-2222@example.org" to generate + only a single finding, namely email + address. + items: + properties: + name: + description: Name of the information + type. Either a name of your choosing + when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name + for this InfoType. + type: string + type: object + type: array + type: object + matchingType: + description: 'How the rule is applied, see + MatchingType documentation for details. + Possible values: MATCHING_TYPE_UNSPECIFIED, + MATCHING_TYPE_FULL_MATCH, MATCHING_TYPE_PARTIAL_MATCH, + MATCHING_TYPE_INVERSE_MATCH' + type: string + regex: + description: Regular expression which defines + the rule. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + type: object + hotwordRule: + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply + to all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a + finding to a fixed value. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the + likelihood by the specified number of + levels. For example, if a finding would + be `POSSIBLE` without the detection + rule and `relative_likelihood` is 1, + then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to + `UNLIKELY`. Likelihood may never drop + below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, + so applying an adjustment of 1 followed + by an adjustment of -1 when base likelihood + is `VERY_LIKELY` will result in a final + likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within + which the entire hotword must reside. The + total length of the window cannot exceed + 1000 characters. Note that the finding itself + will be included in the window, so that + hotwords may be used to match substrings + of the finding itself. For example, the + certainty of a phone number regex "(d{3}) + d{3}-d{4}" could be adjusted upwards if + the area code is known to be the local area + code of a company office using the hotword + regex "(xxx)", where "xxx" is the area code + in question. + properties: + windowAfter: + description: Number of characters after + the finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before + the finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + type: object + type: array + type: object + inspectTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + If provided, will be used as the default for all values in InspectConfig. `inspect_config` will be merged into the values persisted as part of the template. + + Allowed value: The Google Cloud resource name of a `DLPInspectTemplate` resource (format: `{{parent}}/inspectTemplates/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + storageConfig: + description: The data to scan. + properties: + bigQueryOptions: + description: BigQuery options. + properties: + excludedFields: + description: References to fields excluded from scanning. + This allows you to skip inspection of entire columns + which you know have no findings. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + identifyingFields: + description: Table fields that may uniquely identify a + row within the table. When `actions.saveFindings.outputConfig.table` + is specified, the values of columns specified here are + available in the output table under `location.content_locations.record_location.record_key.id_values`. + Nested fields such as `person.birthdate.year` are allowed. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + includedFields: + description: Limit scanning only to these fields. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + rowsLimit: + description: Max number of rows to scan. If the table + has more rows than this value, the rest of the rows + are omitted. If not set, or if set to 0, all rows will + be scanned. Only one of rows_limit and rows_limit_percent + can be specified. Cannot be used in conjunction with + TimespanConfig. + format: int64 + type: integer + rowsLimitPercent: + description: Max percentage of rows to scan. The rest + are omitted. The number of rows scanned is rounded down. + Must be between 0 and 100, inclusively. Both 0 and 100 + means no limit. Defaults to 0. Only one of rows_limit + and rows_limit_percent can be specified. Cannot be used + in conjunction with TimespanConfig. + format: int64 + type: integer + sampleMethod: + description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, + TOP, RANDOM_START' + type: string + tableReference: + description: Complete BigQuery table reference. + properties: + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + required: + - tableReference + type: object + cloudStorageOptions: + description: Google Cloud Storage options. + properties: + bytesLimitPerFile: + description: Max number of bytes to scan from a file. + If a scanned file's size is bigger than this value then + the rest of the bytes are omitted. Only one of bytes_limit_per_file + and bytes_limit_per_file_percent can be specified. Cannot + be set if de-identification is requested. + format: int64 + type: integer + bytesLimitPerFilePercent: + description: Max percentage of bytes to scan from a file. + The rest are omitted. The number of bytes scanned is + rounded down. Must be between 0 and 100, inclusively. + Both 0 and 100 means no limit. Defaults to 0. Only one + of bytes_limit_per_file and bytes_limit_per_file_percent + can be specified. Cannot be set if de-identification + is requested. + format: int64 + type: integer + fileSet: + description: The set of one or more files to scan. + properties: + regexFileSet: + description: The regex-filtered set of files to scan. + Exactly one of `url` or `regex_file_set` must be + set. + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of a Cloud Storage bucket. Required. + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + excludeRegex: + description: A list of regular expressions matching + file paths to exclude. All files in the bucket + that match at least one of these regular expressions + will be excluded from the scan. Regular expressions + use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); + a guide can be found under the google/re2 repository + on GitHub. + items: + type: string + type: array + includeRegex: + description: A list of regular expressions matching + file paths to include. All files in the bucket + that match at least one of these regular expressions + will be included in the set of files, except + for those that also match an item in `exclude_regex`. + Leaving this field empty will match all files + by default (this is equivalent to including + `.*` in the list). Regular expressions use RE2 + [syntax](https://github.com/google/re2/wiki/Syntax); + a guide can be found under the google/re2 repository + on GitHub. + items: + type: string + type: array + required: + - bucketRef + type: object + url: + description: The Cloud Storage url of the file(s) + to scan, in the format `gs:///`. Trailing wildcard + in the path is allowed. If the url ends in a trailing + slash, the bucket or directory represented by the + url will be scanned non-recursively (content in + sub-directories will not be scanned). This means + that `gs://mybucket/` is equivalent to `gs://mybucket/*`, + and `gs://mybucket/directory/` is equivalent to + `gs://mybucket/directory/*`. Exactly one of `url` + or `regex_file_set` must be set. + type: string + type: object + fileTypes: + description: List of file type groups to include in the + scan. If empty, all files are scanned and available + data format processors are applied. In addition, the + binary content of the selected files is always scanned + as well. Images are scanned only as binary if the specified + region does not support image inspection and no file_types + were specified. Image inspection is restricted to 'global', + 'us', 'asia', and 'europe'. + items: + type: string + type: array + filesLimitPercent: + description: Limits the number of files to scan to this + percentage of the input FileSet. Number of files scanned + is rounded down. Must be between 0 and 100, inclusively. + Both 0 and 100 means no limit. Defaults to 0. + format: int64 + type: integer + sampleMethod: + description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, + TOP, RANDOM_START' + type: string + type: object + datastoreOptions: + description: Google Cloud Datastore options. + properties: + kind: + description: The kind to process. + properties: + name: + description: The name of the kind. + type: string + type: object + partitionId: + description: A partition ID identifies a grouping of entities. + The grouping is always by project namespace ID may be + empty. + properties: + namespaceId: + description: If not empty, the ID of the namespace + to which the entities belong. + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The ID of the project to which the entities belong. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + hybridOptions: + description: Hybrid inspection options. + properties: + description: + description: A short description of where the data is + coming from. Will be stored once in the job. 256 max + length. + type: string + labels: + additionalProperties: + type: string + description: 'To organize findings, these labels will + be added to each finding. Label keys must be between + 1 and 63 characters long and must conform to the following + regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. Label + values must be between 0 and 63 characters long and + must conform to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. + No more than 10 labels can be associated with a given + finding. Examples: * `"environment" : "production"` + * `"pipeline" : "etl"`' + type: object + requiredFindingLabelKeys: + description: 'These are labels that each inspection request + must include within their ''finding_labels'' map. Request + may contain others, but any missing one of these will + be rejected. Label keys must be between 1 and 63 characters + long and must conform to the following regular expression: + `[a-z]([-a-z0-9]*[a-z0-9])?`. No more than 10 keys can + be required.' + items: + type: string + type: array + tableOptions: + description: If the container is a table, additional information + to make findings meaningful such as the columns that + are primary keys. + properties: + identifyingFields: + description: The columns that are the primary keys + for table objects included in ContentItem. A copy + of this cell's value will stored alongside alongside + each finding so that the finding can be traced to + the specific row it came from. No more than 3 may + be provided. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + type: object + type: object + timespanConfig: + properties: + enableAutoPopulationOfTimespanConfig: + description: When the job is started by a JobTrigger we + will automatically figure out a valid start_time to + avoid scanning files that have not been modified since + the last time the JobTrigger executed. This will be + based on the time of the execution of the last run of + the JobTrigger. + type: boolean + endTime: + description: Exclude files, tables, or rows newer than + this value. If not set, no upper time limit is applied. + format: date-time + type: string + startTime: + description: Exclude files, tables, or rows older than + this value. If not set, no lower time limit is applied. + format: date-time + type: string + timestampField: + description: 'Specification of the field containing the + timestamp of scanned items. Used for data sources like + Datastore and BigQuery. For BigQuery: If this value + is not specified and the table was modified between + the given start and end times, the entire table will + be scanned. If this value is specified, then rows are + filtered based on the given start and end times. Rows + with a `NULL` value in the provided BigQuery column + are skipped. Valid data types of the provided BigQuery + column are: `INTEGER`, `DATE`, `TIMESTAMP`, and `DATETIME`. + For Datastore: If this value is specified, then entities + are filtered based on the given start and end times. + If an entity does not contain the provided timestamp + property or contains empty or invalid values, then it + is included. Valid data types of the provided timestamp + property are: `TIMESTAMP`.' + properties: + name: + description: Name describing the field. + type: string + type: object + type: object + type: object + required: + - storageConfig + type: object + location: + description: Immutable. The location of the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + status: + description: 'Immutable. Required. A status for this trigger. Possible + values: STATUS_UNSPECIFIED, HEALTHY, PAUSED, CANCELLED' + type: string + triggers: + description: A list of triggers which will be OR'ed together. Only + one in the list needs to trigger for a job to be started. The list + may contain only a single Schedule trigger and must have at least + one object. + items: + properties: + manual: + description: For use with hybrid jobs. Jobs must be manually + created and finished. + type: object + x-kubernetes-preserve-unknown-fields: true + schedule: + description: Create a job on a repeating basis based on the + elapse of time. + properties: + recurrencePeriodDuration: + description: 'With this option a job is started a regular + periodic basis. For example: every day (86400 seconds). + A scheduled start time will be skipped if the previous + execution has not ended when its scheduled time occurs. + This value must be set to a time duration greater than + or equal to 1 day and can be no longer than 60 days.' + type: string + type: object + type: object + type: array + required: + - inspectJob + - projectRef + - status + - triggers + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of a triggeredJob. + format: date-time + type: string + errors: + description: Output only. A stream of errors encountered when the + trigger was activated. Repeated errors may result in the JobTrigger + automatically being paused. Will return the last 100 errors. Whenever + the JobTrigger is modified this list will be cleared. + items: + properties: + details: + description: Detailed error codes and messages. + properties: + code: + description: The status code, which should be an enum value + of google.rpc.Code. + format: int64 + type: integer + details: + description: A list of messages that carry the error details. + There is a common set of message types for APIs to use. + items: + properties: + typeUrl: + description: 'A URL/resource name that uniquely identifies + the type of the serialized protocol buffer message. + This string must contain at least one "/" character. + The last segment of the URL''s path must represent + the fully qualified name of the type (as in `path/google.protobuf.Duration`). + The name should be in a canonical form (e.g., leading + "." is not accepted). In practice, teams usually + precompile into the binary all types that they expect + it to use in the context of Any. However, for URLs + which use the scheme `http`, `https`, or no scheme, + one can optionally set up a type server that maps + type URLs to message definitions as follows: * If + no scheme is provided, `https` is assumed. * An + HTTP GET on the URL must yield a google.protobuf.Type + value in binary format, or produce an error. * Applications + are allowed to cache lookup results based on the + URL, or have them precompiled into a binary to avoid + any lookup. Therefore, binary compatibility needs + to be preserved on changes to types. (Use versioned + type names to manage breaking changes.) Note: this + functionality is not currently available in the + official protobuf release, and it is not used for + type URLs beginning with type.googleapis.com. Schemes + other than `http`, `https` (or the empty scheme) + might be used with implementation specific semantics.' + type: string + value: + description: Must be a valid serialized protocol buffer + of the above specified type. + type: string + type: object + type: array + message: + description: A developer-facing error message, which should + be in English. Any user-facing error message should be + localized and sent in the google.rpc.Status.details field, + or localized by the client. + type: string + type: object + timestamps: + description: The times the error occurred. + items: + format: date-time + type: string + type: array + type: object + type: array + lastRunTime: + description: Output only. The timestamp of the last time this trigger + executed. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of a triggeredJob. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpstoredinfotypes.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPStoredInfoType + plural: dlpstoredinfotypes + shortNames: + - gcpdlpstoredinfotype + - gcpdlpstoredinfotypes + singular: dlpstoredinfotype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - organizationRef + - required: + - projectRef + properties: + description: + description: Description of the StoredInfoType (max 256 characters). + type: string + dictionary: + description: Store dictionary-based CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in Cloud Storage. + Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path (no wildcards) + in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + required: + - path + type: object + wordList: + description: List of words or phrases to search for. + properties: + words: + description: Words or phrases defining the dictionary. The + dictionary must contain at least one phrase and every phrase + must contain at least 2 characters that are letters or digits. + [required] + items: + type: string + type: array + required: + - words + type: object + type: object + displayName: + description: Display name of the StoredInfoType (max 256 characters). + type: string + largeCustomDictionary: + description: StoredInfoType where findings are defined by a dictionary + of phrases. + properties: + bigQueryField: + description: Field in a BigQuery table where each cell represents + a dictionary phrase. + properties: + field: + description: Designated field in the BigQuery table. + properties: + name: + description: Name describing the field. + type: string + type: object + table: + description: Source table of the field. + properties: + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + cloudStorageFileSet: + description: Set of files containing newline-delimited lists of + dictionary phrases. + properties: + url: + description: The url, in the format `gs:///`. Trailing wildcard + in the path is allowed. + type: string + required: + - url + type: object + outputPath: + description: Location to store dictionary artifacts in Google + Cloud Storage. These files will only be accessible by project + owners and the DLP API. If any of these artifacts are modified, + the dictionary is considered invalid and can no longer be used. + properties: + path: + description: 'A url representing a file or path (no wildcards) + in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + required: + - path + type: object + type: object + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + regex: + description: Store regular expression-based StoredInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract as findings. + When not specified, the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. Its syntax + (https://github.com/google/re2/wiki/Syntax) can be found under + the google/re2 repository on GitHub. + type: string + required: + - pattern + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsmanagedzones.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSManagedZone + plural: dnsmanagedzones + shortNames: + - gcpdnsmanagedzone + - gcpdnsmanagedzones + singular: dnsmanagedzone + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cloudLoggingConfig: + description: Cloud logging configuration. + properties: + enableLogging: + description: If set, enable query logging for this ManagedZone. + False by default, making logging opt-in. + type: boolean + required: + - enableLogging + type: object + description: + description: A textual description field. Defaults to 'Managed by + Config Connector'. + type: string + dnsName: + description: Immutable. The DNS name of this managed zone, for instance + "example.com.". + type: string + dnssecConfig: + description: DNSSEC configuration. + properties: + defaultKeySpecs: + description: |- + Specifies parameters that will be used for generating initial DnsKeys + for this ManagedZone. If you provide a spec for keySigning or zoneSigning, + you must also provide one for the other. + default_key_specs can only be updated when the state is 'off'. + items: + properties: + algorithm: + description: 'String mnemonic specifying the DNSSEC algorithm + of this key Possible values: ["ecdsap256sha256", "ecdsap384sha384", + "rsasha1", "rsasha256", "rsasha512"].' + type: string + keyLength: + description: Length of the keys in bits. + type: integer + keyType: + description: |- + Specifies whether this is a key signing key (KSK) or a zone + signing key (ZSK). Key signing keys have the Secure Entry + Point flag set and, when active, will only be used to sign + resource record sets of type DNSKEY. Zone signing keys do + not have the Secure Entry Point flag set and will be used + to sign all other types of resource record sets. Possible values: ["keySigning", "zoneSigning"]. + type: string + kind: + description: Identifies what kind of resource this is. + type: string + type: object + type: array + kind: + description: Identifies what kind of resource this is. + type: string + nonExistence: + description: |- + Specifies the mechanism used to provide authenticated denial-of-existence responses. + non_existence can only be updated when the state is 'off'. Possible values: ["nsec", "nsec3"]. + type: string + state: + description: 'Specifies whether DNSSEC is enabled, and what mode + it is in Possible values: ["off", "on", "transfer"].' + type: string + type: object + forwardingConfig: + description: |- + The presence for this field indicates that outbound forwarding is enabled + for this zone. The value of this field contains the set of destinations + to forward to. + properties: + targetNameServers: + description: |- + List of target name servers to forward to. Cloud DNS will + select the best available name server if more than + one target is given. + items: + properties: + forwardingPath: + description: |- + Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding + decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go + to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. + type: string + ipv4Address: + description: IPv4 address of a target name server. + type: string + required: + - ipv4Address + type: object + type: array + required: + - targetNameServers + type: object + peeringConfig: + description: |- + The presence of this field indicates that DNS Peering is enabled for this + zone. The value of this field contains the network to peer with. + properties: + targetNetwork: + description: The network with which to peer. + properties: + networkRef: + description: VPC network to forward queries to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - networkRef + type: object + required: + - targetNetwork + type: object + privateVisibilityConfig: + description: |- + For privately visible zones, the set of Virtual Private Cloud + resources that the zone is visible from. At least one of 'gke_clusters' or 'networks' must be specified. + properties: + gkeClusters: + description: The list of Google Kubernetes Engine clusters that + can see this zone. + items: + properties: + gkeClusterNameRef: + description: |- + The resource name of the cluster to bind this ManagedZone to. + This should be specified in the format like + 'projects/*/locations/*/clusters/*'. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ContainerCluster` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - gkeClusterNameRef + type: object + type: array + networks: + items: + properties: + networkRef: + description: VPC network to bind to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - networkRef + type: object + type: array + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + reverseLookup: + description: |- + Immutable. Specifies if this is a managed reverse lookup zone. If true, Cloud DNS will resolve reverse + lookup queries using automatically configured records for VPC resources. This only applies + to networks listed under 'private_visibility_config'. + type: boolean + serviceDirectoryConfig: + description: Immutable. The presence of this field indicates that + this zone is backed by Service Directory. The value of this field + contains information related to the namespace associated with the + zone. + properties: + namespace: + description: The namespace associated with the zone. + properties: + namespaceUrl: + description: |- + The fully qualified or partial URL of the service directory namespace that should be + associated with the zone. This should be formatted like + 'https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace_id}' + or simply 'projects/{project}/locations/{location}/namespaces/{namespace_id}' + Ignored for 'public' visibility zones. + type: string + required: + - namespaceUrl + type: object + required: + - namespace + type: object + visibility: + description: |- + Immutable. The zone's visibility: public zones are exposed to the Internet, + while private zones are visible only to Virtual Private Cloud resources. Default value: "public" Possible values: ["private", "public"]. + type: string + required: + - dnsName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTime: + description: |- + The time that this resource was created on the server. + This is in RFC3339 text format. + type: string + managedZoneId: + description: Unique identifier for the resource; defined by the server. + type: integer + nameServers: + description: |- + Delegate your managed_zone to these virtual name servers; + defined by the server. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnspolicies.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSPolicy + plural: dnspolicies + shortNames: + - gcpdnspolicy + - gcpdnspolicies + singular: dnspolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + alternativeNameServerConfig: + description: |- + Sets an alternative name server for the associated networks. + When specified, all DNS queries are forwarded to a name server that you choose. + Names such as .internal are not available when an alternative name server is specified. + properties: + targetNameServers: + description: |- + Sets an alternative name server for the associated networks. When specified, + all DNS queries are forwarded to a name server that you choose. Names such as .internal + are not available when an alternative name server is specified. + items: + properties: + forwardingPath: + description: |- + Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding + decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go + to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. + type: string + ipv4Address: + description: IPv4 address to forward to. + type: string + required: + - ipv4Address + type: object + type: array + required: + - targetNameServers + type: object + description: + description: A textual description field. Defaults to 'Managed by + Config Connector'. + type: string + enableInboundForwarding: + description: |- + Allows networks bound to this policy to receive DNS queries sent + by VMs or applications over VPN connections. When enabled, a + virtual IP address will be allocated from each of the sub-networks + that are bound to this policy. + type: boolean + enableLogging: + description: |- + Controls whether logging is enabled for the networks bound to this policy. + Defaults to no logging if not set. + type: boolean + networks: + description: List of network names specifying networks to which this + policy is applied. + items: + properties: + networkRef: + description: VPC network to bind to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - networkRef + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsrecordsets.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSRecordSet + plural: dnsrecordsets + shortNames: + - gcpdnsrecordset + - gcpdnsrecordsets + singular: dnsrecordset + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - rrdatas + - required: + - rrdatasRefs + - required: + - routingPolicy + properties: + managedZoneRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `DNSManagedZone` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: Immutable. The DNS name this record set will apply to. + type: string + routingPolicy: + description: The configuration for steering traffic based on query. + You can specify either Weighted Round Robin(WRR) type or Geolocation(GEO) + type. + properties: + enableGeoFencing: + description: Specifies whether to enable fencing for geo queries. + type: boolean + geo: + description: The configuration for Geo location based routing + policy. + items: + properties: + healthCheckedTargets: + description: For A and AAAA types only. The list of targets + to be health checked. These can be specified along with + `rrdatas` within this item. + properties: + internalLoadBalancers: + description: The list of internal load balancers to + health check. + items: + properties: + ipAddressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` + field of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipProtocol: + description: 'The configured IP protocol of the + load balancer. This value is case-sensitive. + Possible values: ["tcp", "udp"].' + type: string + loadBalancerType: + description: 'The type of load balancer. This + value is case-sensitive. Possible values: ["regionalL4ilb", + "regionalL7ilb", "globalL7ilb"].' + type: string + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + port: + description: The configured port of the load balancer. + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field + of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + regionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `location` + field of a `ComputeForwardingRule` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - ipAddressRef + - ipProtocol + - loadBalancerType + - networkRef + - port + - projectRef + type: object + type: array + required: + - internalLoadBalancers + type: object + location: + description: The location name defined in Google Cloud. + type: string + rrdatasRefs: + items: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of + a `ComputeAddress` resource.' + type: string + kind: + description: 'Kind of the referent. Allowed values: + ComputeAddress' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - location + type: object + type: array + primaryBackup: + description: The configuration for a primary-backup policy with + global to regional failover. Queries are responded to with the + global primary targets, but if none of the primary targets are + healthy, then we fallback to a regional failover policy. + properties: + backupGeo: + description: The backup geo targets, which provide a regional + failover policy for the otherwise global primary targets. + items: + properties: + healthCheckedTargets: + description: For A and AAAA types only. The list of + targets to be health checked. These can be specified + along with `rrdatas` within this item. + properties: + internalLoadBalancers: + description: The list of internal load balancers + to health check. + items: + properties: + ipAddressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` + field of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipProtocol: + description: 'The configured IP protocol of + the load balancer. This value is case-sensitive. + Possible values: ["tcp", "udp"].' + type: string + loadBalancerType: + description: 'The type of load balancer. This + value is case-sensitive. Possible values: + ["regionalL4ilb", "regionalL7ilb", "globalL7ilb"].' + type: string + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + port: + description: The configured port of the load + balancer. + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` + field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + regionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `location` + field of a `ComputeForwardingRule` resource.' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - ipAddressRef + - ipProtocol + - loadBalancerType + - networkRef + - port + - projectRef + type: object + type: array + required: + - internalLoadBalancers + type: object + location: + description: The location name defined in Google Cloud. + type: string + rrdatasRefs: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field + of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - location + type: object + type: array + enableGeoFencingForBackups: + description: Specifies whether to enable fencing for backup + geo queries. + type: boolean + primary: + description: The list of global primary targets to be health + checked. + properties: + internalLoadBalancers: + description: The list of internal load balancers to health + check. + items: + properties: + ipAddressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field + of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipProtocol: + description: 'The configured IP protocol of the + load balancer. This value is case-sensitive. Possible + values: ["tcp", "udp"].' + type: string + loadBalancerType: + description: 'The type of load balancer. This value + is case-sensitive. Possible values: ["regionalL4ilb", + "regionalL7ilb", "globalL7ilb"].' + type: string + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + port: + description: The configured port of the load balancer. + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field + of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + regionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `location` + field of a `ComputeForwardingRule` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - ipAddressRef + - ipProtocol + - loadBalancerType + - networkRef + - port + - projectRef + type: object + type: array + required: + - internalLoadBalancers + type: object + trickleRatio: + description: Specifies the percentage of traffic to send to + the backup targets even when the primary targets are healthy. + type: number + required: + - backupGeo + - primary + type: object + wrr: + description: The configuration for Weighted Round Robin based + routing policy. + items: + properties: + healthCheckedTargets: + description: The list of targets to be health checked. Note + that if DNSSEC is enabled for this zone, only one of `rrdatas` + or `health_checked_targets` can be set. + properties: + internalLoadBalancers: + description: The list of internal load balancers to + health check. + items: + properties: + ipAddressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` + field of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipProtocol: + description: 'The configured IP protocol of the + load balancer. This value is case-sensitive. + Possible values: ["tcp", "udp"].' + type: string + loadBalancerType: + description: 'The type of load balancer. This + value is case-sensitive. Possible values: ["regionalL4ilb", + "regionalL7ilb", "globalL7ilb"].' + type: string + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + port: + description: The configured port of the load balancer. + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field + of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + regionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `location` + field of a `ComputeForwardingRule` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - ipAddressRef + - ipProtocol + - loadBalancerType + - networkRef + - port + - projectRef + type: object + type: array + required: + - internalLoadBalancers + type: object + rrdatasRefs: + items: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of + a `ComputeAddress` resource.' + type: string + kind: + description: 'Kind of the referent. Allowed values: + ComputeAddress' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + weight: + description: The ratio of traffic routed to the target. + type: number + required: + - weight + type: object + type: array + type: object + rrdatas: + description: DEPRECATED. Although this field is still available, there + is limited support. We recommend that you use `spec.rrdatasRefs` + instead. + items: + type: string + type: array + rrdatasRefs: + items: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + kind: + description: 'Kind of the referent. Allowed values: ComputeAddress' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + ttl: + description: The time-to-live of this record set (seconds). + type: integer + type: + description: The DNS record set type. + type: string + required: + - managedZoneRef + - name + - type + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsresponsepolicies.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSResponsePolicy + plural: dnsresponsepolicies + shortNames: + - gcpdnsresponsepolicy + - gcpdnsresponsepolicies + singular: dnsresponsepolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the response policy, such as 'My new + response policy'. + type: string + gkeClusters: + description: The list of Google Kubernetes Engine clusters that can + see this zone. + items: + properties: + gkeClusterName: + description: |- + The resource name of the cluster to bind this ManagedZone to. + This should be specified in the format like + 'projects/*/locations/*/clusters/*'. + type: string + required: + - gkeClusterName + type: object + type: array + networks: + description: The list of network names specifying networks to which + this policy is applied. + items: + properties: + networkUrl: + description: |- + The fully qualified URL of the VPC network to bind to. + This should be formatted like + 'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'. + type: string + required: + - networkUrl + type: object + type: array + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The responsePolicyName of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsresponsepolicyrules.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSResponsePolicyRule + plural: dnsresponsepolicyrules + shortNames: + - gcpdnsresponsepolicyrule + - gcpdnsresponsepolicyrules + singular: dnsresponsepolicyrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + behavior: + description: Answer this query with a behavior rather than DNS data. + Acceptable values are 'behaviorUnspecified', and 'bypassResponsePolicy'. + type: string + dnsName: + description: The DNS name (wildcard or exact) to apply this rule to. + Must be unique within the Response Policy Rule. + type: string + localData: + description: |- + Answer this query directly with DNS data. These ResourceRecordSets override any other DNS behavior for the matched name; + in particular they override private zones, the public internet, and GCP internal DNS. No SOA nor NS types are allowed. + properties: + localDatas: + description: All resource record sets for this selector, one per + resource record type. The name must match the dns_name. + items: + properties: + name: + description: For example, www.example.com. + type: string + rrdatas: + description: As defined in RFC 1035 (section 5) and RFC + 1034 (section 3.6.1). + items: + type: string + type: array + ttl: + description: |- + Number of seconds that this ResourceRecordSet can be cached by + resolvers. + type: integer + type: + description: 'One of valid DNS resource types. Possible + values: ["A", "AAAA", "CAA", "CNAME", "DNSKEY", "DS", + "HTTPS", "IPSECVPNKEY", "MX", "NAPTR", "NS", "PTR", "SOA", + "SPF", "SRV", "SSHFP", "SVCB", "TLSA", "TXT"].' + type: string + required: + - name + - type + type: object + type: array + required: + - localDatas + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The ruleName of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + responsePolicy: + description: Identifies the response policy addressed by this request. + type: string + required: + - dnsName + - projectRef + - responsePolicy + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: documentaiprocessordefaultversions.documentai.cnrm.cloud.google.com +spec: + group: documentai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DocumentAIProcessorDefaultVersion + plural: documentaiprocessordefaultversions + shortNames: + - gcpdocumentaiprocessordefaultversion + - gcpdocumentaiprocessordefaultversions + singular: documentaiprocessordefaultversion + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + resourceID: + description: Immutable. Optional. The processor of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + version: + description: |- + Immutable. The version to set. Using 'stable' or 'rc' will cause the API to return the latest version in that release channel. + Apply 'lifecycle.ignore_changes' to the 'version' field to suppress this diff. + type: string + required: + - version + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: documentaiprocessors.documentai.cnrm.cloud.google.com +spec: + group: documentai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DocumentAIProcessor + plural: documentaiprocessors + shortNames: + - gcpdocumentaiprocessor + - gcpdocumentaiprocessors + singular: documentaiprocessor + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Immutable. The display name. Must be unique. + type: string + kmsKeyName: + description: Immutable. The KMS key used for encryption/decryption + in CMEK scenarios. See https://cloud.google.com/security-key-management. + type: string + location: + description: Immutable. The location of the resource. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: + description: Immutable. The type of processor. For possible types + see the [official list](https://cloud.google.com/document-ai/docs/reference/rest/v1/projects.locations/fetchProcessorTypes#google.cloud.documentai.v1.DocumentProcessorService.FetchProcessorTypes). + type: string + required: + - displayName + - location + - projectRef + - type + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The resource name of the processor. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: edgecontainerclusters.edgecontainer.cnrm.cloud.google.com +spec: + group: edgecontainer.cnrm.cloud.google.com + names: + categories: + - gcp + kind: EdgeContainerCluster + plural: edgecontainerclusters + shortNames: + - gcpedgecontainercluster + - gcpedgecontainerclusters + singular: edgecontainercluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + authorization: + description: Immutable. RBAC policy that will be applied and managed + by GEC. + properties: + adminUsers: + description: |- + User that will be granted the cluster-admin role on the cluster, providing + full access to the cluster. Currently, this is a singular field, but will + be expanded to allow multiple admins in the future. + properties: + usernameRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - usernameRef + type: object + required: + - adminUsers + type: object + controlPlane: + description: The configuration of the cluster control plane. + properties: + local: + description: Immutable. Local control plane configuration. + properties: + machineFilter: + description: |- + Only machines matching this filter will be allowed to host control + plane nodes. The filtering language accepts strings like "name=", + and is documented here: [AIP-160](https://google.aip.dev/160). + type: string + nodeCount: + description: |- + The number of nodes to serve as replicas of the Control Plane. + Only 1 and 3 are supported. + type: integer + nodeLocation: + description: |- + Immutable. Name of the Google Distributed Cloud Edge zones where this node pool + will be created. For example: 'us-central1-edge-customer-a'. + type: string + sharedDeploymentPolicy: + description: 'Policy configuration about how user applications + are deployed. Possible values: ["SHARED_DEPLOYMENT_POLICY_UNSPECIFIED", + "ALLOWED", "DISALLOWED"].' + type: string + type: object + remote: + description: Immutable. Remote control plane configuration. + properties: + nodeLocation: + description: |- + Immutable. Name of the Google Distributed Cloud Edge zones where this node pool + will be created. For example: 'us-central1-edge-customer-a'. + type: string + type: object + type: object + controlPlaneEncryption: + description: |- + Remote control plane disk encryption options. This field is only used when + enabling CMEK support. + properties: + kmsKeyActiveVersion: + description: |- + The Cloud KMS CryptoKeyVersion currently in use for protecting control + plane disks. Only applicable if kms_key is set. + type: string + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyState: + description: |- + Availability of the Cloud KMS CryptoKey. If not 'KEY_AVAILABLE', then + nodes may go offline as they cannot access their local data. This can be + caused by a lack of permissions to use the key, or if the key is disabled + or deleted. + type: string + kmsStatus: + description: |- + Error status returned by Cloud KMS when using this key. This field may be + populated only if 'kms_key_state' is not 'KMS_KEY_STATE_KEY_AVAILABLE'. + If populated, this field contains the error status reported by Cloud KMS. + items: + properties: + code: + description: The status code, which should be an enum value + of google.rpc.Code. + type: integer + message: + description: A developer-facing error message, which should + be in English. Any user-facing error message should be + localized and sent in the google.rpc.Status.details field, + or localized by the client. + type: string + type: object + type: array + type: object + defaultMaxPodsPerNode: + description: |- + The default maximum number of pods per node used if a maximum value is not + specified explicitly for a node pool in this cluster. If unspecified, the + Kubernetes default value will be used. + type: integer + externalLoadBalancerIpv4AddressPools: + description: Address pools for cluster data plane external load balancing. + items: + type: string + type: array + fleet: + description: |- + Immutable. Fleet related configuration. + Fleets are a Google Cloud concept for logically organizing clusters, + letting you use and manage multi-cluster capabilities and apply + consistent policies across your systems. + properties: + membership: + description: |- + The name of the managed Hub Membership resource associated to this cluster. + Membership names are formatted as + 'projects//locations/global/membership/'. + type: string + projectRef: + description: The number of the Fleet host project where this cluster + will be registered. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{value}}`, + where {{value}} is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + type: object + location: + description: Immutable. The location of the resource. + type: string + maintenancePolicy: + description: Cluster-wide maintenance policy configuration. + properties: + window: + description: Specifies the maintenance window in which maintenance + may be performed. + properties: + recurringWindow: + description: Represents an arbitrary window of time that recurs. + properties: + recurrence: + description: |- + An RRULE (https://tools.ietf.org/html/rfc5545#section-3.8.5.3) for how + this window recurs. They go on for the span of time between the start and + end time. + type: string + window: + description: Represents an arbitrary window of time. + properties: + endTime: + description: |- + The time that the window ends. The end time must take place after the + start time. + type: string + startTime: + description: The time that the window first starts. + type: string + type: object + type: object + required: + - recurringWindow + type: object + required: + - window + type: object + networking: + description: |- + Fleet related configuration. + Fleets are a Google Cloud concept for logically organizing clusters, + letting you use and manage multi-cluster capabilities and apply + consistent policies across your systems. + properties: + clusterIpv4CidrBlocks: + description: |- + Immutable. All pods in the cluster are assigned an RFC1918 IPv4 address from these + blocks. Only a single block is supported. This field cannot be changed + after creation. + items: + type: string + type: array + clusterIpv6CidrBlocks: + description: |- + Immutable. If specified, dual stack mode is enabled and all pods in the cluster are + assigned an IPv6 address from these blocks alongside from an IPv4 + address. Only a single block is supported. This field cannot be changed + after creation. + items: + type: string + type: array + networkType: + description: IP addressing type of this cluster i.e. SINGLESTACK_V4 + vs DUALSTACK_V4_V6. + type: string + servicesIpv4CidrBlocks: + description: |- + Immutable. All services in the cluster are assigned an RFC1918 IPv4 address from these + blocks. Only a single block is supported. This field cannot be changed + after creation. + items: + type: string + type: array + servicesIpv6CidrBlocks: + description: |- + Immutable. If specified, dual stack mode is enabled and all services in the cluster are + assigned an IPv6 address from these blocks alongside from an IPv4 + address. Only a single block is supported. This field cannot be changed + after creation. + items: + type: string + type: array + required: + - clusterIpv4CidrBlocks + - servicesIpv4CidrBlocks + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + releaseChannel: + description: 'The release channel a cluster is subscribed to. Possible + values: ["RELEASE_CHANNEL_UNSPECIFIED", "NONE", "REGULAR"].' + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + systemAddonsConfig: + description: Config that customers are allowed to define for GDCE + system add-ons. + properties: + ingress: + description: |- + Config for the Ingress add-on which allows customers to create an Ingress + object to manage external access to the servers in a cluster. The add-on + consists of istiod and istio-ingress. + properties: + disabled: + description: Whether Ingress is disabled. + type: boolean + ipv4Vip: + description: Ingress VIP. + type: string + type: object + type: object + targetVersion: + description: 'The target cluster version. For example: "1.5.0".' + type: string + required: + - authorization + - fleet + - location + - networking + - projectRef + type: object + status: + properties: + clusterCaCertificate: + description: The PEM-encoded public certificate of the cluster's CA. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + controlPlaneVersion: + description: The control plane release version. + type: string + createTime: + description: The time the cluster was created, in RFC3339 text format. + type: string + endpoint: + description: The IP address of the Kubernetes API server. + type: string + maintenanceEvents: + description: |- + All the maintenance events scheduled for the cluster, including the ones + ongoing, planned for the future and done in the past (up to 90 days). + items: + properties: + createTime: + description: The time when the maintenance event request was + created. + type: string + endTime: + description: |- + The time when the maintenance event ended, either successfully or not. If + the maintenance event is split into multiple maintenance windows, + end_time is only updated when the whole flow ends. + type: string + operation: + description: |- + The operation for running the maintenance event. Specified in the format + projects/*/locations/*/operations/*. If the maintenance event is split + into multiple operations (e.g. due to maintenance windows), the latest + one is recorded. + type: string + schedule: + description: The schedule of the maintenance event. + type: string + startTime: + description: The time when the maintenance event started. + type: string + state: + description: Indicates the maintenance event state. + type: string + targetVersion: + description: The target version of the cluster. + type: string + type: + description: Indicates the maintenance event type. + type: string + updateTime: + description: The time when the maintenance event message was + updated. + type: string + uuid: + description: UUID of the maintenance event. + type: string + type: object + type: array + nodeVersion: + description: |- + The lowest release version among all worker nodes. This field can be empty + if the cluster does not have any worker nodes. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + port: + description: The port number of the Kubernetes API server. + type: integer + status: + description: Indicates the status of the cluster. + type: string + updateTime: + description: The time the cluster was last updated, in RFC3339 text + format. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: edgecontainernodepools.edgecontainer.cnrm.cloud.google.com +spec: + group: edgecontainer.cnrm.cloud.google.com + names: + categories: + - gcp + kind: EdgeContainerNodePool + plural: edgecontainernodepools + shortNames: + - gcpedgecontainernodepool + - gcpedgecontainernodepools + singular: edgecontainernodepool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clusterRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `EdgeContainerCluster` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + localDiskEncryption: + description: Local disk encryption options. This field is only used + when enabling CMEK support. + properties: + kmsKeyActiveVersion: + description: The Cloud KMS CryptoKeyVersion currently in use for + protecting node local disks. Only applicable if kmsKey is set. + type: string + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyState: + description: |- + Availability of the Cloud KMS CryptoKey. If not KEY_AVAILABLE, then nodes may go offline as they cannot access their local data. + This can be caused by a lack of permissions to use the key, or if the key is disabled or deleted. + type: string + type: object + location: + description: Immutable. The location of the resource. + type: string + machineFilter: + description: |- + Only machines matching this filter will be allowed to join the node pool. + The filtering language accepts strings like "name=", and is + documented in more detail in [AIP-160](https://google.aip.dev/160). + type: string + nodeConfig: + description: Configuration for each node in the NodePool. + properties: + labels: + additionalProperties: + type: string + description: '"The Kubernetes node labels".' + type: object + type: object + nodeCount: + description: The number of nodes in the pool. + type: integer + nodeLocation: + description: 'Immutable. Name of the Google Distributed Cloud Edge + zone where this node pool will be created. For example: ''us-central1-edge-customer-a''.' + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - clusterRef + - location + - nodeCount + - nodeLocation + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the node pool was created. + type: string + nodeVersion: + description: The lowest release version among all worker nodes. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: The time when the node pool was last updated. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: edgecontainervpnconnections.edgecontainer.cnrm.cloud.google.com +spec: + group: edgecontainer.cnrm.cloud.google.com + names: + categories: + - gcp + kind: EdgeContainerVpnConnection + plural: edgecontainervpnconnections + shortNames: + - gcpedgecontainervpnconnection + - gcpedgecontainervpnconnections + singular: edgecontainervpnconnection + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clusterRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `EdgeContainerCluster` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + enableHighAvailability: + description: Immutable. Whether this VPN connection has HA enabled + on cluster side. If enabled, when creating VPN connection we will + attempt to use 2 ANG floating IPs. + type: boolean + location: + description: Immutable. Google Cloud Platform location. + type: string + natGatewayIp: + description: |- + Immutable. NAT gateway IP, or WAN IP address. If a customer has multiple NAT IPs, the customer needs to configure NAT such that only one external IP maps to the GMEC Anthos cluster. + This is empty if NAT is not used. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + router: + description: The VPN connection Cloud Router name. + type: string + vpc: + description: Immutable. The network ID of VPC to connect to. + type: string + vpcProject: + description: Project detail of the VPC network. Required if VPC is + in a different project than the cluster project. + properties: + projectId: + description: Immutable. The project of the VPC to connect to. + If not specified, it is the same as the cluster project. + type: string + type: object + required: + - clusterRef + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the VPN connection was created. + type: string + details: + description: A nested object resource. + items: + properties: + cloudRouter: + description: The Cloud Router info. + items: + properties: + name: + description: The associated Cloud Router name. + type: string + type: object + type: array + cloudVpns: + description: Each connection has multiple Cloud VPN gateways. + items: + properties: + gateway: + description: The created Cloud VPN gateway name. + type: string + type: object + type: array + error: + description: The error message. This is only populated when + state=ERROR. + type: string + state: + description: The current connection state. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: The time when the VPN connection was last updated. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: edgenetworknetworks.edgenetwork.cnrm.cloud.google.com +spec: + group: edgenetwork.cnrm.cloud.google.com + names: + categories: + - gcp + kind: EdgeNetworkNetwork + plural: edgenetworknetworks + shortNames: + - gcpedgenetworknetwork + - gcpedgenetworknetworks + singular: edgenetworknetwork + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. A free-text description of the resource. Max + length 1024 characters. + type: string + location: + description: Immutable. The Google Cloud region to which the target + Distributed Cloud Edge zone belongs. + type: string + mtu: + description: 'Immutable. IP (L3) MTU value of the network. Default + value is ''1500''. Possible values are: ''1500'', ''9000''.' + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The networkId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. The name of the target Distributed Cloud Edge + zone. + type: string + required: + - location + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + The time when the subnet was created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'. + type: string + name: + description: |- + The canonical name of this resource, with format + 'projects/{{project}}/locations/{{location}}/zones/{{zone}}/networks/{{network_id}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + The time when the subnet was last updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: edgenetworksubnets.edgenetwork.cnrm.cloud.google.com +spec: + group: edgenetwork.cnrm.cloud.google.com + names: + categories: + - gcp + kind: EdgeNetworkSubnet + plural: edgenetworksubnets + shortNames: + - gcpedgenetworksubnet + - gcpedgenetworksubnets + singular: edgenetworksubnet + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. A free-text description of the resource. Max + length 1024 characters. + type: string + ipv4Cidr: + description: Immutable. The ranges of ipv4 addresses that are owned + by this subnetwork, in CIDR format. + items: + type: string + type: array + ipv6Cidr: + description: Immutable. The ranges of ipv6 addresses that are owned + by this subnetwork, in CIDR format. + items: + type: string + type: array + location: + description: Immutable. The Google Cloud region to which the target + Distributed Cloud Edge zone belongs. + type: string + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `EdgeNetworkNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The subnetId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + vlanId: + description: Immutable. VLAN ID for this subnetwork. If not specified, + one is assigned automatically. + type: integer + zone: + description: Immutable. The name of the target Distributed Cloud Edge + zone. + type: string + required: + - location + - networkRef + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + The time when the subnet was created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'. + type: string + name: + description: |- + The canonical name of this resource, with format + 'projects/{{project}}/locations/{{location}}/zones/{{zone}}/subnets/{{subnet_id}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: Current stage of the resource to the device by config + push. + type: string + updateTime: + description: |- + The time when the subnet was last updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: essentialcontactscontacts.essentialcontacts.cnrm.cloud.google.com +spec: + group: essentialcontacts.cnrm.cloud.google.com + names: + categories: + - gcp + kind: EssentialContactsContact + plural: essentialcontactscontacts + shortNames: + - gcpessentialcontactscontact + - gcpessentialcontactscontacts + singular: essentialcontactscontact + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + email: + description: Immutable. The email address to send notifications to. + This does not need to be a Google account. + type: string + languageTag: + description: The preferred language for notifications, as a ISO 639-1 + language code. See Supported languages for a list of supported languages. + type: string + notificationCategorySubscriptions: + description: The categories of notifications that the contact will + receive communications for. + items: + type: string + type: array + parent: + description: 'Immutable. The resource to save this contact for. Format: + organizations/{organization_id}, folders/{folder_id} or projects/{project_id}.' + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - email + - languageTag + - notificationCategorySubscriptions + - parent + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The identifier for the contact. Format: {resourceType}/{resource_id}/contacts/{contact_id}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: eventarctriggers.eventarc.cnrm.cloud.google.com +spec: + group: eventarc.cnrm.cloud.google.com + names: + categories: + - gcp + kind: EventarcTrigger + plural: eventarctriggers + shortNames: + - gcpeventarctrigger + - gcpeventarctriggers + singular: eventarctrigger + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + channelRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: Optional. The name of the channel associated with + the trigger in `projects/{project}/locations/{location}/channels/{channel}` + format. You must provide a channel to receive events from Eventarc + SaaS partners. + type: string + name: + description: |- + [WARNING] EventarcChannel not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + destination: + description: Required. Destination specifies where the events should + be sent to. + properties: + cloudFunctionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + [WARNING] Configuring a Cloud Function in Trigger is not supported as of today. The Cloud Function resource name. Format: projects/{project}/locations/{location}/functions/{function} + + Allowed value: The Google Cloud resource name of a `CloudFunctionsFunction` resource (format: `projects/{{project}}/locations/{{region}}/functions/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + cloudRunService: + description: Cloud Run fully-managed service that receives the + events. The service should be running in the same project of + the trigger. + properties: + path: + description: 'Optional. The relative path on the Cloud Run + service the events should be sent to. The value must conform + to the definition of URI path segment (section 3.3 of RFC2396). + Examples: "/route", "route", "route/subroute".' + type: string + region: + description: Required. The region the Cloud Run service is + deployed in. + type: string + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the Cloud Run service being addressed. See https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services. Only services located in the same project of the trigger object can be addressed. + + Allowed value: The Google Cloud resource name of a `RunService` resource (format: `projects/{{project}}/locations/{{location}}/services/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + - serviceRef + type: object + gke: + description: A GKE service capable of receiving events. The service + should be running in the same project as the trigger. + properties: + clusterRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the cluster the GKE service is running in. The cluster must be running in the same project as the trigger being created. + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Required. The name of the Google Compute Engine + in which the cluster resides, which can either be compute + zone (for example, us-central1-a) for the zonal clusters + or region (for example, us-central1) for regional clusters. + type: string + namespace: + description: Required. The namespace the GKE service is running + in. + type: string + path: + description: 'Optional. The relative path on the GKE service + the events should be sent to. The value must conform to + the definition of a URI path segment (section 3.3 of RFC2396). + Examples: "/route", "route", "route/subroute".' + type: string + service: + description: Required. Name of the GKE service. + type: string + required: + - clusterRef + - location + - namespace + - service + type: object + httpEndpoint: + description: An HTTP endpoint destination described by an URI. + properties: + uri: + description: 'Required. The URI of the HTTP enpdoint. The + value must be a RFC2396 URI string. Examples: `http://10.10.10.8:80/route`, + `http://svc.us-central1.p.local:8080/`. Only HTTP and HTTPS + protocols are supported. The host can be either a static + IP addressable from the VPC specified by the network config, + or an internal DNS hostname of the service resolvable via + Cloud DNS.' + type: string + required: + - uri + type: object + networkConfig: + description: Optional. Network config is used to configure how + Eventarc resolves and connect to a destination. This should + only be used with HttpEndpoint destination type. + properties: + networkAttachmentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Required. Name of the NetworkAttachment + that allows access to the destination VPC. Format: `projects/{PROJECT_ID}/regions/{REGION}/networkAttachments/{NETWORK_ATTACHMENT_NAME}`' + type: string + name: + description: |- + [WARNING] ComputeNetworkAttachment not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - networkAttachmentRef + type: object + workflowRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'The resource name of the Workflow whose Executions + are triggered by the events. The Workflow resource should + be deployed in the same project as the trigger. Format: + `projects/{project}/locations/{location}/workflows/{workflow}`' + type: string + name: + description: |- + [WARNING] WorkflowsWorkflow not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + eventDataContentType: + description: Optional. EventDataContentType specifies the type of + payload in MIME format that is expected from the CloudEvent data + field. This is set to `application/json` if the value is not defined. + type: string + location: + description: Immutable. The location for the resource + type: string + matchingCriteria: + description: Required. null The list of filters that applies to event + attributes. Only events that match all the provided filters will + be sent to the destination. + items: + properties: + attribute: + description: Required. The name of a CloudEvents attribute. + Currently, only a subset of attributes are supported for filtering. + All triggers MUST provide a filter for the 'type' attribute. + type: string + operator: + description: Optional. The operator used for matching the events + with the value of the filter. If not specified, only events + that have an exact key-value pair specified in the filter + are matched. The only allowed value is `match-path-pattern`. + type: string + value: + description: Required. The value for the attribute. See https://cloud.google.com/eventarc/docs/creating-triggers#trigger-gcloud + for available values. + type: string + required: + - attribute + - value + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The IAM service account email associated with the trigger. The service account represents the identity of the trigger. The principal who calls this API must have `iam.serviceAccounts.actAs` permission in the service account. See https://cloud.google.com/iam/docs/understanding-service-accounts#sa_common for more information. For Cloud Run destinations, this service account is used to generate identity tokens when invoking the service. See https://cloud.google.com/run/docs/triggering/pubsub-push#create-service-account for information on how to invoke authenticated Cloud Run services. In order to create Audit Log triggers, the service account should also have `roles/eventarc.eventReceiver` IAM role. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + transport: + description: Immutable. Optional. In order to deliver messages, Eventarc + may use other GCP products as transport intermediary. This field + contains a reference to that transport intermediary. This information + can be used for debugging purposes. + properties: + pubsub: + description: Immutable. The Pub/Sub topic and subscription used + by Eventarc as delivery intermediary. + properties: + topicRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/topics/{TOPIC_NAME}. You may set an existing topic for triggers of the type google.cloud.pubsub.topic.v1.messagePublished` only. The topic you provide here will not be deleted by Eventarc at trigger deletion. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + required: + - destination + - location + - matchingCriteria + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation time. + format: date-time + type: string + etag: + description: Output only. This checksum is computed by the server + based on the value of other fields, and may be sent only on create + requests to ensure the client has an up-to-date value before proceeding. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + resourceConditions: + additionalProperties: + type: string + description: Output only. The reason(s) why a trigger is in FAILED + state. + type: object + transport: + properties: + pubsub: + properties: + subscription: + description: 'Output only. The name of the Pub/Sub subscription + created and managed by Eventarc system as a transport for + the event delivery. Format: `projects/{PROJECT_ID}/subscriptions/{SUBSCRIPTION_NAME}`.' + type: string + type: object + type: object + uid: + description: Output only. Server assigned unique identifier for the + trigger. The value is a UUID4 string and guaranteed to remain unchanged + until the resource is deleted. + type: string + updateTime: + description: Output only. The last-modified time. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: filestorebackups.filestore.cnrm.cloud.google.com +spec: + group: filestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FilestoreBackup + plural: filestorebackups + shortNames: + - gcpfilestorebackup + - gcpfilestorebackups + singular: filestorebackup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A description of the backup with 2048 characters or less. + Requests with longer descriptions will be rejected. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceFileShare: + description: Immutable. Name of the file share in the source Cloud + Filestore instance that the backup is created from. + type: string + sourceInstanceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The resource name of the source Cloud Filestore instance, in the format projects/{project_number}/locations/{location_id}/instances/{instance_id}, used to create this backup. + + Allowed value: The Google Cloud resource name of a `FilestoreInstance` resource (format: `projects/{{project}}/locations/{{location}}/instances/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - projectRef + - sourceFileShare + - sourceInstanceRef + type: object + status: + properties: + capacityGb: + description: Output only. Capacity of the source file share when the + backup was created. + format: int64 + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when the backup was created. + format: date-time + type: string + downloadBytes: + description: Output only. Amount of bytes that will be downloaded + if the backup is restored. This may be different than storage bytes, + since sequential backups of the same disk will share storage. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + sourceInstanceTier: + description: 'Output only. The service tier of the source Cloud Filestore + instance that this backup is created from. Possible values: TIER_UNSPECIFIED, + STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD' + type: string + state: + description: 'Output only. The backup state. Possible values: STATE_UNSPECIFIED, + CREATING, READY, REPAIRING, DELETING, ERROR, RESTORING' + type: string + storageBytes: + description: Output only. The size of the storage used by the backup. + As backups share storage, this number is expected to change with + backup creation/deletion. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: filestoreinstances.filestore.cnrm.cloud.google.com +spec: + group: filestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FilestoreInstance + plural: filestoreinstances + shortNames: + - gcpfilestoreinstance + - gcpfilestoreinstances + singular: filestoreinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the instance (2048 characters or less). + type: string + fileShares: + description: File system shares on the instance. For this version, + only a single file share is supported. + items: + properties: + capacityGb: + description: File share capacity in gigabytes (GB). Cloud Filestore + defines 1 GB as 1024^3 bytes. + format: int64 + type: integer + name: + description: The name of the file share (must be 16 characters + or less). + type: string + nfsExportOptions: + description: Nfs Export Options. There is a limit of 10 export + options per file share. + items: + properties: + accessMode: + description: 'Either READ_ONLY, for allowing only read + requests on the exported directory, or READ_WRITE, for + allowing both read and write requests. The default is + READ_WRITE. Possible values: ACCESS_MODE_UNSPECIFIED, + READ_ONLY, READ_WRITE' + type: string + anonGid: + description: An integer representing the anonymous group + id with a default value of 65534. Anon_gid may only + be set with squash_mode of ROOT_SQUASH. An error will + be returned if this field is specified for other squash_mode + settings. + format: int64 + type: integer + anonUid: + description: An integer representing the anonymous user + id with a default value of 65534. Anon_uid may only + be set with squash_mode of ROOT_SQUASH. An error will + be returned if this field is specified for other squash_mode + settings. + format: int64 + type: integer + ipRanges: + description: List of either an IPv4 addresses in the format + `{octet1}.{octet2}.{octet3}.{octet4}` or CIDR ranges + in the format `{octet1}.{octet2}.{octet3}.{octet4}/{mask + size}` which may mount the file share. Overlapping IP + ranges are not allowed, both within and across NfsExportOptions. + An error will be returned. The limit is 64 IP ranges/addresses + for each FileShareConfig among all NfsExportOptions. + items: + type: string + type: array + squashMode: + description: 'Either NO_ROOT_SQUASH, for allowing root + access on the exported directory, or ROOT_SQUASH, for + not allowing root access. The default is NO_ROOT_SQUASH. + Possible values: SQUASH_MODE_UNSPECIFIED, NO_ROOT_SQUASH, + ROOT_SQUASH' + type: string + type: object + type: array + sourceBackupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The resource name of the backup, in the format `projects/{project_number}/locations/{location_id}/backups/{backup_id}`, that this file share has been restored from. + + Allowed value: The Google Cloud resource name of a `FilestoreBackup` resource (format: `projects/{{project}}/locations/{{location}}/backups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + networks: + description: Immutable. VPC networks to which the instance is connected. + For this version, only a single network is supported. + items: + properties: + ipAddresses: + description: Immutable. Output only. IPv4 addresses in the format + `{octet1}.{octet2}.{octet3}.{octet4}` or IPv6 addresses in + the format `{block1}:{block2}:{block3}:{block4}:{block5}:{block6}:{block7}:{block8}`. + items: + type: string + type: array + modes: + description: Immutable. Internet protocol versions for which + the instance has IP addresses assigned. For this version, + only MODE_IPV4 is supported. + items: + type: string + type: array + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of the Google Compute Engine [VPC network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected. + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + reservedIPRange: + description: Immutable. A /29 CIDR block in one of the [internal + IP address ranges](https://www.arin.net/reference/research/statistics/address_filters/) + that identifies the range of IP addresses reserved for this + instance. For example, 10.0.0.0/29 or 192.168.0.0/29. The + range you specify can't overlap with either existing subnets + or assigned IP address ranges for other Cloud Filestore instances + in the selected VPC network. + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tier: + description: 'Immutable. The service tier of the instance. Possible + values: TIER_UNSPECIFIED, STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, + HIGH_SCALE_SSD, ENTERPRISE' + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when the instance was created. + format: date-time + type: string + etag: + description: Server-specified ETag for the instance resource to prevent + simultaneous updates from overwriting each other. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The instance state. Possible values: STATE_UNSPECIFIED, + CREATING, READY, REPAIRING, DELETING, ERROR' + type: string + statusMessage: + description: Output only. Additional information about the instance + state, if available. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: filestoresnapshots.filestore.cnrm.cloud.google.com +spec: + group: filestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FilestoreSnapshot + plural: filestoresnapshots + shortNames: + - gcpfilestoresnapshot + - gcpfilestoresnapshots + singular: filestoresnapshot + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A description of the snapshot with 2048 characters or + less. Requests with longer descriptions will be rejected. + type: string + instance: + description: Immutable. The resource name of the filestore instance. + type: string + location: + description: Immutable. The name of the location of the instance. + This can be a region for ENTERPRISE tier instances. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - instance + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the snapshot was created in RFC3339 text + format. + type: string + filesystemUsedBytes: + description: The amount of bytes needed to allocate a full copy of + the snapshot content. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The snapshot state. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebaseandroidapps.firebase.cnrm.cloud.google.com +spec: + group: firebase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseAndroidApp + plural: firebaseandroidapps + shortNames: + - gcpfirebaseandroidapp + - gcpfirebaseandroidapps + singular: firebaseandroidapp + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + apiKeyId: + description: |- + The globally unique, Google-assigned identifier (UID) for the Firebase API key associated with the AndroidApp. + If apiKeyId is not set during creation, then Firebase automatically associates an apiKeyId with the AndroidApp. + This auto-associated key may be an existing valid key or, if no valid key exists, a new one will be provisioned. + type: string + deletionPolicy: + type: string + displayName: + description: The user-assigned display name of the AndroidApp. + type: string + packageName: + description: |- + Immutable. The canonical package name of the Android app as would appear in the Google Play + Developer Console. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated appId of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + sha1Hashes: + description: The SHA1 certificate hashes for the AndroidApp. + items: + type: string + type: array + sha256Hashes: + description: The SHA256 certificate hashes for the AndroidApp. + items: + type: string + type: array + required: + - displayName + - projectRef + type: object + status: + properties: + appId: + description: |- + The globally unique, Firebase-assigned identifier of the AndroidApp. + This identifier should be treated as an opaque token, as the data format is not specified. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: |- + This checksum is computed by the server based on the value of other fields, and it may be sent + with update requests to ensure the client has an up-to-date value before proceeding. + type: string + name: + description: |- + The fully qualified resource name of the AndroidApp, for example: + projects/projectId/androidApps/appId. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasedatabaseinstances.firebasedatabase.cnrm.cloud.google.com +spec: + group: firebasedatabase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseDatabaseInstance + plural: firebasedatabaseinstances + shortNames: + - gcpfirebasedatabaseinstance + - gcpfirebasedatabaseinstances + singular: firebasedatabaseinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + desiredState: + description: The intended database state. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: |- + Immutable. A reference to the region where the Firebase Realtime database resides. + Check all [available regions](https://firebase.google.com/docs/projects/locations#rtdb-locations). + type: string + resourceID: + description: Immutable. Optional. The instanceId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The database type. + Each project can create one default Firebase Realtime Database, which cannot be deleted once created. + Creating user Databases is only available for projects on the Blaze plan. + Projects can be upgraded using the Cloud Billing API https://cloud.google.com/billing/reference/rest/v1/projects/updateBillingInfo. Default value: "USER_DATABASE" Possible values: ["DEFAULT_DATABASE", "USER_DATABASE"]. + type: string + required: + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + databaseUrl: + description: |- + The database URL in the form of https://{instance-id}.firebaseio.com for us-central1 instances + or https://{instance-id}.{region}.firebasedatabase.app in other regions. + type: string + name: + description: |- + The fully-qualified resource name of the Firebase Realtime Database, in the + format: projects/PROJECT_NUMBER/locations/REGION_IDENTIFIER/instances/INSTANCE_ID + PROJECT_NUMBER: The Firebase project's ['ProjectNumber'](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_number) + Learn more about using project identifiers in Google's [AIP 2510 standard](https://google.aip.dev/cloud/2510). + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The current database state. Set desired_state to :DISABLED + to disable the database and :ACTIVE to reenable the database. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasehostingchannels.firebasehosting.cnrm.cloud.google.com +spec: + group: firebasehosting.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseHostingChannel + plural: firebasehostingchannels + shortNames: + - gcpfirebasehostingchannel + - gcpfirebasehostingchannels + singular: firebasehostingchannel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + expireTime: + description: |- + The time at which the channel will be automatically deleted. If null, the channel + will not be automatically deleted. This field is present in the output whether it's + set directly or via the 'ttl' field. + type: string + resourceID: + description: Immutable. Optional. The channelId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retainedReleaseCount: + description: |- + The number of previous releases to retain on the channel for rollback or other + purposes. Must be a number between 1-100. Defaults to 10 for new channels. + type: integer + siteId: + description: Immutable. Required. The ID of the site in which to create + this channel. + type: string + ttl: + description: |- + Immutable. Input only. A time-to-live for this channel. Sets 'expire_time' to the provided + duration past the time of the request. A duration in seconds with up to nine fractional + digits, terminated by 's'. Example: "86400s" (one day). + type: string + required: + - siteId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The fully-qualified resource name for the channel, in the format: + sites/SITE_ID/channels/CHANNEL_ID. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasehostingsites.firebasehosting.cnrm.cloud.google.com +spec: + group: firebasehosting.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseHostingSite + plural: firebasehostingsites + shortNames: + - gcpfirebasehostingsite + - gcpfirebasehostingsites + singular: firebasehostingsite + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + appId: + description: |- + Optional. The [ID of a Web App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.webApps#WebApp.FIELDS.app_id) + associated with the Hosting site. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The siteId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + defaultUrl: + description: The default URL for the site in the form of https://{name}.web.app. + type: string + name: + description: |- + Output only. The fully-qualified resource name of the Hosting site, in the + format: projects/PROJECT_IDENTIFIER/sites/SITE_ID PROJECT_IDENTIFIER: the + Firebase project's + ['ProjectNumber'](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_number) ***(recommended)*** or its + ['ProjectId'](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_id). + Learn more about using project identifiers in Google's + [AIP 2510 standard](https://google.aip.dev/cloud/2510). + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebaseprojects.firebase.cnrm.cloud.google.com +spec: + group: firebase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseProject + plural: firebaseprojects + shortNames: + - gcpfirebaseproject + - gcpfirebaseprojects + singular: firebaseproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The project of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + displayName: + description: The GCP project display name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + projectNumber: + description: The number of the google project that firebase is enabled + on. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasestoragebuckets.firebasestorage.cnrm.cloud.google.com +spec: + group: firebasestorage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseStorageBucket + plural: firebasestoragebuckets + shortNames: + - gcpfirebasestoragebucket + - gcpfirebasestoragebuckets + singular: firebasestoragebucket + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The bucketId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: Resource name of the bucket in the format projects/PROJECT_IDENTIFIER/buckets/BUCKET_ID. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasewebapps.firebase.cnrm.cloud.google.com +spec: + group: firebase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseWebApp + plural: firebasewebapps + shortNames: + - gcpfirebasewebapp + - gcpfirebasewebapps + singular: firebasewebapp + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + apiKeyId: + description: |- + The globally unique, Google-assigned identifier (UID) for the Firebase API key associated with the WebApp. + If apiKeyId is not set during creation, then Firebase automatically associates an apiKeyId with the WebApp. + This auto-associated key may be an existing valid key or, if no valid key exists, a new one will be provisioned. + type: string + deletionPolicy: + type: string + displayName: + description: The user-assigned display name of the App. + type: string + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + type: object + status: + properties: + appId: + description: |- + The globally unique, Firebase-assigned identifier of the App. + This identifier should be treated as an opaque token, as the data format is not specified. + type: string + appUrls: + description: The URLs where the 'WebApp' is hosted. + items: + type: string + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The fully qualified resource name of the App, for example: + projects/projectId/webApps/appId. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: firestoredatabases.firestore.cnrm.cloud.google.com +spec: + group: firestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirestoreDatabase + listKind: FirestoreDatabaseList + plural: firestoredatabases + singular: firestoredatabase + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: FirestoreDatabase is the Schema for the FirestoreDatabase API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FirestoreDatabaseSpec defines the desired state of FirestoreDatabase + properties: + concurrencyMode: + description: The concurrency control mode to use for this database. + See https://cloud.google.com/firestore/docs/reference/rest/v1/projects.databases#concurrencymode + for more info. + type: string + locationID: + description: The location of the database. Available locations are + listed at https://cloud.google.com/firestore/docs/locations. + type: string + pointInTimeRecoveryEnablement: + description: Whether to enable the PITR feature on this database. + See https://cloud.google.com/firestore/docs/reference/rest/v1/projects.databases#pointintimerecoveryenablement + for more info. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: The FirestoreDatabase name. If not given, the metadata.name + will be used. + type: string + required: + - projectRef + type: object + status: + description: FirestoreDatabaseStatus defines the config connector machine + state of FirestoreDatabase + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the FirestoreDatabase resource + in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + createTime: + description: Output only. The timestamp at which this database + was created. Databases created before 2016 do not populate create_time. + type: string + earliestVersionTime: + description: |- + Output only. The earliest timestamp at which older versions of the data can + be read from the database. See [version_retention_period] above; this field + is populated with `now - version_retention_period`. + + This value is continuously updated, and becomes stale the moment it is + queried. If you are using this value to recover data, make sure to account + for the time from the moment when the value is queried to the moment when + you initiate the recovery. + type: string + etag: + description: This checksum is computed by the server based on + the value of other fields, and may be sent on update and delete + requests to ensure the client has an up-to-date value before + proceeding. + type: string + keyPrefix: + description: |- + Output only. The key_prefix for this database. This key_prefix is used, in + combination with the project id ("~") to construct + the application id that is returned from the Cloud Datastore APIs in Google + App Engine first generation runtimes. + + This value may be empty in which case the appid to use for URL-encoded keys + is the project_id (eg: foo instead of v~foo). + type: string + uid: + description: Output only. The system-generated UUID4 for this + Database. + type: string + updateTime: + description: Output only. The timestamp at which this database + was most recently updated. Note this only includes updates to + the database resource and not data contained by the database. + type: string + versionRetentionPeriod: + description: |- + Output only. The period during which past versions of data are retained in + the database. + + Any [read][google.firestore.v1.GetDocumentRequest.read_time] + or [query][google.firestore.v1.ListDocumentsRequest.read_time] can specify + a `read_time` within this window, and will read the state of the database + at that time. + + If the PITR feature is enabled, the retention period is 7 days. Otherwise, + the retention period is 1 hour. + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firestoreindexes.firestore.cnrm.cloud.google.com +spec: + group: firestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirestoreIndex + plural: firestoreindexes + shortNames: + - gcpfirestoreindex + - gcpfirestoreindexes + singular: firestoreindex + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + collection: + description: Immutable. The collection being indexed. + type: string + database: + description: Immutable. The Firestore database id. Defaults to '"(default)"'. + type: string + fields: + description: |- + Immutable. The fields supported by this index. The last field entry is always for + the field path '__name__'. If, on creation, '__name__' was not + specified as the last field, it will be added automatically with the + same direction as that of the last field defined. If the final field + in a composite index is not directional, the '__name__' will be + ordered '"ASCENDING"' (unless explicitly specified otherwise). + items: + properties: + arrayConfig: + description: |- + Immutable. Indicates that this field supports operations on arrayValues. Only one of 'order' and 'arrayConfig' can + be specified. Possible values: ["CONTAINS"]. + type: string + fieldPath: + description: Immutable. Name of the field. + type: string + order: + description: |- + Immutable. Indicates that this field supports ordering by the specified order or comparing using =, <, <=, >, >=. + Only one of 'order' and 'arrayConfig' can be specified. Possible values: ["ASCENDING", "DESCENDING"]. + type: string + type: object + type: array + queryScope: + description: 'Immutable. The scope at which a query is run. Default + value: "COLLECTION" Possible values: ["COLLECTION", "COLLECTION_GROUP"].' + type: string + required: + - collection + - fields + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + A server defined name for this index. Format: + 'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: folders.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: Folder + plural: folders + shortNames: + - gcpfolder + - gcpfolders + singular: folder + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef + - not: + anyOf: + - required: + - folderRef + - required: + - organizationRef + properties: + displayName: + description: The folder's display name. A folder's display name must + be unique amongst its siblings, e.g. no two folders with the same + parent can share the same display name. The display name must start + and end with a letter or digit, may contain letters, digits, spaces, + hyphens and underscores and can be no longer than 30 characters. + type: string + folderRef: + description: |- + The folder that this resource belongs to. Changing this forces the + resource to be migrated to the newly specified folder. Only one of + folderRef or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `folderId` field of a `Folder` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + organizationRef: + description: |- + The organization that this resource belongs to. Changing this + forces the resource to be migrated to the newly specified + organization. Only one of folderRef or organizationRef may be + specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: 'Timestamp when the Folder was created. Assigned by the + server. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. + Example: "2014-10-02T15:01:23.045123456Z".' + type: string + folderId: + description: The folder id from the name "folders/{folder_id}". + type: string + lifecycleState: + description: The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED. + type: string + name: + description: The resource name of the Folder. Its format is folders/{folder_id}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: gkebackupbackupplans.gkebackup.cnrm.cloud.google.com +spec: + group: gkebackup.cnrm.cloud.google.com + names: + categories: + - gcp + kind: GKEBackupBackupPlan + plural: gkebackupbackupplans + shortNames: + - gcpgkebackupbackupplan + - gcpgkebackupbackupplans + singular: gkebackupbackupplan + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backupConfig: + description: Defines the configuration of Backups created via this + BackupPlan. + properties: + allNamespaces: + description: If True, include all namespaced resources. + type: boolean + encryptionKey: + description: |- + This defines a customer managed encryption key that will be used to encrypt the "config" + portion (the Kubernetes resources) of Backups created via this plan. + properties: + gcpKmsEncryptionKey: + description: 'Google Cloud KMS encryption key. Format: projects/*/locations/*/keyRings/*/cryptoKeys/*.' + type: string + required: + - gcpKmsEncryptionKey + type: object + includeSecrets: + description: |- + This flag specifies whether Kubernetes Secret resources should be included + when they fall into the scope of Backups. + type: boolean + includeVolumeData: + description: |- + This flag specifies whether volume data should be backed up when PVCs are + included in the scope of a Backup. + type: boolean + selectedApplications: + description: A list of namespaced Kubernetes Resources. + properties: + namespacedNames: + description: A list of namespaced Kubernetes resources. + items: + properties: + name: + description: The name of a Kubernetes Resource. + type: string + namespace: + description: The namespace of a Kubernetes Resource. + type: string + required: + - name + - namespace + type: object + type: array + required: + - namespacedNames + type: object + selectedNamespaces: + description: If set, include just the resources in the listed + namespaces. + properties: + namespaces: + description: A list of Kubernetes Namespaces. + items: + type: string + type: array + required: + - namespaces + type: object + type: object + backupSchedule: + description: Defines a schedule for automatic Backup creation via + this BackupPlan. + properties: + cronSchedule: + description: |- + A standard cron string that defines a repeating schedule for + creating Backups via this BackupPlan. + If this is defined, then backupRetainDays must also be defined. + type: string + paused: + description: This flag denotes whether automatic Backup creation + is paused for this BackupPlan. + type: boolean + type: object + cluster: + description: Immutable. The source cluster from which Backups will + be created via this BackupPlan. + type: string + deactivated: + description: |- + This flag indicates whether this BackupPlan has been deactivated. + Setting this field to True locks the BackupPlan such that no further updates will be allowed + (except deletes), including the deactivated field itself. It also prevents any new Backups + from being created via this BackupPlan (including scheduled Backups). + type: boolean + description: + description: User specified descriptive string for this BackupPlan. + type: string + location: + description: Immutable. The region of the Backup Plan. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retentionPolicy: + description: RetentionPolicy governs lifecycle of Backups created + under this plan. + properties: + backupDeleteLockDays: + description: |- + Minimum age for a Backup created via this BackupPlan (in days). + Must be an integer value between 0-90 (inclusive). + A Backup created under this BackupPlan will not be deletable + until it reaches Backup's (create time + backup_delete_lock_days). + Updating this field of a BackupPlan does not affect existing Backups. + Backups created after a successful update will inherit this new value. + type: integer + backupRetainDays: + description: |- + The default maximum age of a Backup created via this BackupPlan. + This field MUST be an integer value >= 0 and <= 365. If specified, + a Backup created under this BackupPlan will be automatically deleted + after its age reaches (createTime + backupRetainDays). + If not specified, Backups created under this BackupPlan will NOT be + subject to automatic deletion. Updating this field does NOT affect + existing Backups under it. Backups created AFTER a successful update + will automatically pick up the new value. + NOTE: backupRetainDays must be >= backupDeleteLockDays. + If cronSchedule is defined, then this must be <= 360 * the creation interval.]. + type: integer + locked: + description: |- + This flag denotes whether the retention policy of this BackupPlan is locked. + If set to True, no further update is allowed on this policy, including + the locked field itself. + type: boolean + type: object + required: + - cluster + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: |- + etag is used for optimistic concurrency control as a way to help prevent simultaneous + updates of a backup plan from overwriting each other. It is strongly suggested that + systems make use of the 'etag' in the read-modify-write cycle to perform BackupPlan updates + in order to avoid race conditions: An etag is returned in the response to backupPlans.get, + and systems are expected to put that etag in the request to backupPlans.patch or + backupPlans.delete to ensure that their change will be applied to the same version of the resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + protectedPodCount: + description: The number of Kubernetes Pods backed up in the last successful + Backup created via this BackupPlan. + type: integer + state: + description: The State of the BackupPlan. + type: string + stateReason: + description: Detailed description of why BackupPlan is in its current + state. + type: string + uid: + description: Server generated, unique identifier of UUID format. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: gkehubfeaturememberships.gkehub.cnrm.cloud.google.com +spec: + group: gkehub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: GKEHubFeatureMembership + listKind: GKEHubFeatureMembershipList + plural: gkehubfeaturememberships + shortNames: + - gcpgkehubfeaturemembership + - gcpgkehubfeaturememberships + singular: gkehubfeaturemembership + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: GKEHubFeatureMembership is the Schema for the gkehub API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + configmanagement: + description: Config Management-specific spec. + properties: + binauthz: + description: '**DEPRECATED** Binauthz configuration for the cluster. + This field will be ignored and should not be set.' + properties: + enabled: + description: Whether binauthz is enabled in this cluster. + type: boolean + type: object + configSync: + description: Config Sync configuration for the cluster. + properties: + git: + properties: + gcpServiceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `email` field of an `IAMServiceAccount` + resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + httpsProxy: + description: URL for the HTTPS proxy to be used when communicating + with the Git repo. + type: string + policyDir: + description: 'The path within the Git repository that + represents the top level of the repo to sync. Default: + the root directory of the repository.' + type: string + secretType: + description: Type of secret configured for access to the + Git repo. Must be one of ssh, cookiefile, gcenode, token, + gcpserviceaccount or none. The validation of this is + case-sensitive. + type: string + syncBranch: + description: 'The branch of the repository to sync from. + Default: master.' + type: string + syncRepo: + description: The URL of the Git repository to use as the + source of truth. + type: string + syncRev: + description: Git revision (tag or hash) to check out. + Default HEAD. + type: string + syncWaitSecs: + description: 'Period in seconds between consecutive syncs. + Default: 15.' + type: string + type: object + metricsGcpServiceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'The Email of the Google Cloud Service Account + (GSA) used for exporting Config Sync metrics to Cloud + Monitoring. The GSA should have the Monitoring Metric + Writer(roles/monitoring.metricWriter) IAM role. The + Kubernetes ServiceAccount `default` in the namespace + `config-management-monitoring` should be bound to the + GSA. Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + oci: + properties: + gcpServiceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `email` field of an `IAMServiceAccount` + resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + policyDir: + description: 'The absolute path of the directory that + contains the local resources. Default: the root directory + of the image.' + type: string + secretType: + description: Type of secret configured for access to the + OCI Image. Must be one of gcenode, gcpserviceaccount + or none. The validation of this is case-sensitive. + type: string + syncRepo: + description: The OCI image repository URL for the package + to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME. + type: string + syncWaitSecs: + description: 'Period in seconds(int64 format) between + consecutive syncs. Default: 15.' + type: string + type: object + preventDrift: + description: Set to true to enable the Config Sync admission + webhook to prevent drifts. If set to `false`, disables the + Config Sync admission webhook and does not prevent drifts. + type: boolean + sourceFormat: + description: Specifies whether the Config Sync Repo is in + "hierarchical" or "unstructured" mode. + type: string + type: object + hierarchyController: + description: Hierarchy Controller is no longer available. Use + https://github.com/kubernetes-sigs/hierarchical-namespaces instead. + properties: + enableHierarchicalResourceQuota: + description: Whether hierarchical resource quota is enabled + in this cluster. + type: boolean + enablePodTreeLabels: + description: Whether pod tree labels are enabled in this cluster. + type: boolean + enabled: + description: Whether Hierarchy Controller is enabled in this + cluster. + type: boolean + type: object + policyController: + description: '**DEPRECATED** Configuring Policy Controller through + the configmanagement feature is no longer recommended. Use the + policycontroller feature instead.' + properties: + auditIntervalSeconds: + description: Sets the interval for Policy Controller Audit + Scans (in seconds). When set to 0, this disables audit functionality + altogether. + type: string + enabled: + description: Enables the installation of Policy Controller. + If false, the rest of PolicyController fields take no effect. + type: boolean + exemptableNamespaces: + description: The set of namespaces that are excluded from + Policy Controller checks. Namespaces do not need to currently + exist on the cluster. + items: + type: string + type: array + logDeniesEnabled: + description: Logs all denies and dry run failures. + type: boolean + monitoring: + description: 'Specifies the backends Policy Controller should + export metrics to. For example, to specify metrics should + be exported to Cloud Monitoring and Prometheus, specify + backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", + "prometheus"]' + properties: + backends: + description: Specifies the list of backends Policy Controller + will export to. Specifying an empty value `[]` disables + metrics export. + items: + type: string + type: array + type: object + mutationEnabled: + description: Enable or disable mutation in policy controller. + If true, mutation CRDs, webhook and controller deployment + will be deployed to the cluster. + type: boolean + referentialRulesEnabled: + description: Enables the ability to use Constraint Templates + that reference to objects other than the object currently + being evaluated. + type: boolean + templateLibraryInstalled: + description: Installs the default template library along with + Policy Controller. + type: boolean + type: object + version: + description: Optional. Version of ACM to install. Defaults to + the latest version. + type: string + type: object + featureRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'The name of the feature. Allowed value: The Google + Cloud resource name of a `GKEHubFeature` resource (format: `projects/{{project}}/locations/{{location}}/features/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Immutable. The location of the feature + type: string + membershipLocation: + description: Immutable. The location of the membership + type: string + membershipRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'The name of the membership. Allowed value: The Google + Cloud resource name of a `GKEHubMembership` resource (format: + `projects/{{project}}/locations/{{location}}/memberships/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + mesh: + description: Manage Mesh Features + properties: + controlPlane: + description: '**DEPRECATED** Whether to automatically manage Service + Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, + AUTOMATIC, MANUAL' + type: string + management: + description: 'Whether to automatically manage Service Mesh. Possible + values: MANAGEMENT_UNSPECIFIED, MANAGEMENT_AUTOMATIC, MANAGEMENT_MANUAL' + type: string + type: object + policycontroller: + description: Policy Controller-specific spec. + properties: + policyControllerHubConfig: + description: Policy Controller configuration for the cluster. + properties: + auditIntervalSeconds: + description: Sets the interval for Policy Controller Audit + Scans (in seconds). When set to 0, this disables audit functionality + altogether. + format: int64 + type: integer + constraintViolationLimit: + description: The maximum number of audit violations to be + stored in a constraint. If not set, the internal default + of 20 will be used. + format: int64 + type: integer + exemptableNamespaces: + description: The set of namespaces that are excluded from + Policy Controller checks. Namespaces do not need to currently + exist on the cluster. + items: + type: string + type: array + installSpec: + description: 'Configures the mode of the Policy Controller + installation. Possible values: INSTALL_SPEC_UNSPECIFIED, + INSTALL_SPEC_NOT_INSTALLED, INSTALL_SPEC_ENABLED, INSTALL_SPEC_SUSPENDED, + INSTALL_SPEC_DETACHED' + type: string + logDeniesEnabled: + description: Logs all denies and dry run failures. + type: boolean + monitoring: + description: 'Specifies the backends Policy Controller should + export metrics to. For example, to specify metrics should + be exported to Cloud Monitoring and Prometheus, specify + backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", + "prometheus"]' + properties: + backends: + description: Specifies the list of backends Policy Controller + will export to. Specifying an empty value `[]` disables + metrics export. + items: + type: string + type: array + type: object + mutationEnabled: + description: Enables the ability to mutate resources using + Policy Controller. + type: boolean + policyContent: + description: Specifies the desired policy content on the cluster. + properties: + templateLibrary: + description: Configures the installation of the Template + Library. + properties: + installation: + description: 'Configures the manner in which the template + library is installed on the cluster. Possible values: + INSTALLATION_UNSPECIFIED, NOT_INSTALLED, ALL' + type: string + type: object + type: object + referentialRulesEnabled: + description: Enables the ability to use Constraint Templates + that reference to objects other than the object currently + being evaluated. + type: boolean + type: object + version: + description: Optional. Version of Policy Controller to install. + Defaults to the latest version. + type: string + required: + - policyControllerHubConfig + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'The project of the feature. Allowed value: The Google + Cloud resource name of a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - featureRef + - location + - membershipRef + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observations + of the GKEHubFeatureMembership's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: gkehubfeatures.gkehub.cnrm.cloud.google.com +spec: + group: gkehub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: GKEHubFeature + plural: gkehubfeatures + shortNames: + - gcpgkehubfeature + - gcpgkehubfeatures + singular: gkehubfeature + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + spec: + description: Optional. Hub-wide Feature configuration. If this Feature + does not support any Hub-wide configuration, this field may be unused. + properties: + fleetobservability: + description: Fleet Observability spec. + properties: + loggingConfig: + description: Fleet Observability Logging-specific spec. + properties: + defaultConfig: + description: Specified if applying the default routing + config to logs not specified in other configs. + properties: + mode: + description: 'The logs routing mode Possible values: + MODE_UNSPECIFIED, COPY, MOVE' + type: string + type: object + fleetScopeLogsConfig: + description: Specified if applying the routing config + to all logs for all fleet scopes. + properties: + mode: + description: 'The logs routing mode Possible values: + MODE_UNSPECIFIED, COPY, MOVE' + type: string + type: object + type: object + type: object + multiclusteringress: + description: Multicluster Ingress-specific spec. + properties: + configMembershipRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Fully-qualified Membership name which hosts the MultiClusterIngress CRD. Example: `projects/foo-proj/locations/global/memberships/bar` + + Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - configMembershipRef + type: object + type: object + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. When the Feature resource was created. + format: date-time + type: string + deleteTime: + description: Output only. When the Feature resource was deleted. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + resourceState: + description: State of the Feature resource itself. + properties: + hasResources: + description: Whether this Feature has outstanding resources that + need to be cleaned up before it can be disabled. + type: boolean + state: + description: 'The current state of the Feature resource in the + Hub API. Possible values: STATE_UNSPECIFIED, ENABLING, ACTIVE, + DISABLING, UPDATING, SERVICE_UPDATING' + type: string + type: object + state: + description: Output only. The Hub-wide Feature state + properties: + state: + description: Output only. The "running state" of the Feature in + this Hub. + properties: + code: + description: 'The high-level, machine-readable status of this + Feature. Possible values: CODE_UNSPECIFIED, OK, WARNING, + ERROR' + type: string + description: + description: A human-readable description of the current status. + type: string + updateTime: + description: 'The time this status and any related Feature-specific + details were updated. A timestamp in RFC3339 UTC "Zulu" + format, with nanosecond resolution and up to nine fractional + digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"' + type: string + type: object + type: object + updateTime: + description: Output only. When the Feature resource was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: gkehubmemberships.gkehub.cnrm.cloud.google.com +spec: + group: gkehub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: GKEHubMembership + plural: gkehubmemberships + shortNames: + - gcpgkehubmembership + - gcpgkehubmemberships + singular: gkehubmembership + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + authority: + description: 'Optional. How to identify workloads from this Membership. + See the documentation on Workload Identity for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity' + properties: + issuer: + description: Optional. A JSON Web Token (JWT) issuer URI. `issuer` + must start with `https://` and be a valid URL with length <2000 + characters. If set, then Google will allow valid OIDC tokens + from this issuer to authenticate within the workload_identity_pool. + OIDC discovery will be performed on this URI to validate tokens + from the issuer. Clearing `issuer` disables Workload Identity. + `issuer` cannot be directly modified; it must be cleared (and + Workload Identity disabled) before using a new issuer (and re-enabling + Workload Identity). + type: string + type: object + description: + description: 'Description of this membership, limited to 63 characters. + Must match the regex: `*` This field is present for legacy purposes.' + type: string + endpoint: + description: Optional. Endpoint information to reach this member. + properties: + gkeCluster: + description: Optional. GKE-specific information. Only present + if this Membership is a GKE cluster. + properties: + resourceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. Self-link of the GCP resource for the GKE cluster. For example: //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster Zonal clusters are also supported. + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + kubernetesResource: + description: 'Optional. The in-cluster Kubernetes Resources that + should be applied for a correctly registered cluster, in the + steady state. These resources: * Ensure that the cluster is + exclusively registered to one and only one Hub Membership. * + Propagate Workload Pool Information available in the Membership + Authority field. * Ensure proper initial configuration of default + Hub Features.' + properties: + membershipCrManifest: + description: Input only. The YAML representation of the Membership + CR. This field is ignored for GKE clusters where Hub can + read the CR directly. Callers should provide the CR that + is currently present in the cluster during CreateMembership + or UpdateMembership, or leave this field empty if none exists. + The CR manifest is used to validate the cluster has not + been registered with another Membership. + type: string + resourceOptions: + description: Optional. Options for Kubernetes resource generation. + properties: + connectVersion: + description: Optional. The Connect agent version to use + for connect_resources. Defaults to the latest GKE Connect + version. The version must be a currently supported version, + obsolete versions will be rejected. + type: string + v1beta1Crd: + description: Optional. Use `apiextensions/v1beta1` instead + of `apiextensions/v1` for CustomResourceDefinition resources. + This option should be set for clusters with Kubernetes + apiserver versions <1.16. + type: boolean + type: object + type: object + type: object + externalId: + description: 'Optional. An externally-generated and managed ID for + this Membership. This ID may be modified after creation, but this + is not recommended. The ID must match the regex: `*` If this Membership + represents a Kubernetes cluster, this value should be set to the + UID of the `kube-system` namespace object.' + type: string + infrastructureType: + description: 'Optional. The infrastructure type this Membership is + running on. Possible values: INFRASTRUCTURE_TYPE_UNSPECIFIED, ON_PREM, + MULTI_CLOUD' + type: string + location: + description: Immutable. The location for the resource + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + type: object + status: + properties: + authority: + properties: + identityProvider: + description: Output only. An identity provider that reflects the + `issuer` in the workload identity pool. + type: string + workloadIdentityPool: + description: 'Output only. The name of the workload identity pool + in which `issuer` will be recognized. There is a single Workload + Identity Pool per Hub that is shared between all Memberships + that belong to that Hub. For a Hub hosted in: {PROJECT_ID}, + the workload pool format is `{PROJECT_ID}.hub.id.goog`, although + this is subject to change in newer versions of this API.' + type: string + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. When the Membership was created. + format: date-time + type: string + deleteTime: + description: Output only. When the Membership was deleted. + format: date-time + type: string + endpoint: + properties: + kubernetesMetadata: + description: Output only. Useful Kubernetes-specific metadata. + properties: + kubernetesApiServerVersion: + description: Output only. Kubernetes API server version string + as reported by `/version`. + type: string + memoryMb: + description: Output only. The total memory capacity as reported + by the sum of all Kubernetes nodes resources, defined in + MB. + format: int64 + type: integer + nodeCount: + description: Output only. Node count as reported by Kubernetes + nodes resources. + format: int64 + type: integer + nodeProviderId: + description: Output only. Node providerID as reported by the + first node in the list of nodes on the Kubernetes endpoint. + On Kubernetes platforms that support zero-node clusters + (like GKE-on-GCP), the node_count will be zero and the node_provider_id + will be empty. + type: string + updateTime: + description: Output only. The time at which these details + were last updated. This update_time is different from the + Membership-level update_time since EndpointDetails are updated + internally for API consumers. + format: date-time + type: string + vcpuCount: + description: Output only. vCPU count as reported by Kubernetes + nodes resources. + format: int64 + type: integer + type: object + kubernetesResource: + properties: + connectResources: + description: Output only. The Kubernetes resources for installing + the GKE Connect agent This field is only populated in the + Membership returned from a successful long-running operation + from CreateMembership or UpdateMembership. It is not populated + during normal GetMembership or ListMemberships requests. + To get the resource manifest after the initial registration, + the caller should make a UpdateMembership call with an empty + field mask. + items: + properties: + clusterScoped: + description: Whether the resource provided in the manifest + is `cluster_scoped`. If unset, the manifest is assumed + to be namespace scoped. This field is used for REST + mapping when applying the resource in a cluster. + type: boolean + manifest: + description: YAML manifest of the resource. + type: string + type: object + type: array + membershipResources: + description: Output only. Additional Kubernetes resources + that need to be applied to the cluster after Membership + creation, and after every update. This field is only populated + in the Membership returned from a successful long-running + operation from CreateMembership or UpdateMembership. It + is not populated during normal GetMembership or ListMemberships + requests. To get the resource manifest after the initial + registration, the caller should make a UpdateMembership + call with an empty field mask. + items: + properties: + clusterScoped: + description: Whether the resource provided in the manifest + is `cluster_scoped`. If unset, the manifest is assumed + to be namespace scoped. This field is used for REST + mapping when applying the resource in a cluster. + type: boolean + manifest: + description: YAML manifest of the resource. + type: string + type: object + type: array + type: object + type: object + lastConnectionTime: + description: Output only. For clusters using Connect, the timestamp + of the most recent connection established with Google Cloud. This + time is updated every several minutes, not continuously. For clusters + that do not use GKE Connect, or that have never connected successfully, + this field will be unset. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: Output only. State of the Membership resource. + properties: + code: + description: 'Output only. The current state of the Membership + resource. Possible values: CODE_UNSPECIFIED, CREATING, READY, + DELETING, UPDATING, SERVICE_UPDATING' + type: string + type: object + uniqueId: + description: Output only. Google-generated UUID for this resource. + This is unique across all Membership resources. If a Membership + resource is deleted and another resource with the same name is created, + it gets a different unique_id. + type: string + updateTime: + description: Output only. When the Membership was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: healthcareconsentstores.healthcare.cnrm.cloud.google.com +spec: + group: healthcare.cnrm.cloud.google.com + names: + categories: + - gcp + kind: HealthcareConsentStore + plural: healthcareconsentstores + shortNames: + - gcphealthcareconsentstore + - gcphealthcareconsentstores + singular: healthcareconsentstore + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. + type: string + defaultConsentTtl: + description: |- + Default time to live for consents in this store. Must be at least 24 hours. Updating this field will not affect the expiration time of existing consents. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + enableConsentCreateOnUpdate: + description: If true, [consents.patch] [google.cloud.healthcare.v1.consent.UpdateConsent] + creates the consent if it does not already exist. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - dataset + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: healthcaredatasets.healthcare.cnrm.cloud.google.com +spec: + group: healthcare.cnrm.cloud.google.com + names: + categories: + - gcp + kind: HealthcareDataset + plural: healthcaredatasets + shortNames: + - gcphealthcaredataset + - gcphealthcaredatasets + singular: healthcaredataset + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: + description: Immutable. The location for the Dataset. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + timeZone: + description: |- + The default timezone used by this dataset. Must be a either a valid IANA time zone name such as + "America/New_York" or empty, which defaults to UTC. This is used for parsing times in resources + (e.g., HL7 messages) where no explicit timezone is specified. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The fully qualified name of this dataset. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: healthcaredicomstores.healthcare.cnrm.cloud.google.com +spec: + group: healthcare.cnrm.cloud.google.com + names: + categories: + - gcp + kind: HealthcareDICOMStore + plural: healthcaredicomstores + shortNames: + - gcphealthcaredicomstore + - gcphealthcaredicomstores + singular: healthcaredicomstore + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. + type: string + notificationConfig: + description: A nested object resource. + properties: + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + type: string + required: + - pubsubTopic + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + streamConfigs: + description: |- + To enable streaming to BigQuery, configure the streamConfigs object in your DICOM store. + streamConfigs is an array, so you can specify multiple BigQuery destinations. You can stream metadata from a single DICOM store to up to five BigQuery tables in a BigQuery dataset. + items: + properties: + bigqueryDestination: + description: BigQueryDestination to include a fully qualified + BigQuery table URI where DICOM instance metadata will be streamed. + properties: + tableUri: + description: a fully qualified BigQuery table URI where + DICOM instance metadata will be streamed. + type: string + required: + - tableUri + type: object + required: + - bigqueryDestination + type: object + type: array + required: + - dataset + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The fully qualified name of this dataset. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: healthcarefhirstores.healthcare.cnrm.cloud.google.com +spec: + group: healthcare.cnrm.cloud.google.com + names: + categories: + - gcp + kind: HealthcareFHIRStore + plural: healthcarefhirstores + shortNames: + - gcphealthcarefhirstore + - gcphealthcarefhirstores + singular: healthcarefhirstore + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + complexDataTypeReferenceParsing: + description: 'Enable parsing of references within complex FHIR data + types such as Extensions. If this value is set to ENABLED, then + features like referential integrity and Bundle reference rewriting + apply to all references. If this flag has not been specified the + behavior of the FHIR store will not change, references in complex + data types will not be parsed. New stores will have this value set + to ENABLED by default after a notification period. Warning: turning + on this flag causes processing existing resources to fail if they + contain references to non-existent resources. Possible values: ["COMPLEX_DATA_TYPE_REFERENCE_PARSING_UNSPECIFIED", + "DISABLED", "ENABLED"].' + type: string + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. + type: string + defaultSearchHandlingStrict: + description: |- + If true, overrides the default search behavior for this FHIR store to handling=strict which returns an error for unrecognized search parameters. + If false, uses the FHIR specification default handling=lenient which ignores unrecognized search parameters. + The handling can always be changed from the default on an individual API call by setting the HTTP header Prefer: handling=strict or Prefer: handling=lenient. + type: boolean + disableReferentialIntegrity: + description: |- + Immutable. Whether to disable referential integrity in this FHIR store. This field is immutable after FHIR store + creation. The default value is false, meaning that the API will enforce referential integrity and fail the + requests that will result in inconsistent state in the FHIR store. When this field is set to true, the API + will skip referential integrity check. Consequently, operations that rely on references, such as + Patient.get$everything, will not return all the results if broken references exist. + + ** Changing this property may recreate the FHIR store (removing all data) **. + type: boolean + disableResourceVersioning: + description: |- + Immutable. Whether to disable resource versioning for this FHIR store. This field can not be changed after the creation + of FHIR store. If set to false, which is the default behavior, all write operations will cause historical + versions to be recorded automatically. The historical versions can be fetched through the history APIs, but + cannot be updated. If set to true, no historical versions will be kept. The server will send back errors for + attempts to read the historical versions. + + ** Changing this property may recreate the FHIR store (removing all data) **. + type: boolean + enableHistoryImport: + description: |- + Immutable. Whether to allow the bulk import API to accept history bundles and directly insert historical resource + versions into the FHIR store. Importing resource histories creates resource interactions that appear to have + occurred in the past, which clients may not want to allow. If set to false, history bundles within an import + will fail with an error. + + ** Changing this property may recreate the FHIR store (removing all data) ** + + ** This property can be changed manually in the Google Cloud Healthcare admin console without recreating the FHIR store **. + type: boolean + enableUpdateCreate: + description: |- + Whether this FHIR store has the updateCreate capability. This determines if the client can use an Update + operation to create a new resource with a client-specified ID. If false, all IDs are server-assigned through + the Create operation and attempts to Update a non-existent resource will return errors. Please treat the audit + logs with appropriate levels of care if client-specified resource IDs contain sensitive data such as patient + identifiers, those IDs will be part of the FHIR resource path recorded in Cloud audit logs and Cloud Pub/Sub + notifications. + type: boolean + notificationConfig: + description: A nested object resource. + properties: + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + type: string + required: + - pubsubTopic + type: object + notificationConfigs: + description: A list of notifcation configs that configure the notification + for every resource mutation in this FHIR store. + items: + properties: + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + type: string + sendFullResource: + description: |- + Whether to send full FHIR resource to this Pub/Sub topic for Create and Update operation. + Note that setting this to true does not guarantee that all resources will be sent in the format of + full FHIR resource. When a resource change is too large or during heavy traffic, only the resource name will be + sent. Clients should always check the "payloadType" label from a Pub/Sub message to determine whether + it needs to fetch the full resource as a separate operation. + type: boolean + sendPreviousResourceOnDelete: + description: |- + Whether to send full FHIR resource to this Pub/Sub topic for deleting FHIR resource. Note that setting this to + true does not guarantee that all previous resources will be sent in the format of full FHIR resource. When a + resource change is too large or during heavy traffic, only the resource name will be sent. Clients should always + check the "payloadType" label from a Pub/Sub message to determine whether it needs to fetch the full previous + resource as a separate operation. + type: boolean + required: + - pubsubTopic + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + streamConfigs: + description: |- + A list of streaming configs that configure the destinations of streaming export for every resource mutation in + this FHIR store. Each store is allowed to have up to 10 streaming configs. After a new config is added, the next + resource mutation is streamed to the new location in addition to the existing ones. When a location is removed + from the list, the server stops streaming to that location. Before adding a new config, you must add the required + bigquery.dataEditor role to your project's Cloud Healthcare Service Agent service account. Some lag (typically on + the order of dozens of seconds) is expected before the results show up in the streaming destination. + items: + properties: + bigqueryDestination: + description: |- + The destination BigQuery structure that contains both the dataset location and corresponding schema config. + The output is organized in one table per resource type. The server reuses the existing tables (if any) that + are named after the resource types, e.g. "Patient", "Observation". When there is no existing table for a given + resource type, the server attempts to create one. + See the [streaming config reference](https://cloud.google.com/healthcare/docs/reference/rest/v1beta1/projects.locations.datasets.fhirStores#streamconfig) for more details. + properties: + datasetUri: + description: BigQuery URI to a dataset, up to 2000 characters + long, in the format bq://projectId.bqDatasetId. + type: string + schemaConfig: + description: The configuration for the exported BigQuery + schema. + properties: + lastUpdatedPartitionConfig: + description: The configuration for exported BigQuery + tables to be partitioned by FHIR resource's last updated + time column. + properties: + expirationMs: + description: Number of milliseconds for which to + keep the storage for a partition. + type: string + type: + description: 'Type of partitioning. Possible values: + ["PARTITION_TYPE_UNSPECIFIED", "HOUR", "DAY", + "MONTH", "YEAR"].' + type: string + required: + - type + type: object + recursiveStructureDepth: + description: |- + The depth for all recursive structures in the output analytics schema. For example, concept in the CodeSystem + resource is a recursive structure; when the depth is 2, the CodeSystem table will have a column called + concept.concept but not concept.concept.concept. If not specified or set to 0, the server will use the default + value 2. The maximum depth allowed is 5. + type: integer + schemaType: + description: |- + Specifies the output schema type. + * ANALYTICS: Analytics schema defined by the FHIR community. + See https://github.com/FHIR/sql-on-fhir/blob/master/sql-on-fhir.md. + * ANALYTICS_V2: Analytics V2, similar to schema defined by the FHIR community, with added support for extensions with one or more occurrences and contained resources in stringified JSON. + * LOSSLESS: A data-driven schema generated from the fields present in the FHIR data being exported, with no additional simplification. Default value: "ANALYTICS" Possible values: ["ANALYTICS", "ANALYTICS_V2", "LOSSLESS"]. + type: string + required: + - recursiveStructureDepth + type: object + required: + - datasetUri + - schemaConfig + type: object + resourceTypes: + description: |- + Supply a FHIR resource type (such as "Patient" or "Observation"). See + https://www.hl7.org/fhir/valueset-resource-types.html for a list of all FHIR resource types. The server treats + an empty list as an intent to stream all the supported resource types in this FHIR store. + items: + type: string + type: array + required: + - bigqueryDestination + type: object + type: array + version: + description: 'Immutable. The FHIR specification version. Default value: + "STU3" Possible values: ["DSTU2", "STU3", "R4"].' + type: string + required: + - dataset + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The fully qualified name of this dataset. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: healthcarehl7v2stores.healthcare.cnrm.cloud.google.com +spec: + group: healthcare.cnrm.cloud.google.com + names: + categories: + - gcp + kind: HealthcareHL7V2Store + plural: healthcarehl7v2stores + shortNames: + - gcphealthcarehl7v2store + - gcphealthcarehl7v2stores + singular: healthcarehl7v2store + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. + type: string + notificationConfig: + description: DEPRECATED. `notification_config` is deprecated. Use + `notification_configs` instead. A nested object resource. + properties: + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + type: string + required: + - pubsubTopic + type: object + notificationConfigs: + description: |- + A list of notification configs. Each configuration uses a filter to determine whether to publish a + message (both Ingest & Create) on the corresponding notification destination. Only the message name + is sent as part of the notification. Supplied by the client. + items: + properties: + filter: + description: |- + Restricts notifications sent for messages matching a filter. If this is empty, all messages + are matched. Syntax: https://cloud.google.com/appengine/docs/standard/python/search/query_strings + + Fields/functions available for filtering are: + + * messageType, from the MSH-9.1 field. For example, NOT messageType = "ADT". + * send_date or sendDate, the YYYY-MM-DD date the message was sent in the dataset's timeZone, from the MSH-7 segment. For example, send_date < "2017-01-02". + * sendTime, the timestamp when the message was sent, using the RFC3339 time format for comparisons, from the MSH-7 segment. For example, sendTime < "2017-01-02T00:00:00-05:00". + * sendFacility, the care center that the message came from, from the MSH-4 segment. For example, sendFacility = "ABC". + * PatientId(value, type), which matches if the message lists a patient having an ID of the given value and type in the PID-2, PID-3, or PID-4 segments. For example, PatientId("123456", "MRN"). + * labels.x, a string value of the label with key x as set using the Message.labels map. For example, labels."priority"="high". The operator :* can be used to assert the existence of a label. For example, labels."priority":*. + type: string + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + + If a notification cannot be published to Cloud Pub/Sub, errors will be logged to Stackdriver. + type: string + required: + - pubsubTopic + type: object + type: array + parserConfig: + description: A nested object resource. + properties: + allowNullHeader: + description: Determines whether messages with no header are allowed. + type: boolean + schema: + description: |- + JSON encoded string for schemas used to parse messages in this + store if schematized parsing is desired. + type: string + segmentTerminator: + description: |- + Byte(s) to be used as the segment terminator. If this is unset, '\r' will be used as segment terminator. + + A base64-encoded string. + type: string + version: + description: 'Immutable. The version of the unschematized parser + to be used when a custom ''schema'' is not set. Default value: + "V1" Possible values: ["V1", "V2", "V3"].' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - dataset + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The fully qualified name of this dataset. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: iamaccessboundarypolicies.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMAccessBoundaryPolicy + plural: iamaccessboundarypolicies + shortNames: + - gcpiamaccessboundarypolicy + - gcpiamaccessboundarypolicies + singular: iamaccessboundarypolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The display name of the rule. + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `cloudresourcemanager.googleapis.com%2Fprojects%2F{{value}}`, + where {{value}} is the `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Rules to be applied. + items: + properties: + accessBoundaryRule: + description: An access boundary rule in an IAM policy. + properties: + availabilityCondition: + description: The availability condition further constrains + the access allowed by the access boundary rule. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression + in Common Expression Language syntax. + type: string + location: + description: |- + String indicating the location of the expression for error reporting, + e.g. a file name and a position in the file. + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression + type: object + availablePermissions: + description: A list of permissions that may be allowed for + use on the specified resource. + items: + type: string + type: array + availableResource: + description: The full resource name of a Google Cloud resource + entity. + type: string + type: object + description: + description: The description of the rule. + type: string + type: object + type: array + required: + - projectRef + - rules + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: The hash of the resource. Used internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: iamauditconfigs.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMAuditConfig + plural: iamauditconfigs + shortNames: + - gcpiamauditconfig + - gcpiamauditconfigs + singular: iamauditconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True' the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: IAMAuditConfig is the schema for the IAM audit logging API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IAMAuditConfigSpec defines the desired state of IAMAuditConfig. + properties: + auditLogConfigs: + description: Required. The configuration for logging of each type + of permission. + items: + properties: + exemptedMembers: + description: Identities that do not cause logging for this type + of permission. The format is the same as that for 'members' + in IAMPolicy/IAMPolicyMember. + items: + type: string + type: array + logType: + description: Permission type for which logging is to be configured. + Must be one of 'DATA_READ', 'DATA_WRITE', or 'ADMIN_READ'. + pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ + type: string + required: + - logType + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAMAuditConfig + on (e.g. project). + properties: + apiVersion: + type: string + external: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + type: object + service: + description: 'Immutable. Required. The service for which to enable + Data Access audit logs. The special value ''allServices'' covers + all services. Note that if there are audit configs covering both + ''allServices'' and a specific service, then the union of the two + audit configs is used for that service: the ''logTypes'' specified + in each ''auditLogConfig'' are enabled, and the ''exemptedMembers'' + in each ''auditLogConfig'' are exempted.' + type: string + required: + - auditLogConfigs + - resourceRef + - service + type: object + status: + description: IAMAuditConfigStatus defines the observed state of IAMAuditConfig. + properties: + conditions: + description: Conditions represent the latest available observations + of the IAMAuditConfig's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: iamcustomroles.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMCustomRole + plural: iamcustomroles + shortNames: + - gcpiamcustomrole + - gcpiamcustomroles + singular: iamcustomrole + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description for the role. + type: string + permissions: + description: The names of the permissions this role grants when bound + in an IAM policy. At least one permission must be specified. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The roleId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + stage: + description: The current launch stage of the role. Defaults to GA. + type: string + title: + description: A human-readable title for the role. + type: string + required: + - permissions + - title + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + deleted: + description: The current deleted state of the role. + type: boolean + name: + description: The full name of the role. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: iampartialpolicies.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMPartialPolicy + plural: iampartialpolicies + shortNames: + - gcpiampartialpolicy + - gcpiampartialpolicies + singular: iampartialpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True' the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: IAMPartialPolicy is the Schema for the iampartialpolicy API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IAMPartialPolicySpec defines the desired state of IAMPartialPolicy + properties: + bindings: + description: Optional. The list of IAM bindings managed by Config + Connector. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + oneOf: + - required: + - member + - required: + - memberFrom + properties: + member: + description: The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used. + type: string + memberFrom: + description: The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used, + and only one subfield within 'memberFrom' can be used. + oneOf: + - required: + - logSinkRef + - required: + - serviceAccountRef + - required: + - serviceIdentityRef + - required: + - sqlInstanceRef + properties: + logSinkRef: + description: The LoggingLogSink whose writer identity + (i.e. its 'status.writerIdentity') is to be bound + to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceAccountRef: + description: The IAMServiceAccount to be bound to + the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceIdentityRef: + description: The ServiceIdentity whose service account + (i.e., its 'status.email') is to be bound to the + role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + sqlInstanceRef: + description: The SQLInstance whose service account + (i.e. its 'status.serviceAccountEmailAddress') is + to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: object + type: object + type: array + role: + description: Required. The role to bind the users to. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + type: string + required: + - role + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAM + policy on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external + properties: + apiVersion: + type: string + external: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + type: object + required: + - resourceRef + type: object + status: + description: IAMPartialPolicyStatus defines the observed state of IAMPartialPolicy + properties: + allBindings: + description: AllBindings surfaces all IAM bindings for the referenced + resource. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + type: string + type: array + role: + description: Required. The role to bind the users to. + type: string + required: + - role + type: object + type: array + conditions: + description: Conditions represent the latest available observations + of the IAM policy's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + lastAppliedBindings: + description: LastAppliedBindings is the list of IAM bindings that + were most recently applied by Config Connector. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + type: string + type: array + role: + description: Required. The role to bind the users to. + type: string + required: + - role + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: iampolicies.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMPolicy + plural: iampolicies + shortNames: + - gcpiampolicy + - gcpiampolicies + singular: iampolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True' the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: IAMPolicy is the Schema for the iampolicies API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IAMPolicySpec defines the desired state of IAMPolicy + properties: + auditConfigs: + description: Optional. The list of IAM audit configs. + items: + description: Specifies the Cloud Audit Logs configuration for the + IAM policy. + properties: + auditLogConfigs: + description: Required. The configuration for logging of each + type of permission. + items: + properties: + exemptedMembers: + description: Identities that do not cause logging for + this type of permission. The format is the same as that + for 'members' in IAMPolicy/IAMPolicyMember. + items: + type: string + type: array + logType: + description: Permission type for which logging is to be + configured. Must be one of 'DATA_READ', 'DATA_WRITE', + or 'ADMIN_READ'. + pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ + type: string + required: + - logType + type: object + type: array + service: + description: 'Required. The service for which to enable Data + Access audit logs. The special value ''allServices'' covers + all services. Note that if there are audit configs covering + both ''allServices'' and a specific service, then the union + of the two audit configs is used for that service: the ''logTypes'' + specified in each ''auditLogConfig'' are enabled, and the + ''exemptedMembers'' in each ''auditLogConfig'' are exempted.' + type: string + required: + - auditLogConfigs + - service + type: object + type: array + bindings: + description: Optional. The list of IAM bindings. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + type: string + type: array + role: + description: Required. The role to bind the users to. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + type: string + required: + - role + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAM + policy on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external + properties: + apiVersion: + type: string + external: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + type: object + required: + - resourceRef + type: object + status: + description: IAMPolicyStatus defines the observed state of IAMPolicy + properties: + conditions: + description: Conditions represent the latest available observations + of the IAM policy's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: iampolicymembers.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMPolicyMember + plural: iampolicymembers + shortNames: + - gcpiampolicymember + - gcpiampolicymembers + singular: iampolicymember + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True' the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: IAMPolicyMember is the Schema for the iampolicies API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IAMPolicyMemberSpec defines the desired state of IAMPolicyMember + oneOf: + - required: + - member + - required: + - memberFrom + properties: + condition: + description: Immutable. Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + member: + description: Immutable. The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used. + type: string + memberFrom: + description: Immutable. The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used, and only one + subfield within 'memberFrom' can be used. + oneOf: + - required: + - logSinkRef + - required: + - serviceAccountRef + - required: + - serviceIdentityRef + - required: + - sqlInstanceRef + properties: + logSinkRef: + description: The LoggingLogSink whose writer identity (i.e. its + 'status.writerIdentity') is to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceAccountRef: + description: The IAMServiceAccount to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceIdentityRef: + description: The ServiceIdentity whose service account (i.e., + its 'status.email') is to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + sqlInstanceRef: + description: The SQLInstance whose service account (i.e. its 'status.serviceAccountEmailAddress') + is to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: object + resourceRef: + description: Immutable. Required. The GCP resource to set the IAM + policy on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external + properties: + apiVersion: + type: string + external: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + type: object + role: + description: Immutable. Required. The role for which the Member will + be bound. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + type: string + required: + - resourceRef + - role + type: object + status: + description: IAMPolicyMemberStatus defines the observed state of IAMPolicyMember + properties: + conditions: + description: Conditions represent the latest available observations + of the IAM policy's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: iamserviceaccountkeys.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMServiceAccountKey + plural: iamserviceaccountkeys + shortNames: + - gcpiamserviceaccountkey + - gcpiamserviceaccountkeys + singular: iamserviceaccountkey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + keyAlgorithm: + description: 'Immutable. The algorithm used to generate the key, used + only on create. KEY_ALG_RSA_2048 is the default algorithm. Valid + values are: "KEY_ALG_RSA_1024", "KEY_ALG_RSA_2048".' + type: string + privateKeyType: + description: Immutable. + type: string + publicKeyData: + description: Immutable. A field that allows clients to upload their + own public key. If set, use this public key data to create a service + account key for given service account. Please note, the expected + format for this field is a base64 encoded X509_PEM. + type: string + publicKeyType: + description: Immutable. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - serviceAccountRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: Immutable. The name used for this key pair. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + privateKey: + description: The private key in JSON format, base64 encoded. This + is what you normally get as a file when creating service account + keys through the CLI or web console. This is only populated when + creating a new key. + type: string + publicKey: + description: Immutable. The public key, base64 encoded. + type: string + validAfter: + description: 'The key can be used after this timestamp. A timestamp + in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: + "2014-10-02T15:01:23.045123456Z".' + type: string + validBefore: + description: 'The key can be used before this timestamp. A timestamp + in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: + "2014-10-02T15:01:23.045123456Z".' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: iamserviceaccounts.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMServiceAccount + plural: iamserviceaccounts + shortNames: + - gcpiamserviceaccount + - gcpiamserviceaccounts + singular: iamserviceaccount + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A text description of the service account. Must be less + than or equal to 256 UTF-8 bytes. + type: string + disabled: + description: Whether the service account is disabled. Defaults to + false. + type: boolean + displayName: + description: The display name for the service account. Can be updated + without creating a new resource. + type: string + resourceID: + description: Immutable. Optional. The accountId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + email: + description: The e-mail address of the service account. This value + should be referenced from any google_iam_policy data sources that + would grant the service account privileges. + type: string + member: + description: The Identity of the service account in the form 'serviceAccount:{email}'. + This value is often used to refer to the service account in order + to grant IAM permissions. + type: string + name: + description: The fully-qualified name of the service account. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + uniqueId: + description: The unique id of the service account. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iamworkforcepoolproviders.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMWorkforcePoolProvider + plural: iamworkforcepoolproviders + shortNames: + - gcpiamworkforcepoolprovider + - gcpiamworkforcepoolproviders + singular: iamworkforcepoolprovider + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attributeCondition: + description: 'A [Common Expression Language](https://opensource.google/projects/cel) + expression, in plain text, to restrict what otherwise valid authentication + credentials issued by the provider should not be accepted. The expression + must output a boolean representing whether to allow the federation. + The following keywords may be referenced in the expressions: * `assertion`: + JSON representing the authentication credential issued by the provider. + * `google`: The Google attributes mapped from the assertion in the + `attribute_mappings`. `google.profile_photo` and `google.display_name` + are not supported. * `attribute`: The custom attributes mapped from + the assertion in the `attribute_mappings`. The maximum length of + the attribute condition expression is 4096 characters. If unspecified, + all valid authentication credentials will be accepted. The following + example shows how to only allow credentials with a mapped `google.groups` + value of `admins`: ``` "''admins'' in google.groups" ```' + type: string + attributeMapping: + additionalProperties: + type: string + description: 'Required. Maps attributes from the authentication credentials + issued by an external identity provider to Google Cloud attributes, + such as `subject` and `segment`. Each key must be a string specifying + the Google Cloud IAM attribute to map to. The following keys are + supported: * `google.subject`: The principal IAM is authenticating. + You can reference this value in IAM bindings. This is also the subject + that appears in Cloud Logging logs. This is a required field and + the mapped subject cannot exceed 127 bytes. * `google.groups`: Groups + the authenticating user belongs to. You can grant groups access + to resources using an IAM `principalSet` binding; access applies + to all members of the group. * `google.display_name`: The name of + the authenticated user. This is an optional field and the mapped + display name cannot exceed 100 bytes. If not set, `google.subject` + will be displayed instead. This attribute cannot be referenced in + IAM bindings. * `google.profile_photo`: The URL that specifies the + authenticated user''s thumbnail photo. This is an optional field. + When set, the image will be visible as the user''s profile picture. + If not set, a generic user icon will be displayed instead. This + attribute cannot be referenced in IAM bindings. You can also provide + custom attributes by specifying `attribute.{custom_attribute}`, + where {custom_attribute} is the name of the custom attribute to + be mapped. You can define a maximum of 50 custom attributes. The + maximum length of a mapped attribute key is 100 characters, and + the key may only contain the characters [a-z0-9_]. You can reference + these attributes in IAM policies to define fine-grained access for + a workforce pool to Google Cloud resources. For example:' + type: object + description: + description: A user-specified description of the provider. Cannot + exceed 256 characters. + type: string + disabled: + description: Whether the provider is disabled. You cannot use a disabled + provider to exchange tokens. However, existing tokens still grant + access. + type: boolean + displayName: + description: A user-specified display name for the provider. Cannot + exceed 32 characters. + type: string + location: + description: Immutable. The location for the resource + type: string + oidc: + description: An OpenId Connect 1.0 identity provider configuration. + properties: + clientId: + description: Required. The client ID. Must match the audience + claim of the JWT issued by the identity provider. + type: string + clientSecret: + description: The optional client secret. Required to enable Authorization + Code flow for web sign-in. + properties: + value: + description: The value of the client secret. + properties: + plainText: + description: Input only. The plain text of the client + secret value. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + type: object + type: object + issuerUri: + description: Required. The OIDC issuer URI. Must be a valid URI + using the 'https' scheme. + type: string + jwksJson: + description: 'OIDC JWKs in JSON String format. For details on + definition of a JWK, see https:tools.ietf.org/html/rfc7517. + If not set, then we use the `jwks_uri` from the discovery document + fetched from the .well-known path for the `issuer_uri`. Currently, + RSA and EC asymmetric keys are supported. The JWK must use following + format and include only the following fields: ```{"keys": [{"kty": + "RSA/EC", "alg": "", "use": "sig", "kid": "", + "n": "", "e": "", "x": "", "y": "", "crv": ""}]}```' + type: string + webSsoConfig: + description: Required. Configuration for web single sign-on for + the OIDC provider. Here, web sign-in refers to console sign-in + and gcloud sign-in through the browser. + properties: + additionalScopes: + description: Additional scopes to request for in the OIDC + authentication request on top of scopes requested by default. + By default, the `openid`, `profile` and `email` scopes that + are supported by the identity provider are requested. Each + additional scope may be at most 256 characters. A maximum + of 10 additional scopes may be configured. + items: + type: string + type: array + assertionClaimsBehavior: + description: 'Required. The behavior for how OIDC Claims are + included in the `assertion` object used for attribute mapping + and attribute condition. Possible values: ASSERTION_CLAIMS_BEHAVIOR_UNSPECIFIED, + MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS, ONLY_ID_TOKEN_CLAIMS' + type: string + responseType: + description: 'Required. The Response Type to request for in + the OIDC Authorization Request for web sign-in. The `CODE` + Response Type is recommended to avoid the Implicit Flow, + for security reasons. Possible values: RESPONSE_TYPE_UNSPECIFIED, + CODE, ID_TOKEN' + type: string + required: + - assertionClaimsBehavior + - responseType + type: object + required: + - clientId + - issuerUri + - webSsoConfig + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + saml: + description: A SAML identity provider configuration. + properties: + idpMetadataXml: + description: 'Required. SAML Identity provider configuration metadata + xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). + The max size of the acceptable xml document will be bounded + to 128k characters. The metadata xml document should satisfy + the following constraints: 1) Must contain an Identity Provider + Entity ID. 2) Must contain at least one non-expired signing + key certificate. 3) For each signing key: a) Valid from should + be no more than 7 days from now. b) Valid to should be no more + than 10 years in the future. 4) Up to 3 IdP signing keys are + allowed in the metadata xml. When updating the provider''s metadata + xml, at least one non-expired signing key must overlap with + the existing metadata. This requirement is skipped if there + are no non-expired signing keys present in the existing metadata.' + type: string + required: + - idpMetadataXml + type: object + workforcePoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The workforce_pool for the resource + + Allowed value: The Google Cloud resource name of an `IAMWorkforcePool` resource (format: `locations/{{location}}/workforcePools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - attributeMapping + - location + - workforcePoolRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + oidc: + properties: + clientSecret: + properties: + value: + properties: + thumbprint: + description: Output only. A thumbprint to represent the + current client secret value. + type: string + type: object + type: object + type: object + state: + description: 'Output only. The state of the provider. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iamworkforcepools.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMWorkforcePool + plural: iamworkforcepools + shortNames: + - gcpiamworkforcepool + - gcpiamworkforcepools + singular: iamworkforcepool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A user-specified description of the pool. Cannot exceed + 256 characters. + type: string + disabled: + description: Whether the pool is disabled. You cannot use a disabled + pool to exchange tokens, or use existing tokens to access resources. + If the pool is re-enabled, existing tokens grant access again. + type: boolean + displayName: + description: A user-specified display name of the pool in Google Cloud + Console. Cannot exceed 32 characters. + type: string + location: + description: Immutable. The location for the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sessionDuration: + description: How long the Google Cloud access tokens, console sign-in + sessions, and gcloud sign-in sessions from this pool are valid. + Must be greater than 15 minutes (900s) and less than 12 hours (43200s). + If `session_duration` is not configured, minted credentials will + have a default duration of one hour (3600s). + type: string + required: + - location + - organizationRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: 'Output only. The resource name of the pool. Format: + `locations/{location}/workforcePools/{workforce_pool_id}`' + type: string + state: + description: 'Output only. The state of the pool. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iamworkloadidentitypoolproviders.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMWorkloadIdentityPoolProvider + plural: iamworkloadidentitypoolproviders + shortNames: + - gcpiamworkloadidentitypoolprovider + - gcpiamworkloadidentitypoolproviders + singular: iamworkloadidentitypoolprovider + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attributeCondition: + description: '[A Common Expression Language](https://opensource.google/projects/cel) + expression, in plain text, to restrict what otherwise valid authentication + credentials issued by the provider should not be accepted. The expression + must output a boolean representing whether to allow the federation. + The following keywords may be referenced in the expressions: * `assertion`: + JSON representing the authentication credential issued by the provider. + * `google`: The Google attributes mapped from the assertion in the + `attribute_mappings`. * `attribute`: The custom attributes mapped + from the assertion in the `attribute_mappings`. The maximum length + of the attribute condition expression is 4096 characters. If unspecified, + all valid authentication credential are accepted. The following + example shows how to only allow credentials with a mapped `google.groups` + value of `admins`: ``` "''admins'' in google.groups" ```' + type: string + attributeMapping: + additionalProperties: + type: string + description: 'Maps attributes from authentication credentials issued + by an external identity provider to Google Cloud attributes, such + as `subject` and `segment`. Each key must be a string specifying + the Google Cloud IAM attribute to map to. The following keys are + supported: * `google.subject`: The principal IAM is authenticating. + You can reference this value in IAM bindings. This is also the subject + that appears in Cloud Logging logs. Cannot exceed 127 characters. + * `google.groups`: Groups the external identity belongs to. You + can grant groups access to resources using an IAM `principalSet` + binding; access applies to all members of the group. You can also + provide custom attributes by specifying `attribute.{custom_attribute}`, + where `{custom_attribute}` is the name of the custom attribute to + be mapped. You can define a maximum of 50 custom attributes. The + maximum length of a mapped attribute key is 100 characters, and + the key may only contain the characters [a-z0-9_]. You can reference + these attributes in IAM policies to define fine-grained access for + a workload to Google Cloud resources. For example: * `google.subject`: + `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` + * `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` + * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` + Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) + function that maps an identity provider credential to the normalized + attribute specified by the corresponding map key. You can use the + `assertion` keyword in the expression to access a JSON representation + of the authentication credential issued by the provider. The maximum + length of an attribute mapping expression is 2048 characters. When + evaluated, the total size of all mapped attributes must not exceed + 8KB. For AWS providers, if no attribute mapping is defined, the + following default mapping applies: ``` { "google.subject":"assertion.arn", + "attribute.aws_role": "assertion.arn.contains(''assumed-role'')" + " ? assertion.arn.extract(''{account_arn}assumed-role/'')" " + ''assumed-role/''" + " + assertion.arn.extract(''assumed-role/{role_name}/'')" " : assertion.arn", + } ``` If any custom attribute mappings are defined, they must include + a mapping to the `google.subject` attribute. For OIDC providers, + you must supply a custom mapping, which must include the `google.subject` + attribute. For example, the following maps the `sub` claim of the + incoming credential to the `subject` attribute on a Google token: + ``` {"google.subject": "assertion.sub"} ```' + type: object + aws: + description: An Amazon Web Services identity provider. + properties: + accountId: + description: Required. The AWS account ID. + type: string + stsUri: + description: A list of AWS STS URIs that can be used when exchanging + credentials. If not provided, any valid AWS STS URI is allowed. + URIs must use the form `https://sts.amazonaws.com` or `https://sts.{region}.amazonaws.com`, + where {region} is a valid AWS region. You can specify a maximum + of 25 URIs. + items: + type: string + type: array + required: + - accountId + type: object + description: + description: A description for the provider. Cannot exceed 256 characters. + type: string + disabled: + description: Whether the provider is disabled. You cannot use a disabled + provider to exchange tokens. However, existing tokens still grant + access. + type: boolean + displayName: + description: A display name for the provider. Cannot exceed 32 characters. + type: string + location: + description: Immutable. The location for the resource + type: string + oidc: + description: An OpenId Connect 1.0 identity provider. + properties: + allowedAudiences: + description: 'Acceptable values for the `aud` field (audience) + in the OIDC token. Token exchange requests are rejected if the + token audience does not match one of the configured values. + Each audience may be at most 256 characters. A maximum of 10 + audiences may be configured. If this list is empty, the OIDC + token audience must be equal to the full canonical resource + name of the WorkloadIdentityPoolProvider, with or without the + HTTPS prefix. For example: ``` //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ + https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ + ```' + items: + type: string + type: array + issuerUri: + description: Required. The OIDC issuer URL. Must be an HTTPS endpoint. + type: string + required: + - issuerUri + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + workloadIdentityPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The workloadIdentityPool for the resource + + Allowed value: The Google Cloud resource name of an `IAMWorkloadIdentityPool` resource (format: `projects/{{project}}/locations/{{location}}/workloadIdentityPools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - projectRef + - workloadIdentityPoolRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The state of the provider. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iamworkloadidentitypools.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMWorkloadIdentityPool + plural: iamworkloadidentitypools + shortNames: + - gcpiamworkloadidentitypool + - gcpiamworkloadidentitypools + singular: iamworkloadidentitypool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A description of the pool. Cannot exceed 256 characters. + type: string + disabled: + description: Whether the pool is disabled. You cannot use a disabled + pool to exchange tokens, or use existing tokens to access resources. + If the pool is re-enabled, existing tokens grant access again. + type: boolean + displayName: + description: A display name for the pool. Cannot exceed 32 characters. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The state of the pool. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iapbrands.iap.cnrm.cloud.google.com +spec: + group: iap.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAPBrand + plural: iapbrands + shortNames: + - gcpiapbrand + - gcpiapbrands + singular: iapbrand + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + applicationTitle: + description: Immutable. Application name displayed on OAuth consent + screen. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + supportEmail: + description: Immutable. Support email displayed on the OAuth consent + screen. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + orgInternalOnly: + description: Output only. Whether the brand is only intended for usage + inside the G Suite organization only. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iapidentityawareproxyclients.iap.cnrm.cloud.google.com +spec: + group: iap.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAPIdentityAwareProxyClient + plural: iapidentityawareproxyclients + shortNames: + - gcpiapidentityawareproxyclient + - gcpiapidentityawareproxyclients + singular: iapidentityawareproxyclient + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + brandRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The brand for the resource + + Allowed value: The Google Cloud resource name of an `IAPBrand` resource (format: `projects/{{project}}/brands/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + displayName: + description: Immutable. Human-friendly name given to the OAuth client. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - brandRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + secret: + description: Output only. Client secret of the OAuth client. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: identityplatformconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformConfig + plural: identityplatformconfigs + shortNames: + - gcpidentityplatformconfig + - gcpidentityplatformconfigs + singular: identityplatformconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + authorizedDomains: + description: List of domains authorized for OAuth redirects + items: + type: string + type: array + blockingFunctions: + description: Configuration related to blocking functions. + properties: + triggers: + additionalProperties: + properties: + functionUriRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + HTTP URI trigger for the Cloud Function. + + Allowed value: The `httpsTrigger.url` field of a `CloudFunctionsFunction` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + updateTime: + description: When the trigger was changed. + format: date-time + type: string + type: object + description: 'Map of Trigger to event type. Key should be one + of the supported event types: "beforeCreate", "beforeSignIn"' + type: object + type: object + client: + description: Options related to how clients making requests on behalf + of a project should be configured. + properties: + permissions: + description: Configuration related to restricting a user's ability + to affect their account. + properties: + disabledUserDeletion: + description: When true, end users cannot delete their account + on the associated project through any of our API methods + type: boolean + disabledUserSignup: + description: When true, end users cannot sign up for a new + account on the associated project through any of our API + methods + type: boolean + type: object + type: object + mfa: + description: Configuration for this project's multi-factor authentication, + including whether it is active and what factors can be used for + the second factor + properties: + state: + description: 'Whether MultiFactor Authentication has been enabled + for this project. Possible values: STATE_UNSPECIFIED, DISABLED, + ENABLED, MANDATORY' + type: string + type: object + monitoring: + description: Configuration related to monitoring project activity. + properties: + requestLogging: + description: Configuration for logging requests made to this project + to Stackdriver Logging + properties: + enabled: + description: Whether logging is enabled for this project or + not. + type: boolean + type: object + type: object + multiTenant: + description: Configuration related to multi-tenant functionality. + properties: + allowTenants: + description: Whether this project can have tenants or not. + type: boolean + defaultTenantLocationRef: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: |- + The default cloud parent org or folder that the tenant project should be created under. The parent resource name should be in the format of "/", such as "folders/123" or "organizations/456". If the value is not set, the tenant will be created under the same organization or folder as the agent project. + + Allowed values: + * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). + * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). + type: string + kind: + description: 'Kind of the referent. Allowed values: Folder' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + notification: + description: Configuration related to sending notifications to users. + properties: + defaultLocale: + description: Default locale used for email and SMS in IETF BCP + 47 format. + type: string + sendEmail: + description: Options for email sending. + properties: + callbackUri: + description: action url in email template. + type: string + changeEmailTemplate: + description: Email template for change email + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + dnsInfo: + description: Information of custom domain DNS verification. + properties: + useCustomDomain: + description: Whether to use custom domain. + type: boolean + type: object + method: + description: 'The method used for sending an email. Possible + values: METHOD_UNSPECIFIED, DEFAULT, CUSTOM_SMTP' + type: string + resetPasswordTemplate: + description: Email template for reset password + properties: + body: + description: Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + revertSecondFactorAdditionTemplate: + description: Email template for reverting second factor addition + emails + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + smtp: + description: Use a custom SMTP relay + properties: + host: + description: SMTP relay host + type: string + password: + description: SMTP relay password + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: SMTP relay port + format: int64 + type: integer + securityMode: + description: 'SMTP security mode. Possible values: SECURITY_MODE_UNSPECIFIED, + SSL, START_TLS' + type: string + senderEmail: + description: Sender email for the SMTP relay + type: string + username: + description: SMTP relay username + type: string + type: object + verifyEmailTemplate: + description: Email template for verify email + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + type: object + sendSms: + description: Options for SMS sending. + properties: + useDeviceLocale: + description: Whether to use the accept_language header for + SMS. + type: boolean + type: object + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project of the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + quota: + description: Configuration related to quotas. + properties: + signUpQuotaConfig: + description: Quota for the Signup endpoint, if overwritten. Signup + quota is measured in sign ups per project per hour per IP. + properties: + quota: + description: Corresponds to the 'refill_token_count' field + in QuotaServer config + format: int64 + type: integer + quotaDuration: + description: How long this quota will be active for + type: string + startTime: + description: When this quota will take affect + format: date-time + type: string + type: object + type: object + signIn: + description: Configuration related to local sign in methods. + properties: + allowDuplicateEmails: + description: Whether to allow more than one account to have the + same email. + type: boolean + anonymous: + description: Configuration options related to authenticating an + anonymous user. + properties: + enabled: + description: Whether anonymous user auth is enabled for the + project or not. + type: boolean + type: object + email: + description: Configuration options related to authenticating a + user by their email address. + properties: + enabled: + description: Whether email auth is enabled for the project + or not. + type: boolean + passwordRequired: + description: Whether a password is required for email auth + or not. If true, both an email and password must be provided + to sign in. If false, a user may sign in via either email/password + or email link. + type: boolean + type: object + phoneNumber: + description: Configuration options related to authenticated a + user by their phone number. + properties: + enabled: + description: Whether phone number auth is enabled for the + project or not. + type: boolean + testPhoneNumbers: + additionalProperties: + type: string + description: A map of that can be used for phone auth testing. + type: object + type: object + type: object + required: + - projectRef + type: object + status: + properties: + client: + properties: + apiKey: + description: Output only. API key that can be used when making + requests for this project. + type: string + firebaseSubdomain: + description: Output only. Firebase subdomain. + type: string + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + notification: + properties: + sendEmail: + properties: + changeEmailTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + dnsInfo: + properties: + customDomain: + description: Output only. The applied verified custom + domain. + type: string + customDomainState: + description: 'Output only. The current verification state + of the custom domain. The custom domain will only be + used once the domain verification is successful. Possible + values: VERIFICATION_STATE_UNSPECIFIED, NOT_STARTED, + IN_PROGRESS, FAILED, SUCCEEDED' + type: string + domainVerificationRequestTime: + description: Output only. The timestamp of initial request + for the current domain verification. + format: date-time + type: string + pendingCustomDomain: + description: Output only. The custom domain that's to + be verified. + type: string + type: object + resetPasswordTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + revertSecondFactorAdditionTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + verifyEmailTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + type: object + sendSms: + properties: + smsTemplate: + description: Output only. The template to use when sending + an SMS. + properties: + content: + description: 'Output only. The SMS''s content. Can contain + the following placeholders which will be replaced with + the appropriate values: %APP_NAME% - For Android or + iOS apps, the app''s display name. For web apps, the + domain hosting the application. %LOGIN_CODE% - The OOB + code being sent in the SMS.' + type: string + type: object + type: object + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + signIn: + properties: + email: + properties: + hashConfig: + description: Output only. Hash config information. + properties: + algorithm: + description: 'Output only. Different password hash algorithms + used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, + HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, + MD5, HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, + SHA512, STANDARD_SCRYPT' + type: string + memoryCost: + description: Output only. Memory cost for hash calculation. + Used by scrypt and other similar password derivation + algorithms. See https://tools.ietf.org/html/rfc7914 + for explanation of field. + format: int64 + type: integer + rounds: + description: Output only. How many rounds for hash calculation. + Used by scrypt and other similar password derivation + algorithms. + format: int64 + type: integer + saltSeparator: + description: Output only. Non-printable character to be + inserted between the salt and plain text password in + base64. + type: string + signerKey: + description: Output only. Signer key in base64. + type: string + type: object + type: object + hashConfig: + description: Output only. Hash config information. + properties: + algorithm: + description: 'Output only. Different password hash algorithms + used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, + HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, MD5, + HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, SHA512, + STANDARD_SCRYPT' + type: string + memoryCost: + description: Output only. Memory cost for hash calculation. + Used by scrypt and other similar password derivation algorithms. + See https://tools.ietf.org/html/rfc7914 for explanation + of field. + format: int64 + type: integer + rounds: + description: Output only. How many rounds for hash calculation. + Used by scrypt and other similar password derivation algorithms. + format: int64 + type: integer + saltSeparator: + description: Output only. Non-printable character to be inserted + between the salt and plain text password in base64. + type: string + signerKey: + description: Output only. Signer key in base64. + type: string + type: object + type: object + subtype: + description: 'Output only. The subtype of this config. Possible values: + SUBTYPE_UNSPECIFIED, IDENTITY_PLATFORM, FIREBASE_AUTH' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformdefaultsupportedidpconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformDefaultSupportedIDPConfig + plural: identityplatformdefaultsupportedidpconfigs + shortNames: + - gcpidentityplatformdefaultsupportedidpconfig + - gcpidentityplatformdefaultsupportedidpconfigs + singular: identityplatformdefaultsupportedidpconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clientId: + description: OAuth client ID. + type: string + clientSecret: + description: OAuth client secret. + type: string + enabled: + description: If this IDP allows the user to sign in. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The idpId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - clientId + - clientSecret + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The name of the DefaultSupportedIdpConfig resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatforminboundsamlconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformInboundSAMLConfig + plural: identityplatforminboundsamlconfigs + shortNames: + - gcpidentityplatforminboundsamlconfig + - gcpidentityplatforminboundsamlconfigs + singular: identityplatforminboundsamlconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Human friendly display name. + type: string + enabled: + description: If this config allows users to sign in with the provider. + type: boolean + idpConfig: + description: SAML IdP configuration when the project acts as the relying + party. + properties: + idpCertificates: + description: The IdP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The IdP's x509 certificate. + type: string + type: object + type: array + idpEntityId: + description: Unique identifier for all SAML entities. + type: string + signRequest: + description: Indicates if outbounding SAMLRequest should be signed. + type: boolean + ssoUrl: + description: URL to send Authentication request to. + type: string + required: + - idpCertificates + - idpEntityId + - ssoUrl + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + spConfig: + description: |- + SAML SP (Service Provider) configuration when the project acts as the relying party to receive + and accept an authentication assertion issued by a SAML identity provider. + properties: + callbackUri: + description: Callback URI where responses from IDP are handled. + Must start with 'https://'. + type: string + spCertificates: + description: The IDP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The x509 certificate. + type: string + type: object + type: array + spEntityId: + description: Unique identifier for all SAML entities. + type: string + type: object + required: + - displayName + - idpConfig + - projectRef + - spConfig + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: identityplatformoauthidpconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformOAuthIDPConfig + plural: identityplatformoauthidpconfigs + shortNames: + - gcpidentityplatformoauthidpconfig + - gcpidentityplatformoauthidpconfigs + singular: identityplatformoauthidpconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clientId: + description: The client id of an OAuth client. + type: string + clientSecret: + description: The client secret of the OAuth client, to enable OIDC + code flow. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + displayName: + description: The config's display name set by developers. + type: string + enabled: + description: True if allows the user to sign in with the provider. + type: boolean + issuer: + description: For OIDC Idps, the issuer identifier. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + responseType: + description: 'The multiple response type to request for in the OAuth + authorization flow. This can possibly be a combination of set bits + (e.g.: {id\_token, token}).' + properties: + code: + description: If true, authorization code is returned from IdP's + authorization endpoint. + type: boolean + idToken: + description: If true, ID token is returned from IdP's authorization + endpoint. + type: boolean + token: + description: If true, access token is returned from IdP's authorization + endpoint. + type: boolean + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformprojectdefaultconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformProjectDefaultConfig + plural: identityplatformprojectdefaultconfigs + shortNames: + - gcpidentityplatformprojectdefaultconfig + - gcpidentityplatformprojectdefaultconfigs + singular: identityplatformprojectdefaultconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + signIn: + description: Configuration related to local sign in methods. + properties: + allowDuplicateEmails: + description: Whether to allow more than one account to have the + same email. + type: boolean + anonymous: + description: Configuration options related to authenticating an + anonymous user. + properties: + enabled: + description: Whether anonymous user auth is enabled for the + project or not. + type: boolean + required: + - enabled + type: object + email: + description: Configuration options related to authenticating a + user by their email address. + properties: + enabled: + description: Whether email auth is enabled for the project + or not. + type: boolean + passwordRequired: + description: |- + Whether a password is required for email auth or not. If true, both an email and + password must be provided to sign in. If false, a user may sign in via either + email/password or email link. + type: boolean + type: object + hashConfig: + description: Output only. Hash config information. + items: + properties: + algorithm: + description: Different password hash algorithms used in + Identity Toolkit. + type: string + memoryCost: + description: Memory cost for hash calculation. Used by scrypt + and other similar password derivation algorithms. See + https://tools.ietf.org/html/rfc7914 for explanation of + field. + type: integer + rounds: + description: How many rounds for hash calculation. Used + by scrypt and other similar password derivation algorithms. + type: integer + saltSeparator: + description: Non-printable character to be inserted between + the salt and plain text password in base64. + type: string + signerKey: + description: Signer key in base64. + type: string + type: object + type: array + phoneNumber: + description: Configuration options related to authenticated a + user by their phone number. + properties: + enabled: + description: Whether phone number auth is enabled for the + project or not. + type: boolean + testPhoneNumbers: + additionalProperties: + type: string + description: A map of that + can be used for phone auth testing. + type: object + type: object + type: object + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The name of the Config resource. Example: "projects/my-awesome-project/config".' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformtenantdefaultsupportedidpconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformTenantDefaultSupportedIDPConfig + plural: identityplatformtenantdefaultsupportedidpconfigs + shortNames: + - gcpidentityplatformtenantdefaultsupportedidpconfig + - gcpidentityplatformtenantdefaultsupportedidpconfigs + singular: identityplatformtenantdefaultsupportedidpconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clientId: + description: OAuth client ID. + type: string + clientSecret: + description: OAuth client secret. + type: string + enabled: + description: If this IDP allows the user to sign in. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The idpId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tenant: + description: Immutable. The name of the tenant where this DefaultSupportedIdpConfig + resource exists. + type: string + required: + - clientId + - clientSecret + - projectRef + - tenant + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The name of the default supported IDP config resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformtenantinboundsamlconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformTenantInboundSAMLConfig + plural: identityplatformtenantinboundsamlconfigs + shortNames: + - gcpidentityplatformtenantinboundsamlconfig + - gcpidentityplatformtenantinboundsamlconfigs + singular: identityplatformtenantinboundsamlconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Human friendly display name. + type: string + enabled: + description: If this config allows users to sign in with the provider. + type: boolean + idpConfig: + description: SAML IdP configuration when the project acts as the relying + party. + properties: + idpCertificates: + description: The IDP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The x509 certificate. + type: string + type: object + type: array + idpEntityId: + description: Unique identifier for all SAML entities. + type: string + signRequest: + description: Indicates if outbounding SAMLRequest should be signed. + type: boolean + ssoUrl: + description: URL to send Authentication request to. + type: string + required: + - idpCertificates + - idpEntityId + - ssoUrl + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + spConfig: + description: |- + SAML SP (Service Provider) configuration when the project acts as the relying party to receive + and accept an authentication assertion issued by a SAML identity provider. + properties: + callbackUri: + description: Callback URI where responses from IDP are handled. + Must start with 'https://'. + type: string + spCertificates: + description: The IDP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The x509 certificate. + type: string + type: object + type: array + spEntityId: + description: Unique identifier for all SAML entities. + type: string + required: + - callbackUri + - spEntityId + type: object + tenant: + description: Immutable. The name of the tenant where this inbound + SAML config resource exists. + type: string + required: + - displayName + - idpConfig + - projectRef + - spConfig + - tenant + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: identityplatformtenantoauthidpconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformTenantOAuthIDPConfig + plural: identityplatformtenantoauthidpconfigs + shortNames: + - gcpidentityplatformtenantoauthidpconfig + - gcpidentityplatformtenantoauthidpconfigs + singular: identityplatformtenantoauthidpconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clientId: + description: The client id of an OAuth client. + type: string + clientSecret: + description: The client secret of the OAuth client, to enable OIDC + code flow. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + displayName: + description: The config's display name set by developers. + type: string + enabled: + description: True if allows the user to sign in with the provider. + type: boolean + issuer: + description: For OIDC Idps, the issuer identifier. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + responseType: + description: 'The multiple response type to request for in the OAuth + authorization flow. This can possibly be a combination of set bits + (e.g.: {id\_token, token}).' + properties: + code: + description: If true, authorization code is returned from IdP's + authorization endpoint. + type: boolean + idToken: + description: If true, ID token is returned from IdP's authorization + endpoint. + type: boolean + token: + description: If true, access token is returned from IdP's authorization + endpoint. + type: boolean + type: object + tenantRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The tenant for the resource + + Allowed value: The Google Cloud resource name of an `IdentityPlatformTenant` resource (format: `projects/{{project}}/tenants/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tenantRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: identityplatformtenants.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformTenant + plural: identityplatformtenants + shortNames: + - gcpidentityplatformtenant + - gcpidentityplatformtenants + singular: identityplatformtenant + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + allowPasswordSignup: + description: Whether to allow email/password user authentication. + type: boolean + disableAuth: + description: Whether authentication is disabled for the tenant. If + true, the users under the disabled tenant are not allowed to sign-in. + Admins of the disabled tenant are not able to manage its users. + type: boolean + displayName: + description: Display name of the tenant. + type: string + enableAnonymousUser: + description: Whether to enable anonymous user authentication. + type: boolean + enableEmailLinkSignin: + description: Whether to enable email link user authentication. + type: boolean + mfaConfig: + description: The tenant-level configuration of MFA options. + properties: + enabledProviders: + description: A list of usable second factors for this project. + items: + type: string + type: array + state: + description: 'Whether MultiFactor Authentication has been enabled + for this project. Possible values: STATE_UNSPECIFIED, DISABLED, + ENABLED, MANDATORY' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + testPhoneNumbers: + additionalProperties: + type: string + description: A map of pairs that can + be used for MFA. The phone number should be in E.164 format (https://www.itu.int/rec/T-REC-E.164/) + and a maximum of 10 pairs can be added (error will be thrown once + exceeded). + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: beta + cnrm.cloud.google.com/system: "true" + name: kmsautokeyconfigs.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSAutokeyConfig + listKind: KMSAutokeyConfigList + plural: kmsautokeyconfigs + shortNames: + - gcpkmsautokeyconfig + - gcpkmsautokeyconfigs + singular: kmsautokeyconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: KMSAutokeyConfig is the Schema for the KMSAutokeyConfig API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KMSAutokeyConfigSpec defines the desired state of KMSAutokeyConfig + properties: + folderRef: + description: Immutable. The folder that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The 'name' field of a folder, when not managed by + Config Connector. This field must be set when 'name' field is + not set. + type: string + name: + description: The 'name' field of a 'Folder' resource. This field + must be set when 'external' field is not set. + type: string + namespace: + description: The 'namespace' field of a 'Folder' resource. If + unset, the namespace is defaulted to the namespace of the referencer + resource. + type: string + type: object + keyProject: + description: The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + required: + - folderRef + type: object + status: + description: KMSAutokeyConfigStatus defines the config connector machine + state of KMSAutokeyConfig + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the KMSAutokeyConfig resource + in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + state: + description: Output only. Current state of this AutokeyConfig. + type: string + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: KMSAutokeyConfig is the Schema for the KMSAutokeyConfig API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KMSAutokeyConfigSpec defines the desired state of KMSAutokeyConfig + properties: + folderRef: + description: Immutable. The folder that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The 'name' field of a folder, when not managed by + Config Connector. This field must be set when 'name' field is + not set. + type: string + name: + description: The 'name' field of a 'Folder' resource. This field + must be set when 'external' field is not set. + type: string + namespace: + description: The 'namespace' field of a 'Folder' resource. If + unset, the namespace is defaulted to the namespace of the referencer + resource. + type: string + type: object + keyProject: + description: The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + required: + - folderRef + type: object + status: + description: KMSAutokeyConfigStatus defines the config connector machine + state of KMSAutokeyConfig + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the KMSAutokeyConfig resource + in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + state: + description: Output only. Current state of this AutokeyConfig. + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmscryptokeys.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSCryptoKey + plural: kmscryptokeys + shortNames: + - gcpkmscryptokey + - gcpkmscryptokeys + singular: kmscryptokey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + destroyScheduledDuration: + description: |- + Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. + If not specified at creation time, the default duration is 24 hours. + type: string + importOnly: + description: Immutable. Whether this key may contain imported versions + only. + type: boolean + keyRingRef: + description: The KMSKeyRing that this key belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSKeyRing` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + purpose: + description: |- + Immutable. The immutable purpose of this CryptoKey. See the + [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) + for possible inputs. + Default value is "ENCRYPT_DECRYPT". + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rotationPeriod: + description: |- + Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. + The first rotation will take place after the specified period. The rotation period has + the format of a decimal number with up to 9 fractional digits, followed by the + letter 's' (seconds). It must be greater than a day (ie, 86400). + type: string + skipInitialVersionCreation: + description: |- + Immutable. If set to true, the request will create a CryptoKey without any CryptoKeyVersions. + You must use the 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion. + type: boolean + versionTemplate: + description: A template describing settings for new crypto key versions. + properties: + algorithm: + description: |- + The algorithm to use when creating a version based on this template. + See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs. + type: string + protectionLevel: + description: Immutable. The protection level to use when creating + a version based on this template. Possible values include "SOFTWARE", + "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE". + type: string + required: + - algorithm + type: object + required: + - keyRingRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The self link of the created key in the format projects/{project}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{name}. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmscryptokeyversions.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSCryptoKeyVersion + plural: kmscryptokeyversions + shortNames: + - gcpkmscryptokeyversion + - gcpkmscryptokeyversions + singular: kmscryptokeyversion + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cryptoKey: + description: |- + Immutable. The name of the cryptoKey associated with the CryptoKeyVersions. + Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}''. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + state: + description: 'The current state of the CryptoKeyVersion. Possible + values: ["PENDING_GENERATION", "ENABLED", "DISABLED", "DESTROYED", + "DESTROY_SCHEDULED", "PENDING_IMPORT", "IMPORT_FAILED"].' + type: string + required: + - cryptoKey + type: object + status: + properties: + algorithm: + description: The CryptoKeyVersionAlgorithm that this CryptoKeyVersion + supports. + type: string + attestation: + description: |- + Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. + Only provided for key versions with protectionLevel HSM. + items: + properties: + certChains: + description: The certificate chains needed to validate the attestation. + properties: + caviumCerts: + description: Cavium certificate chain corresponding to the + attestation. + type: string + googleCardCerts: + description: Google card certificate chain corresponding + to the attestation. + type: string + googlePartitionCerts: + description: Google partition certificate chain corresponding + to the attestation. + type: string + type: object + content: + description: The attestation data provided by the HSM when the + key operation was performed. + type: string + externalProtectionLevelOptions: + description: ExternalProtectionLevelOptions stores a group of + additional fields for configuring a CryptoKeyVersion that + are specific to the EXTERNAL protection level and EXTERNAL_VPC + protection levels. + properties: + ekmConnectionKeyPath: + description: The path to the external key material on the + EKM when using EkmConnection e.g., "v0/my/key". Set this + field instead of externalKeyUri when using an EkmConnection. + type: string + externalKeyUri: + description: The URI for an external resource that this + CryptoKeyVersion represents. + type: string + type: object + format: + description: The format of the attestation data. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + generateTime: + description: The time this CryptoKeyVersion key material was generated. + type: string + name: + description: The resource name for this CryptoKeyVersion. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + protectionLevel: + description: The ProtectionLevel describing how crypto operations + are performed with this CryptoKeyVersion. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: kmskeyhandles.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSKeyHandle + listKind: KMSKeyHandleList + plural: kmskeyhandles + shortNames: + - gcpkmskeyhandle + - gcpkmskeyhandles + singular: kmskeyhandle + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: KMSKeyHandle is the Schema for the KMSKeyHandle API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KMSKeyHandleSpec defines the desired state of KMSKeyHandle + properties: + location: + description: Location name to create KeyHandle + type: string + projectRef: + description: Project hosting KMSKeyHandle + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: 'Immutable. The KMS Key Handle ID used for resource creation + or acquisition. For creation: If specified, this value is used as + the key handle ID. If not provided, a UUID will be generated and + assigned as the key handle ID. For acquisition: This field must + be provided to identify the key handle resource to acquire.' + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + resourceTypeSelector: + description: Indicates the resource type that the resulting [CryptoKey][] + is meant to protect, e.g. `{SERVICE}.googleapis.com/{TYPE}`. See + documentation for supported resource types https://cloud.google.com/kms/docs/autokey-overview#compatible-services. + type: string + type: object + status: + description: KMSKeyHandleStatus defines the config connector machine state + of KMSKeyHandle + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the KMSKeyHandle resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + kmsKey: + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmskeyringimportjobs.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSKeyRingImportJob + plural: kmskeyringimportjobs + shortNames: + - gcpkmskeyringimportjob + - gcpkmskeyringimportjobs + singular: kmskeyringimportjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + importJobId: + description: Immutable. It must be unique within a KeyRing and match + the regular expression [a-zA-Z0-9_-]{1,63}. + type: string + importMethod: + description: 'Immutable. The wrapping method to be used for incoming + key material. Possible values: ["RSA_OAEP_3072_SHA1_AES_256", "RSA_OAEP_4096_SHA1_AES_256"].' + type: string + keyRing: + description: |- + Immutable. The KeyRing that this import job belongs to. + Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}''. + type: string + protectionLevel: + description: |- + Immutable. The protection level of the ImportJob. This must match the protectionLevel of the + versionTemplate on the CryptoKey you attempt to import into. Possible values: ["SOFTWARE", "HSM", "EXTERNAL"]. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - importJobId + - importMethod + - keyRing + - protectionLevel + type: object + status: + properties: + attestation: + description: |- + Statement that was generated and signed by the key creator (for example, an HSM) at key creation time. + Use this statement to verify attributes of the key as stored on the HSM, independently of Google. + Only present if the chosen ImportMethod is one with a protection level of HSM. + items: + properties: + content: + description: |- + The attestation data provided by the HSM when the key operation was performed. + A base64-encoded string. + type: string + format: + description: The format of the attestation data. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + expireTime: + description: |- + The time at which this resource is scheduled for expiration and can no longer be used. + This is in RFC3339 text format. + type: string + name: + description: The resource name for this ImportJob in the format projects/*/locations/*/keyRings/*/importJobs/*. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + publicKey: + description: The public key with which to wrap key material prior + to import. Only returned if state is 'ACTIVE'. + items: + properties: + pem: + description: |- + The public key, encoded in PEM format. For more information, see the RFC 7468 sections + for General Considerations and Textual Encoding of Subject Public Key Info. + type: string + type: object + type: array + state: + description: The current state of the ImportJob, indicating if it + can be used. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmskeyrings.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSKeyRing + listKind: KMSKeyRingList + plural: kmskeyrings + shortNames: + - gcpkmskeyring + - gcpkmskeyrings + singular: kmskeyring + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: KMSKeyRing represents a KMS KeyRing. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: + description: Immutable. The location for the KeyRing. A full list + of valid locations can be found by running 'gcloud kms locations + list'. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observations + of the KMSKeyRing's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + selfLink: + description: The self link of the created KeyRing in the format projects/{project}/locations/{location}/keyRings/{name}. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmssecretciphertexts.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSSecretCiphertext + plural: kmssecretciphertexts + shortNames: + - gcpkmssecretciphertext + - gcpkmssecretciphertexts + singular: kmssecretciphertext + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + additionalAuthenticatedData: + description: Immutable. The additional authenticated data used for + integrity checks during encryption and decryption. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + cryptoKey: + description: |- + Immutable. The full name of the CryptoKey that will be used to encrypt the provided plaintext. + Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}''. + type: string + plaintext: + description: Immutable. The plaintext to be encrypted. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + resourceID: + description: Immutable. Optional. The service-generated ciphertext + of the resource. Used for acquisition only. Leave unset to create + a new resource. + type: string + required: + - cryptoKey + - plaintext + type: object + status: + properties: + ciphertext: + description: Contains the result of encrypting the provided plaintext, + encoded in base64. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: logginglogbuckets.logging.cnrm.cloud.google.com +spec: + group: logging.cnrm.cloud.google.com + names: + categories: + - gcp + kind: LoggingLogBucket + plural: logginglogbuckets + shortNames: + - gcplogginglogbucket + - gcplogginglogbuckets + singular: logginglogbucket + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - billingAccountRef + - required: + - folderRef + - required: + - organizationRef + - required: + - projectRef + properties: + billingAccountRef: + description: Immutable. The BillingAccount that this resource belongs + to. Only one of [billingAccountRef, folderRef, organizationRef, + projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Billing Account (format: `billingAccounts/{{name}}`).' + type: string + name: + description: |- + [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Describes this bucket. + type: string + enableAnalytics: + description: ' Whether or not Log Analytics is enabled. Logs for buckets + with Log Analytics enabled can be queried in the Log Analytics page + using SQL queries. Cannot be disabled once enabled.' + type: boolean + folderRef: + description: Immutable. The Folder that this resource belongs to. + Only one of [billingAccountRef, folderRef, organizationRef, projectRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Folder` resource (format: `folders/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: 'Immutable. The location of the resource. The supported + locations are: global, us-central1, us-east1, us-west1, asia-east1, + europe-west1.' + type: string + locked: + description: Whether the bucket has been locked. The retention period + on a locked bucket may not be changed. Locked buckets may only be + deleted if they are empty. + type: boolean + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [billingAccountRef, folderRef, organizationRef, + projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [billingAccountRef, folderRef, organizationRef, projectRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retentionDays: + description: Logs will be retained by default for this amount of time, + after which they will automatically be deleted. The minimum retention + period is 1 day. If this value is set to zero at bucket creation + time, the default time of 30 days will be used. + format: int64 + type: integer + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of the bucket. This + is not set for any of the default buckets. + format: date-time + type: string + lifecycleState: + description: 'Output only. The bucket lifecycle state. Possible values: + LIFECYCLE_STATE_UNSPECIFIED, ACTIVE, DELETE_REQUESTED' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of the bucket. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: logginglogexclusions.logging.cnrm.cloud.google.com +spec: + group: logging.cnrm.cloud.google.com + names: + categories: + - gcp + kind: LoggingLogExclusion + plural: logginglogexclusions + shortNames: + - gcplogginglogexclusion + - gcplogginglogexclusions + singular: logginglogexclusion + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - projectRef + - required: + - folderRef + - required: + - organizationRef + - required: + - billingAccountRef + properties: + billingAccountRef: + description: Immutable. The BillingAccount that this resource belongs + to. Only one of [projectRef, folderRef, organizationRef, billingAccountRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Billing Account (format: `billingAccounts/{{name}}`).' + type: string + name: + description: |- + [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Optional. A description of this exclusion. + type: string + disabled: + description: Optional. If set to True, then this exclusion is disabled + and it does not exclude any log entries. You can update an exclusion + to change the value of this field. + type: boolean + filter: + description: 'Required. An (https://cloud.google.com/logging/docs/view/advanced-queries#sample), + you can exclude less than 100% of the matching log entries. For + example, the following query matches 99% of low-severity log entries + from Google Cloud Storage buckets: `"resource.type=gcs_bucket severity' + type: string + folderRef: + description: Immutable. The Folder that this resource belongs to. + Only one of [projectRef, folderRef, organizationRef, billingAccountRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Folder` resource (format: `folders/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [projectRef, folderRef, organizationRef, billingAccountRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [projectRef, folderRef, organizationRef, billingAccountRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - filter + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of the exclusion. + This field may not be present for older exclusions. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of the exclusion. + This field may not be present for older exclusions. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: logginglogmetrics.logging.cnrm.cloud.google.com +spec: + group: logging.cnrm.cloud.google.com + names: + categories: + - gcp + kind: LoggingLogMetric + listKind: LoggingLogMetricList + plural: logginglogmetrics + shortNames: + - gcplogginglogmetric + - gcplogginglogmetrics + singular: logginglogmetric + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: LoggingLogMetric is the Schema for the logging API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bucketOptions: + description: Optional. The `bucket_options` are required when the + logs-based metric is using a DISTRIBUTION value type and it describes + the bucket boundaries used to create a histogram of the extracted + values. + properties: + explicitBuckets: + description: The explicit buckets. + properties: + bounds: + description: The values must be monotonically increasing. + format: double + items: + type: number + type: array + type: object + exponentialBuckets: + description: The exponential buckets. + properties: + growthFactor: + description: Must be greater than 1. + format: double + type: number + numFiniteBuckets: + description: Must be greater than 0. + format: int64 + type: integer + scale: + description: Must be greater than 0. + format: double + type: number + type: object + linearBuckets: + description: The linear bucket. + properties: + numFiniteBuckets: + description: Must be greater than 0. + format: int64 + type: integer + offset: + description: Lower bound of the first bucket. + format: double + type: number + width: + description: Must be greater than 0. + format: double + type: number + type: object + type: object + description: + description: Optional. A description of this metric, which is used + in documentation. The maximum length of the description is 8000 + characters. + type: string + disabled: + description: Optional. If set to True, then this metric is disabled + and it does not generate any points. + type: boolean + filter: + description: 'Required. An [advanced logs filter](https://cloud.google.com/logging/docs/view/advanced_filters) + which is used to match log entries. Example: "resource.type=gae_app + AND severity>=ERROR" The maximum length of the filter is 20000 characters.' + type: string + labelExtractors: + additionalProperties: + type: string + description: Optional. A map from a label key string to an extractor + expression which is used to extract data from a log entry field + and assign as the label value. Each label key specified in the LabelDescriptor + must have an associated extractor expression in this map. The syntax + of the extractor expression is the same as for the `value_extractor` + field. The extracted value is converted to the type defined in the + label descriptor. If the either the extraction or the type conversion + fails, the label will have a default value. The default value for + a string label is an empty string, for an integer label its 0, and + for a boolean label its `false`. Note that there are upper bounds + on the maximum number of labels and the number of active time series + that are allowed in a project. + type: object + loggingLogBucketRef: + description: The reference to the Log Bucket that owns the Log Metric. + Only Log Buckets in projects are supported. The bucket has to be + in the same project as the metric. For example:projects/my-project/locations/global/buckets/my-bucket + If empty, then the Log Metric is considered a non-Bucket Log Metric. + Only `external` field is supported to configure the reference for + now. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: The external name of the referenced resource + type: string + kind: + description: Kind of the referent. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + metricDescriptor: + description: Optional. The metric descriptor associated with the logs-based + metric. If unspecified, it uses a default metric descriptor with + a DELTA metric kind, INT64 value type, with no labels and a unit + of "1". Such a metric counts the number of log entries matching + the `filter` expression. The `name`, `type`, and `description` fields + in the `metric_descriptor` are output only, and is constructed using + the `name` and `description` field in the LogMetric. To create a + logs-based metric that records a distribution of log values, a DELTA + metric kind with a DISTRIBUTION value type must be used along with + a `value_extractor` expression in the LogMetric. Each label in the + metric descriptor must have a matching label name as the key and + an extractor expression as the value in the `label_extractors` map. + The `metric_kind` and `value_type` fields in the `metric_descriptor` + cannot be updated once initially configured. New labels can be added + in the `metric_descriptor`, but existing labels cannot be modified + except for their description. + properties: + displayName: + description: A concise name for the metric, which can be displayed + in user interfaces. Use sentence case without an ending period, + for example "Request count". This field is optional but it is + recommended to be set for any metrics associated with user-visible + concepts, such as Quota. + type: string + labels: + description: The set of labels that can be used to describe a + specific instance of this metric type. For example, the `appengine.googleapis.com/http/server/response_latencies` + metric type has a label for the HTTP response code, `response_code`, + so you can look at latencies for successful responses or just + for responses that failed. + items: + properties: + description: + description: Immutable. A human-readable description for + the label. + type: string + key: + description: Immutable. The label key. + type: string + valueType: + description: 'Immutable. The type of data that can be assigned + to the label. Possible values: STRING, BOOL, INT64, DOUBLE, + DISTRIBUTION, MONEY' + type: string + type: object + type: array + launchStage: + description: 'Optional. The launch stage of the metric definition. + Possible values: UNIMPLEMENTED, PRELAUNCH, EARLY_ACCESS, ALPHA, + BETA, GA, DEPRECATED' + type: string + metadata: + description: Optional. Metadata which can be used to guide usage + of the metric. + properties: + ingestDelay: + description: The delay of data points caused by ingestion. + Data points older than this age are guaranteed to be ingested + and available to be read, excluding data loss due to errors. + type: string + samplePeriod: + description: The sampling period of metric data points. For + metrics which are written periodically, consecutive data + points are stored at this time interval, excluding data + loss due to errors. Metrics with a higher granularity have + a smaller sampling period. + type: string + type: object + metricKind: + description: 'Immutable. Whether the metric records instantaneous + values, changes to a value, etc. Some combinations of `metric_kind` + and `value_type` might not be supported. Possible values: GAUGE, + DELTA, CUMULATIVE' + type: string + unit: + description: 'The units in which the metric value is reported. + It is only applicable if the `value_type` is `INT64`, `DOUBLE`, + or `DISTRIBUTION`. The `unit` defines the representation of + the stored metric values. Different systems might scale the + values to be more easily displayed (so a value of `0.02kBy` + _might_ be displayed as `20By`, and a value of `3523kBy` _might_ + be displayed as `3.5MBy`). However, if the `unit` is `kBy`, + then the value of the metric is always in thousands of bytes, + no matter how it might be displayed. If you want a custom metric + to record the exact number of CPU-seconds used by a job, you + can create an `INT64 CUMULATIVE` metric whose `unit` is `s{CPU}` + (or equivalently `1s{CPU}` or just `s`). If the job uses 12,005 + CPU-seconds, then the value is written as `12005`. Alternatively, + if you want a custom metric to record data in a more granular + way, you can create a `DOUBLE CUMULATIVE` metric whose `unit` + is `ks{CPU}`, and then write the value `12.005` (which is `12005/1000`), + or use `Kis{CPU}` and write `11.723` (which is `12005/1024`). + The supported units are a subset of [The Unified Code for Units + of Measure](https://unitsofmeasure.org/ucum.html) standard: + **Basic units (UNIT)** * `bit` bit * `By` byte * `s` second + * `min` minute * `h` hour * `d` day * `1` dimensionless **Prefixes + (PREFIX)** * `k` kilo (10^3) * `M` mega (10^6) * `G` giga (10^9) + * `T` tera (10^12) * `P` peta (10^15) * `E` exa (10^18) * `Z` + zetta (10^21) * `Y` yotta (10^24) * `m` milli (10^-3) * `u` + micro (10^-6) * `n` nano (10^-9) * `p` pico (10^-12) * `f` femto + (10^-15) * `a` atto (10^-18) * `z` zepto (10^-21) * `y` yocto + (10^-24) * `Ki` kibi (2^10) * `Mi` mebi (2^20) * `Gi` gibi (2^30) + * `Ti` tebi (2^40) * `Pi` pebi (2^50) **Grammar** The grammar + also includes these connectors: * `/` division or ratio (as + an infix operator). For examples, `kBy/{email}` or `MiBy/10ms` + (although you should almost never have `/s` in a metric `unit`; + rates should always be computed at query time from the underlying + cumulative or delta value). * `.` multiplication or composition + (as an infix operator). For examples, `GBy.d` or `k{watt}.h`. + The grammar for a unit is as follows: Expression = Component: + { "." Component } { "/" Component } ; Component = ( [ PREFIX + ] UNIT | "%" ) [ Annotation ] | Annotation | "1" ; Annotation + = "{" NAME "}" ; Notes: * `Annotation` is just a comment if + it follows a `UNIT`. If the annotation is used alone, then the + unit is equivalent to `1`. For examples, `{request}/s == 1/s`, + `By{transmitted}/s == By/s`. * `NAME` is a sequence of non-blank + printable ASCII characters not containing `{` or `}`. * `1` + represents a unitary [dimensionless unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) + of 1, such as in `1/s`. It is typically used when none of the + basic units are appropriate. For example, "new users per day" + can be represented as `1/d` or `{new-users}/d` (and a metric + value `5` would mean "5 new users). Alternatively, "thousands + of page views per day" would be represented as `1000/d` or `k1/d` + or `k{page_views}/d` (and a metric value of `5.3` would mean + "5300 page views per day"). * `%` represents dimensionless value + of 1/100, and annotates values giving a percentage (so the metric + values are typically in the range of 0..100, and a metric value + `3` means "3 percent"). * `10^2.%` indicates a metric contains + a ratio, typically in the range 0..1, that will be multiplied + by 100 and displayed as a percentage (so a metric value `0.03` + means "3 percent").' + type: string + valueType: + description: 'Immutable. Whether the measurement is an integer, + a floating-point number, etc. Some combinations of `metric_kind` + and `value_type` might not be supported. Possible values: STRING, + BOOL, INT64, DOUBLE, DISTRIBUTION, MONEY' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + valueExtractor: + description: 'Optional. A `value_extractor` is required when using + a distribution logs-based metric to extract the values to record + from a log entry. Two functions are supported for value extraction: + `EXTRACT(field)` or `REGEXP_EXTRACT(field, regex)`. The argument + are: 1. field: The name of the log entry field from which the value + is to be extracted. 2. regex: A regular expression using the Google + RE2 syntax (https://github.com/google/re2/wiki/Syntax) with a single + capture group to extract data from the specified log entry field. + The value of the field is converted to a string before applying + the regex. It is an error to specify a regex that does not include + exactly one capture group. The result of the extraction must be + convertible to a double type, as the distribution always records + double values. If either the extraction or the conversion to double + fails, then those values are not recorded in the distribution. Example: + `REGEXP_EXTRACT(jsonPayload.request, ".*quantity=(d+).*")`' + type: string + required: + - filter + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observations + of the LoggingLogMetric's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of the metric. This + field may not be present for older metrics. + format: date-time + type: string + metricDescriptor: + properties: + description: + description: A detailed description of the metric, which can be + used in documentation. + type: string + monitoredResourceTypes: + description: Read-only. If present, then a time series, which + is identified partially by a metric type and a MonitoredResourceDescriptor, + that is associated with this metric type can only be associated + with one of the monitored resource types listed here. + items: + type: string + type: array + name: + description: The resource name of the metric descriptor. + type: string + type: + description: 'The metric type, including its DNS name prefix. + The type is not URL-encoded. All user-defined metric types have + the DNS name `custom.googleapis.com` or `external.googleapis.com`. + Metric types should use a natural hierarchical grouping. For + example: "custom.googleapis.com/invoice/paid/amount" "external.googleapis.com/prometheus/up" + "appengine.googleapis.com/http/server/response_latencies"' + type: string + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of the metric. + This field may not be present for older metrics. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: logginglogsinks.logging.cnrm.cloud.google.com +spec: + group: logging.cnrm.cloud.google.com + names: + categories: + - gcp + kind: LoggingLogSink + plural: logginglogsinks + shortNames: + - gcplogginglogsink + - gcplogginglogsinks + singular: logginglogsink + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bigqueryOptions: + description: Options that affect sinks exporting data to BigQuery. + properties: + usePartitionedTables: + description: Whether to use BigQuery's partition tables. By default, + Logging creates dated tables based on the log entries' timestamps, + e.g. syslog_20170523. With partitioned tables the date suffix + is no longer present and special query syntax has to be used + instead. In both cases, tables are sharded based on UTC timezone. + type: boolean + required: + - usePartitionedTables + type: object + description: + description: A description of this sink. The maximum length of the + description is 8000 characters. + type: string + destination: + oneOf: + - required: + - bigQueryDatasetRef + - required: + - loggingLogBucketRef + - required: + - pubSubTopicRef + - required: + - storageBucketRef + properties: + bigQueryDatasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `bigquery.googleapis.com/projects/{{project}}/datasets/{{value}}`, + where {{value}} is the `name` field of a `BigQueryDataset` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + loggingLogBucketRef: + description: Only `external` field is supported to configure the + reference. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `logging.googleapis.com/projects/{{project}}/locations/{{location}}/buckets/{{value}}`, + where {{value}} is the `name` field of a `LoggingLogBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + pubSubTopicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `pubsub.googleapis.com/projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + storageBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `storage.googleapis.com/{{value}}`, + where {{value}} is the `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + disabled: + description: If set to True, then this sink is disabled and it does + not export any log entries. + type: boolean + exclusions: + description: Log entries that match any of the exclusion filters will + not be exported. If a log entry is matched by both filter and one + of exclusion's filters, it will not be exported. + items: + properties: + description: + description: A description of this exclusion. + type: string + disabled: + description: If set to True, then this exclusion is disabled + and it does not exclude any log entries. + type: boolean + filter: + description: An advanced logs filter that matches the log entries + to be excluded. By using the sample function, you can exclude + less than 100% of the matching log entries. + type: string + name: + description: A client-assigned identifier, such as "load-balancer-exclusion". + Identifiers are limited to 100 characters and can include + only letters, digits, underscores, hyphens, and periods. First + character has to be alphanumeric. + type: string + required: + - filter + - name + type: object + type: array + filter: + description: The filter to apply when exporting logs. Only log entries + that match the filter are exported. + type: string + folderRef: + description: |- + The folder in which to create the sink. Only one of projectRef, + folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `folderId` field of a `Folder` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + includeChildren: + description: Immutable. Whether or not to include children organizations + in the sink export. If true, logs associated with child projects + are also exported; otherwise only logs relating to the provided + organization are included. + type: boolean + organizationRef: + description: |- + The organization in which to create the sink. Only one of projectRef, + folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: |- + The project in which to create the sink. Only one of projectRef, + folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + uniqueWriterIdentity: + description: Whether or not to create a unique identity associated + with this sink. If false (the default), then the writer_identity + used is serviceAccount:cloud-logs@system.gserviceaccount.com. If + true, then a unique service account is created and used for this + sink. If you wish to publish logs across projects, you must set + unique_writer_identity to true. + type: boolean + required: + - destination + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + writerIdentity: + description: The identity associated with this sink. This identity + must be granted write access to the configured destination. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: logginglogviews.logging.cnrm.cloud.google.com +spec: + group: logging.cnrm.cloud.google.com + names: + categories: + - gcp + kind: LoggingLogView + plural: logginglogviews + shortNames: + - gcplogginglogview + - gcplogginglogviews + singular: logginglogview + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - billingAccountRef + - required: + - folderRef + - required: + - organizationRef + - required: + - projectRef + properties: + billingAccountRef: + description: Immutable. The BillingAccount that this resource belongs + to. Only one of [billingAccountRef, folderRef, organizationRef, + projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Billing Account (format: `billingAccounts/{{name}}`).' + type: string + name: + description: |- + [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + bucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The bucket of the resource + + Allowed value: The Google Cloud resource name of a `LoggingLogBucket` resource (format: `{{parent}}/locations/{{location}}/buckets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Describes this view. + type: string + filter: + description: 'Filter that restricts which log entries in a bucket + are visible in this view. Filters are restricted to be a logical + AND of ==/!= of any of the following: - originating project/folder/organization/billing + account. - resource type - log id For example: SOURCE("projects/myproject") + AND resource.type = "gce_instance" AND LOG_ID("stdout")' + type: string + folderRef: + description: Immutable. The Folder that this resource belongs to. + Only one of [billingAccountRef, folderRef, organizationRef, projectRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Folder` resource (format: `folders/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: 'Immutable. The location of the resource. The supported + locations are: global, us-central1, us-east1, us-west1, asia-east1, + europe-west1.' + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [billingAccountRef, folderRef, organizationRef, + projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [billingAccountRef, folderRef, organizationRef, projectRef] + may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - bucketRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of the view. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of the view. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: memcacheinstances.memcache.cnrm.cloud.google.com +spec: + group: memcache.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MemcacheInstance + plural: memcacheinstances + shortNames: + - gcpmemcacheinstance + - gcpmemcacheinstances + singular: memcacheinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: A user-visible name for the instance. + type: string + maintenancePolicy: + description: Maintenance policy for an instance. + properties: + createTime: + description: |- + Output only. The time when the policy was created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + description: + description: |- + Optional. Description of what this policy is for. + Create/Update methods return INVALID_ARGUMENT if the + length is greater than 512. + type: string + updateTime: + description: |- + Output only. The time when the policy was updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + weeklyMaintenanceWindow: + description: |- + Required. Maintenance window that is applied to resources covered by this policy. + Minimum 1. For the current version, the maximum number of weekly_maintenance_windows + is expected to be one. + items: + properties: + day: + description: |- + Required. The day of week that maintenance updates occur. + - DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified. + - MONDAY: Monday + - TUESDAY: Tuesday + - WEDNESDAY: Wednesday + - THURSDAY: Thursday + - FRIDAY: Friday + - SATURDAY: Saturday + - SUNDAY: Sunday Possible values: ["DAY_OF_WEEK_UNSPECIFIED", "MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"]. + type: string + duration: + description: |- + Required. The length of the maintenance window, ranging from 3 hours to 8 hours. + A duration in seconds with up to nine fractional digits, + terminated by 's'. Example: "3.5s". + type: string + startTime: + description: Required. Start time of the window in UTC time. + properties: + hours: + description: |- + Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 + to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must + be from 0 to 999,999,999. + type: integer + seconds: + description: |- + Seconds of minutes of the time. Must normally be from 0 to 59. + An API may allow the value 60 if it allows leap-seconds. + type: integer + type: object + required: + - day + - duration + - startTime + type: object + type: array + required: + - weeklyMaintenanceWindow + type: object + memcacheParameters: + description: Immutable. User-specified parameters for this memcache + instance. + properties: + id: + description: This is a unique ID associated with this set of parameters. + type: string + params: + additionalProperties: + type: string + description: User-defined set of parameters to use in the memcache + process. + type: object + type: object + memcacheVersion: + description: |- + The major version of Memcached software. If not provided, latest supported version will be used. + Currently the latest supported major version is MEMCACHE_1_5. The minor version will be automatically + determined by our system based on the latest supported minor version. Default value: "MEMCACHE_1_5" Possible values: ["MEMCACHE_1_5"]. + type: string + networkRef: + description: The full name of the network to connect the instance + to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/global/networks/{{value}}`, + where {{value}} is the `name` field of a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodeConfig: + description: Immutable. Configuration for memcache nodes. + properties: + cpuCount: + description: Number of CPUs per node. + type: integer + memorySizeMb: + description: Memory size in Mebibytes for each memcache node. + type: integer + required: + - cpuCount + - memorySizeMb + type: object + nodeCount: + description: Number of nodes in the memcache instance. + type: integer + region: + description: Immutable. The region of the Memcache instance. If it + is not provided, the provider region is used. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zones: + description: |- + Immutable. Zones where memcache nodes should be provisioned. If not + provided, all zones will be used. + items: + type: string + type: array + required: + - nodeConfig + - nodeCount + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Creation timestamp in RFC3339 text format. + type: string + discoveryEndpoint: + description: Endpoint for Discovery API. + type: string + maintenanceSchedule: + description: Output only. Published maintenance schedule. + items: + properties: + endTime: + description: |- + Output only. The end time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + scheduleDeadlineTime: + description: |- + Output only. The deadline that the maintenance schedule start time + can not go beyond, including reschedule. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + startTime: + description: |- + Output only. The start time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + type: object + type: array + memcacheFullVersion: + description: The full version of memcached server running on this + instance. + type: string + memcacheNodes: + description: Additional information about the instance state, if available. + items: + properties: + host: + description: Hostname or IP address of the Memcached node used + by the clients to connect to the Memcached server on this + node. + type: string + nodeId: + description: Identifier of the Memcached node. The node id does + not include project or location like the Memcached instance + name. + type: string + port: + description: The port number of the Memcached server on this + node. + type: integer + state: + description: Current state of the Memcached node. + type: string + zone: + description: Location (GCP Zone) for the Memcached node. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: memorystoreinstances.memorystore.cnrm.cloud.google.com +spec: + group: memorystore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MemorystoreInstance + listKind: MemorystoreInstanceList + plural: memorystoreinstances + shortNames: + - gcpmemorystoreinstance + - gcpmemorystoreinstances + singular: memorystoreinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: MemorystoreInstance is the Schema for the MemorystoreInstance + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MemorystoreInstanceSpec defines the desired state of MemorystoreInstance + properties: + authorizationMode: + description: Optional. Immutable. Authorization mode of the instance. + type: string + deletionProtectionEnabled: + description: Optional. If set to true deletion of the instance will + fail. + type: boolean + engineConfigs: + additionalProperties: + type: string + description: Optional. User-provided engine configurations for the + instance. + type: object + engineVersion: + description: Optional. Immutable. Engine version of the instance. + type: string + location: + description: Immutable. + type: string + x-kubernetes-validations: + - message: Location field is immutable + rule: self == oldSelf + nodeType: + description: Optional. Immutable. Machine type for individual nodes + of the instance. + type: string + persistenceConfig: + description: Optional. Persistence configuration of the instance. + properties: + aofConfig: + description: Optional. AOF configuration. This field will be ignored + if mode is not AOF. + properties: + appendFsync: + description: Optional. The fsync mode. + type: string + type: object + mode: + description: Optional. Current persistence mode. + type: string + rdbConfig: + description: Optional. RDB configuration. This field will be ignored + if mode is not RDB. + properties: + rdbSnapshotPeriod: + description: Optional. Period between RDB snapshots. + type: string + rdbSnapshotStartTime: + description: Optional. Time that the first snapshot was/will + be attempted, and to which future snapshots will be aligned. + If not provided, the current time will be used. + type: string + type: object + type: object + projectRef: + description: The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + pscAutoConnections: + description: Required. Immutable. User inputs for the auto-created + PSC connections. + items: + description: kcc specific struct to separate input and output fields + in google.cloud.memorystore.v1beta.PscAutoConnection + properties: + networkRef: + description: Required. The network where the PSC endpoints are + created, in the form of projects/{project_id}/global/networks/{network_id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed Compute + Network resource. Should be in the format `projects//global/networks/`. + type: string + name: + description: The `name` field of a `ComputeNetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeNetwork` + resource. + type: string + type: object + projectRef: + description: Required. The consumer project_id where PSC connections + are established. This should be the same project_id that the + cluster is being created in. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: The `projectID` field of a project, when not + managed by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional + but must be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + required: + - networkRef + - projectRef + type: object + type: array + replicaCount: + description: Optional. Number of replica nodes per shard. If omitted + the default is 0 replicas. + format: int32 + type: integer + resourceID: + description: Optional. Immutable. The MemorystoreInstance name. If + not given, the metadata.name will be used. + type: string + shardCount: + description: Optional. Number of shards for the instance. + format: int32 + type: integer + transitEncryptionMode: + description: Optional. Immutable. In-transit encryption mode of the + instance. + type: string + zoneDistributionConfig: + description: Optional. Immutable. Zone distribution configuration + of the instance for node allocatiteon. + properties: + mode: + description: Optional. Current zone distribution mode. Defaults + to MULTI_ZONE. + type: string + zone: + description: Optional. Defines zone where all resources will be + allocated with SINGLE_ZONE mode. Ignored for MULTI_ZONE mode. + type: string + type: object + required: + - location + - projectRef + type: object + status: + description: MemorystoreInstanceStatus defines the config connector machine + state of MemorystoreInstance + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the MemorystoreInstance resource + in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + authorizationMode: + description: Optional. Immutable. Authorization mode of the instance. + type: string + createTime: + description: Output only. Creation timestamp of the instance. + type: string + discoveryEndpoints: + description: Output only. Endpoints clients can connect to the + instance through. Currently only one discovery endpoint is supported. + items: + properties: + address: + description: Output only. IP address of the exposed endpoint + clients connect to. + type: string + network: + description: Output only. The network where the IP address + of the discovery endpoint will be reserved, in the form + of projects/{network_project}/global/networks/{network_id}. + type: string + port: + description: Output only. The port number of the exposed + endpoint. + format: int32 + type: integer + type: object + type: array + engineVersion: + description: Optional. Immutable. Engine version of the instance. + https://cloud.google.com/memorystore/docs/valkey/supported-versions + type: string + name: + description: 'Identifier. Unique name of the instance. Format: + projects/{project}/locations/{location}/instances/{instance}' + type: string + nodeConfig: + description: Output only. Configuration of individual nodes of + the instance. + properties: + sizeGb: + description: Output only. Memory size in GB of the node. + type: number + type: object + nodeType: + description: Optional. Immutable. Machine type for individual + nodes of the instance. + type: string + pscAutoConnections: + description: Output only. Resource details of the auto-created + PSC connections. + items: + properties: + connectionType: + description: Output only. Type of the PSC connection. + type: string + forwardingRule: + description: 'Output only. The URI of the consumer side + forwarding rule. Format: projects/{project}/regions/{region}/forwardingRules/{forwarding_rule}' + type: string + ipAddress: + description: Output only. The IP allocated on the consumer + network for the PSC forwarding rule. + type: string + network: + description: Required. The network where the PSC endpoints + are created, in the form of projects/{project_id}/global/networks/{network_id}. + type: string + port: + description: Optional. Output only. port will only be set + for Primary/Reader or Discovery endpoint. + format: int32 + type: integer + projectID: + description: Required. The consumer project_id where PSC + connections are established. This should be the same project_id + that the cluster is being created in. + type: string + pscConnectionID: + description: Output only. The PSC connection id of the forwarding + rule connected to the service attachment. + type: string + pscConnectionStatus: + description: 'Output only. The status of the PSC connection: + whether a connection exists and ACTIVE or it no longer + exists. Please note that this value is updated periodically. + Please use Private Service Connect APIs for the latest + status.' + type: string + serviceAttachment: + description: Output only. The service attachment which is + the target of the PSC connection, in the form of projects/{project-id}/regions/{region}/serviceAttachments/{service-attachment-id}. + type: string + type: object + type: array + state: + description: Output only. Current state of the instance. + type: string + stateInfo: + description: Output only. Additional information about the state + of the instance. + properties: + updateInfo: + description: Output only. Describes ongoing update when instance + state is UPDATING. + properties: + targetReplicaCount: + description: Output only. Target number of replica nodes + per shard for the instance. + format: int32 + type: integer + targetShardCount: + description: Output only. Target number of shards for + the instance. + format: int32 + type: integer + type: object + type: object + transitEncryptionMode: + description: Optional. Immutable. In-transit encryption mode of + the instance. + type: string + uid: + description: Output only. System assigned, unique identifier for + the instance. + type: string + updateTime: + description: Output only. Latest update timestamp of the instance. + type: string + zoneDistributionConfig: + description: Optional. Immutable. Zone distribution configuration + of the instance for node allocation. + properties: + mode: + description: Optional. Current zone distribution mode. Defaults + to MULTI_ZONE. + type: string + zone: + description: Optional. Defines zone where all resources will + be allocated with SINGLE_ZONE mode. Ignored for MULTI_ZONE + mode. + type: string + type: object + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: mlenginemodels.mlengine.cnrm.cloud.google.com +spec: + group: mlengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MLEngineModel + plural: mlenginemodels + shortNames: + - gcpmlenginemodel + - gcpmlenginemodels + singular: mlenginemodel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultVersion: + description: |- + Immutable. The default version of the model. This version will be used to handle + prediction requests that do not specify a version. + properties: + name: + description: Immutable. The name specified for the version when + it was created. + type: string + required: + - name + type: object + description: + description: Immutable. The description specified for the model when + it was created. + type: string + onlinePredictionConsoleLogging: + description: Immutable. If true, online prediction nodes send stderr + and stdout streams to Stackdriver Logging. + type: boolean + onlinePredictionLogging: + description: Immutable. If true, online prediction access logs are + sent to StackDriver Logging. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + regions: + description: |- + Immutable. The list of regions where the model is going to be deployed. + Currently only one region per model is supported. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: monitoringalertpolicies.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringAlertPolicy + plural: monitoringalertpolicies + shortNames: + - gcpmonitoringalertpolicy + - gcpmonitoringalertpolicies + singular: monitoringalertpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + alertStrategy: + description: Control over how this alert policy's notification channels + are notified. + properties: + autoClose: + description: If an alert policy that was active has no data for + this long, any open incidents will close. + type: string + notificationChannelStrategy: + description: |- + Control over how the notification channels in 'notification_channels' + are notified when this alert fires, on a per-channel basis. + items: + properties: + notificationChannelNames: + description: |- + The notification channels that these settings apply to. Each of these + correspond to the name field in one of the NotificationChannel objects + referenced in the notification_channels field of this AlertPolicy. The format is + 'projects/[PROJECT_ID_OR_NUMBER]/notificationChannels/[CHANNEL_ID]'. + items: + type: string + type: array + renotifyInterval: + description: The frequency at which to send reminder notifications + for open incidents. + type: string + type: object + type: array + notificationRateLimit: + description: |- + Required for alert policies with a LogMatch condition. + This limit is not implemented for alert policies that are not log-based. + properties: + period: + description: Not more than one notification per period. + type: string + type: object + type: object + combiner: + description: |- + How to combine the results of multiple conditions to + determine if an incident should be opened. Possible values: ["AND", "OR", "AND_WITH_MATCHING_RESOURCE"]. + type: string + conditions: + description: |- + A list of conditions for the policy. The conditions are combined by + AND or OR according to the combiner field. If the combined conditions + evaluate to true, then an incident is created. A policy can have from + one to six conditions. + items: + properties: + conditionAbsent: + description: |- + A condition that checks that a time series + continues to receive new data points. + properties: + aggregations: + description: |- + Specifies the alignment of data points in + individual time series as well as how to + combine the retrieved time series together + (such as when aggregating multiple streams + on each resource to a single stream for each + resource or when aggregating streams across + all members of a group of resources). + Multiple aggregations are applied in the + order specified. + items: + properties: + alignmentPeriod: + description: |- + The alignment period for per-time + series alignment. If present, + alignmentPeriod must be at least + 60 seconds. After per-time series + alignment, each time series will + contain data points only on the + period boundaries. If + perSeriesAligner is not specified + or equals ALIGN_NONE, then this + field is ignored. If + perSeriesAligner is specified and + does not equal ALIGN_NONE, then + this field must be defined; + otherwise an error is returned. + type: string + crossSeriesReducer: + description: |- + The approach to be used to combine + time series. Not all reducer + functions may be applied to all + time series, depending on the + metric type and the value type of + the original time series. + Reduction may change the metric + type of value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. Possible values: ["REDUCE_NONE", "REDUCE_MEAN", "REDUCE_MIN", "REDUCE_MAX", "REDUCE_SUM", "REDUCE_STDDEV", "REDUCE_COUNT", "REDUCE_COUNT_TRUE", "REDUCE_COUNT_FALSE", "REDUCE_FRACTION_TRUE", "REDUCE_PERCENTILE_99", "REDUCE_PERCENTILE_95", "REDUCE_PERCENTILE_50", "REDUCE_PERCENTILE_05"]. + type: string + groupByFields: + description: |- + The set of fields to preserve when + crossSeriesReducer is specified. + The groupByFields determine how + the time series are partitioned + into subsets prior to applying the + aggregation function. Each subset + contains time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of exactly + one subset. The crossSeriesReducer + is applied to each subset of time + series. It is not possible to + reduce across different resource + types, so this field implicitly + contains resource.type. Fields not + specified in groupByFields are + aggregated away. If groupByFields + is not specified and all the time + series have the same resource + type, then the time series are + aggregated into a single output + time series. If crossSeriesReducer + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: |- + The approach to be used to align + individual time series. Not all + alignment functions may be applied + to all time series, depending on + the metric type and value type of + the original time series. + Alignment may change the metric + type or the value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. Possible values: ["ALIGN_NONE", "ALIGN_DELTA", "ALIGN_RATE", "ALIGN_INTERPOLATE", "ALIGN_NEXT_OLDER", "ALIGN_MIN", "ALIGN_MAX", "ALIGN_MEAN", "ALIGN_COUNT", "ALIGN_SUM", "ALIGN_STDDEV", "ALIGN_COUNT_TRUE", "ALIGN_COUNT_FALSE", "ALIGN_FRACTION_TRUE", "ALIGN_PERCENTILE_99", "ALIGN_PERCENTILE_95", "ALIGN_PERCENTILE_50", "ALIGN_PERCENTILE_05", "ALIGN_PERCENT_CHANGE"]. + type: string + type: object + type: array + duration: + description: |- + The amount of time that a time series must + fail to report new data to be considered + failing. Currently, only values that are a + multiple of a minute--e.g. 60s, 120s, or 300s + --are supported. + type: string + filter: + description: |- + A filter that identifies which time series + should be compared with the threshold.The + filter is similar to the one that is + specified in the + MetricService.ListTimeSeries request (that + call is useful to verify the time series + that will be retrieved / processed) and must + specify the metric type and optionally may + contain restrictions on resource type, + resource labels, and metric labels. This + field may not exceed 2048 Unicode characters + in length. + type: string + trigger: + description: |- + The number/percent of time series for which + the comparison must hold in order for the + condition to trigger. If unspecified, then + the condition will trigger if the comparison + is true for any of the time series that have + been identified by filter and aggregations. + properties: + count: + description: |- + The absolute number of time series + that must fail the predicate for the + condition to be triggered. + type: integer + percent: + description: |- + The percentage of time series that + must fail the predicate for the + condition to be triggered. + type: number + type: object + required: + - duration + type: object + conditionMatchedLog: + description: |- + A condition that checks for log messages matching given constraints. + If set, no other conditions can be present. + properties: + filter: + description: A logs-based filter. + type: string + labelExtractors: + additionalProperties: + type: string + description: |- + A map from a label key to an extractor expression, which is used to + extract the value for this label key. Each entry in this map is + a specification for how data should be extracted from log entries that + match filter. Each combination of extracted values is treated as + a separate rule for the purposes of triggering notifications. + Label keys and corresponding values can be used in notifications + generated by this condition. + type: object + required: + - filter + type: object + conditionMonitoringQueryLanguage: + description: A Monitoring Query Language query that outputs + a boolean stream. + properties: + duration: + description: |- + The amount of time that a time series must + violate the threshold to be considered + failing. Currently, only values that are a + multiple of a minute--e.g., 0, 60, 120, or + 300 seconds--are supported. If an invalid + value is given, an error will be returned. + When choosing a duration, it is useful to + keep in mind the frequency of the underlying + time series data (which may also be affected + by any alignments specified in the + aggregations field); a good duration is long + enough so that a single outlier does not + generate spurious alerts, but short enough + that unhealthy states are detected and + alerted on quickly. + type: string + evaluationMissingData: + description: |- + A condition control that determines how + metric-threshold conditions are evaluated when + data stops arriving. Possible values: ["EVALUATION_MISSING_DATA_INACTIVE", "EVALUATION_MISSING_DATA_ACTIVE", "EVALUATION_MISSING_DATA_NO_OP"]. + type: string + query: + description: Monitoring Query Language query that outputs + a boolean stream. + type: string + trigger: + description: |- + The number/percent of time series for which + the comparison must hold in order for the + condition to trigger. If unspecified, then + the condition will trigger if the comparison + is true for any of the time series that have + been identified by filter and aggregations, + or by the ratio, if denominator_filter and + denominator_aggregations are specified. + properties: + count: + description: |- + The absolute number of time series + that must fail the predicate for the + condition to be triggered. + type: integer + percent: + description: |- + The percentage of time series that + must fail the predicate for the + condition to be triggered. + type: number + type: object + required: + - duration + - query + type: object + conditionPrometheusQueryLanguage: + description: |- + A Monitoring Query Language query that outputs a boolean stream + + A condition type that allows alert policies to be defined using + Prometheus Query Language (PromQL). + + The PrometheusQueryLanguageCondition message contains information + from a Prometheus alerting rule and its associated rule group. + properties: + alertRule: + description: |- + The alerting rule name of this alert in the corresponding Prometheus + configuration file. + + Some external tools may require this field to be populated correctly + in order to refer to the original Prometheus configuration file. + The rule group name and the alert name are necessary to update the + relevant AlertPolicies in case the definition of the rule group changes + in the future. + + This field is optional. If this field is not empty, then it must be a + valid Prometheus label name. + type: string + duration: + description: |- + Alerts are considered firing once their PromQL expression evaluated + to be "true" for this long. Alerts whose PromQL expression was not + evaluated to be "true" for long enough are considered pending. The + default value is zero. Must be zero or positive. + type: string + evaluationInterval: + description: |- + How often this rule should be evaluated. Must be a positive multiple + of 30 seconds or missing. The default value is 30 seconds. If this + PrometheusQueryLanguageCondition was generated from a Prometheus + alerting rule, then this value should be taken from the enclosing + rule group. + type: string + labels: + additionalProperties: + type: string + description: |- + Labels to add to or overwrite in the PromQL query result. Label names + must be valid. + + Label values can be templatized by using variables. The only available + variable names are the names of the labels in the PromQL result, including + "__name__" and "value". "labels" may be empty. This field is intended to be + used for organizing and identifying the AlertPolicy. + type: object + query: + description: |- + The PromQL expression to evaluate. Every evaluation cycle this + expression is evaluated at the current time, and all resultant time + series become pending/firing alerts. This field must not be empty. + type: string + ruleGroup: + description: |- + The rule group name of this alert in the corresponding Prometheus + configuration file. + + Some external tools may require this field to be populated correctly + in order to refer to the original Prometheus configuration file. + The rule group name and the alert name are necessary to update the + relevant AlertPolicies in case the definition of the rule group changes + in the future. + + This field is optional. If this field is not empty, then it must be a + valid Prometheus label name. + type: string + required: + - query + type: object + conditionThreshold: + description: |- + A condition that compares a time series against a + threshold. + properties: + aggregations: + description: |- + Specifies the alignment of data points in + individual time series as well as how to + combine the retrieved time series together + (such as when aggregating multiple streams + on each resource to a single stream for each + resource or when aggregating streams across + all members of a group of resources). + Multiple aggregations are applied in the + order specified.This field is similar to the + one in the MetricService.ListTimeSeries + request. It is advisable to use the + ListTimeSeries method when debugging this + field. + items: + properties: + alignmentPeriod: + description: |- + The alignment period for per-time + series alignment. If present, + alignmentPeriod must be at least + 60 seconds. After per-time series + alignment, each time series will + contain data points only on the + period boundaries. If + perSeriesAligner is not specified + or equals ALIGN_NONE, then this + field is ignored. If + perSeriesAligner is specified and + does not equal ALIGN_NONE, then + this field must be defined; + otherwise an error is returned. + type: string + crossSeriesReducer: + description: |- + The approach to be used to combine + time series. Not all reducer + functions may be applied to all + time series, depending on the + metric type and the value type of + the original time series. + Reduction may change the metric + type of value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. Possible values: ["REDUCE_NONE", "REDUCE_MEAN", "REDUCE_MIN", "REDUCE_MAX", "REDUCE_SUM", "REDUCE_STDDEV", "REDUCE_COUNT", "REDUCE_COUNT_TRUE", "REDUCE_COUNT_FALSE", "REDUCE_FRACTION_TRUE", "REDUCE_PERCENTILE_99", "REDUCE_PERCENTILE_95", "REDUCE_PERCENTILE_50", "REDUCE_PERCENTILE_05"]. + type: string + groupByFields: + description: |- + The set of fields to preserve when + crossSeriesReducer is specified. + The groupByFields determine how + the time series are partitioned + into subsets prior to applying the + aggregation function. Each subset + contains time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of exactly + one subset. The crossSeriesReducer + is applied to each subset of time + series. It is not possible to + reduce across different resource + types, so this field implicitly + contains resource.type. Fields not + specified in groupByFields are + aggregated away. If groupByFields + is not specified and all the time + series have the same resource + type, then the time series are + aggregated into a single output + time series. If crossSeriesReducer + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: |- + The approach to be used to align + individual time series. Not all + alignment functions may be applied + to all time series, depending on + the metric type and value type of + the original time series. + Alignment may change the metric + type or the value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. Possible values: ["ALIGN_NONE", "ALIGN_DELTA", "ALIGN_RATE", "ALIGN_INTERPOLATE", "ALIGN_NEXT_OLDER", "ALIGN_MIN", "ALIGN_MAX", "ALIGN_MEAN", "ALIGN_COUNT", "ALIGN_SUM", "ALIGN_STDDEV", "ALIGN_COUNT_TRUE", "ALIGN_COUNT_FALSE", "ALIGN_FRACTION_TRUE", "ALIGN_PERCENTILE_99", "ALIGN_PERCENTILE_95", "ALIGN_PERCENTILE_50", "ALIGN_PERCENTILE_05", "ALIGN_PERCENT_CHANGE"]. + type: string + type: object + type: array + comparison: + description: |- + The comparison to apply between the time + series (indicated by filter and aggregation) + and the threshold (indicated by + threshold_value). The comparison is applied + on each time series, with the time series on + the left-hand side and the threshold on the + right-hand side. Only COMPARISON_LT and + COMPARISON_GT are supported currently. Possible values: ["COMPARISON_GT", "COMPARISON_GE", "COMPARISON_LT", "COMPARISON_LE", "COMPARISON_EQ", "COMPARISON_NE"]. + type: string + denominatorAggregations: + description: |- + Specifies the alignment of data points in + individual time series selected by + denominatorFilter as well as how to combine + the retrieved time series together (such as + when aggregating multiple streams on each + resource to a single stream for each + resource or when aggregating streams across + all members of a group of resources).When + computing ratios, the aggregations and + denominator_aggregations fields must use the + same alignment period and produce time + series that have the same periodicity and + labels.This field is similar to the one in + the MetricService.ListTimeSeries request. It + is advisable to use the ListTimeSeries + method when debugging this field. + items: + properties: + alignmentPeriod: + description: |- + The alignment period for per-time + series alignment. If present, + alignmentPeriod must be at least + 60 seconds. After per-time series + alignment, each time series will + contain data points only on the + period boundaries. If + perSeriesAligner is not specified + or equals ALIGN_NONE, then this + field is ignored. If + perSeriesAligner is specified and + does not equal ALIGN_NONE, then + this field must be defined; + otherwise an error is returned. + type: string + crossSeriesReducer: + description: |- + The approach to be used to combine + time series. Not all reducer + functions may be applied to all + time series, depending on the + metric type and the value type of + the original time series. + Reduction may change the metric + type of value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. Possible values: ["REDUCE_NONE", "REDUCE_MEAN", "REDUCE_MIN", "REDUCE_MAX", "REDUCE_SUM", "REDUCE_STDDEV", "REDUCE_COUNT", "REDUCE_COUNT_TRUE", "REDUCE_COUNT_FALSE", "REDUCE_FRACTION_TRUE", "REDUCE_PERCENTILE_99", "REDUCE_PERCENTILE_95", "REDUCE_PERCENTILE_50", "REDUCE_PERCENTILE_05"]. + type: string + groupByFields: + description: |- + The set of fields to preserve when + crossSeriesReducer is specified. + The groupByFields determine how + the time series are partitioned + into subsets prior to applying the + aggregation function. Each subset + contains time series that have the + same value for each of the + grouping fields. Each individual + time series is a member of exactly + one subset. The crossSeriesReducer + is applied to each subset of time + series. It is not possible to + reduce across different resource + types, so this field implicitly + contains resource.type. Fields not + specified in groupByFields are + aggregated away. If groupByFields + is not specified and all the time + series have the same resource + type, then the time series are + aggregated into a single output + time series. If crossSeriesReducer + is not defined, this field is + ignored. + items: + type: string + type: array + perSeriesAligner: + description: |- + The approach to be used to align + individual time series. Not all + alignment functions may be applied + to all time series, depending on + the metric type and value type of + the original time series. + Alignment may change the metric + type or the value type of the time + series.Time series data must be + aligned in order to perform cross- + time series reduction. If + crossSeriesReducer is specified, + then perSeriesAligner must be + specified and not equal ALIGN_NONE + and alignmentPeriod must be + specified; otherwise, an error is + returned. Possible values: ["ALIGN_NONE", "ALIGN_DELTA", "ALIGN_RATE", "ALIGN_INTERPOLATE", "ALIGN_NEXT_OLDER", "ALIGN_MIN", "ALIGN_MAX", "ALIGN_MEAN", "ALIGN_COUNT", "ALIGN_SUM", "ALIGN_STDDEV", "ALIGN_COUNT_TRUE", "ALIGN_COUNT_FALSE", "ALIGN_FRACTION_TRUE", "ALIGN_PERCENTILE_99", "ALIGN_PERCENTILE_95", "ALIGN_PERCENTILE_50", "ALIGN_PERCENTILE_05", "ALIGN_PERCENT_CHANGE"]. + type: string + type: object + type: array + denominatorFilter: + description: |- + A filter that identifies a time series that + should be used as the denominator of a ratio + that will be compared with the threshold. If + a denominator_filter is specified, the time + series specified by the filter field will be + used as the numerator.The filter is similar + to the one that is specified in the + MetricService.ListTimeSeries request (that + call is useful to verify the time series + that will be retrieved / processed) and must + specify the metric type and optionally may + contain restrictions on resource type, + resource labels, and metric labels. This + field may not exceed 2048 Unicode characters + in length. + type: string + duration: + description: |- + The amount of time that a time series must + violate the threshold to be considered + failing. Currently, only values that are a + multiple of a minute--e.g., 0, 60, 120, or + 300 seconds--are supported. If an invalid + value is given, an error will be returned. + When choosing a duration, it is useful to + keep in mind the frequency of the underlying + time series data (which may also be affected + by any alignments specified in the + aggregations field); a good duration is long + enough so that a single outlier does not + generate spurious alerts, but short enough + that unhealthy states are detected and + alerted on quickly. + type: string + evaluationMissingData: + description: |- + A condition control that determines how + metric-threshold conditions are evaluated when + data stops arriving. Possible values: ["EVALUATION_MISSING_DATA_INACTIVE", "EVALUATION_MISSING_DATA_ACTIVE", "EVALUATION_MISSING_DATA_NO_OP"]. + type: string + filter: + description: |- + A filter that identifies which time series + should be compared with the threshold.The + filter is similar to the one that is + specified in the + MetricService.ListTimeSeries request (that + call is useful to verify the time series + that will be retrieved / processed) and must + specify the metric type and optionally may + contain restrictions on resource type, + resource labels, and metric labels. This + field may not exceed 2048 Unicode characters + in length. + type: string + forecastOptions: + description: |- + When this field is present, the 'MetricThreshold' + condition forecasts whether the time series is + predicted to violate the threshold within the + 'forecastHorizon'. When this field is not set, the + 'MetricThreshold' tests the current value of the + timeseries against the threshold. + properties: + forecastHorizon: + description: |- + The length of time into the future to forecast + whether a timeseries will violate the threshold. + If the predicted value is found to violate the + threshold, and the violation is observed in all + forecasts made for the Configured 'duration', + then the timeseries is considered to be failing. + type: string + required: + - forecastHorizon + type: object + thresholdValue: + description: |- + A value against which to compare the time + series. + type: number + trigger: + description: |- + The number/percent of time series for which + the comparison must hold in order for the + condition to trigger. If unspecified, then + the condition will trigger if the comparison + is true for any of the time series that have + been identified by filter and aggregations, + or by the ratio, if denominator_filter and + denominator_aggregations are specified. + properties: + count: + description: |- + The absolute number of time series + that must fail the predicate for the + condition to be triggered. + type: integer + percent: + description: |- + The percentage of time series that + must fail the predicate for the + condition to be triggered. + type: number + type: object + required: + - comparison + - duration + type: object + displayName: + description: |- + A short name or phrase used to identify the + condition in dashboards, notifications, and + incidents. To avoid confusion, don't use the same + display name for multiple conditions in the same + policy. + type: string + name: + description: |- + The unique resource name for this condition. + Its syntax is: + projects/[PROJECT_ID]/alertPolicies/[POLICY_ID]/conditions/[CONDITION_ID] + [CONDITION_ID] is assigned by Stackdriver Monitoring when + the condition is created as part of a new or updated alerting + policy. + type: string + required: + - displayName + type: object + type: array + displayName: + description: |- + A short name or phrase used to identify the policy in + dashboards, notifications, and incidents. To avoid confusion, don't use + the same display name for multiple policies in the same project. The + name is limited to 512 Unicode characters. + type: string + documentation: + description: |- + Documentation that is included with notifications and incidents related + to this policy. Best practice is for the documentation to include information + to help responders understand, mitigate, escalate, and correct the underlying + problems detected by the alerting policy. Notification channels that have + limited capacity might not show this documentation. + properties: + content: + description: |- + The text of the documentation, interpreted according to mimeType. + The content may not exceed 8,192 Unicode characters and may not + exceed more than 10,240 bytes when encoded in UTF-8 format, + whichever is smaller. + type: string + mimeType: + description: |- + The format of the content field. Presently, only the value + "text/markdown" is supported. + type: string + type: object + enabled: + description: Whether or not the policy is enabled. The default is + true. + type: boolean + notificationChannels: + items: + description: Identifies the notification channels to which notifications + should be sent when incidents are opened or closed or when new + violations occur on an already opened incident. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `MonitoringNotificationChannel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + severity: + description: |- + The severity of an alert policy indicates how important + incidents generated by that policy are. The severity level will be displayed on + the Incident detail page and in notifications. Possible values: ["CRITICAL", "ERROR", "WARNING"]. + type: string + required: + - combiner + - conditions + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationRecord: + description: |- + A read-only record of the creation of the alerting policy. + If provided in a call to create or update, this field will + be ignored. + items: + properties: + mutateTime: + description: When the change occurred. + type: string + mutatedBy: + description: The email address of the user making the change. + type: string + type: object + type: array + name: + description: |- + The unique resource name for this policy. + Its syntax is: projects/[PROJECT_ID]/alertPolicies/[ALERT_POLICY_ID]. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringdashboards.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringDashboard + listKind: MonitoringDashboardList + plural: monitoringdashboards + shortNames: + - gcpmonitoringdashboard + - gcpmonitoringdashboards + singular: monitoringdashboard + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: MonitoringDashboard is the Schema for the monitoring API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + columnLayout: + description: The content is divided into equally spaced columns and + the widgets are arranged vertically. + properties: + columns: + description: The columns of content to display. + items: + properties: + weight: + description: The relative weight of this column. The column + weight is used to adjust the width of columns on the screen + (relative to peers). + format: int64 + type: integer + widgets: + description: The display widgets arranged vertically in + this column. + items: + properties: + alertChart: + description: A chart of alert policy data. + properties: + alertPolicyRef: + description: Required. A reference to the MonitoringAlertPolicy. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The MonitoringAlertPolicy link + in the form "projects/[PROJECT_ID_OR_NUMBER]/alertPolicies/[ALERT_POLICY_ID]", + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `MonitoringAlertPolicy` + resource. + type: string + namespace: + description: The `namespace` field of a `MonitoringAlertPolicy` + resource. + type: string + type: object + required: + - alertPolicyRef + type: object + blank: + description: A blank space. + type: object + collapsibleGroup: + description: A widget that groups the other widgets. + All widgets that are within the area spanned by + the grouping widget are considered member widgets. + properties: + collapsed: + description: The collapsed state of the widget + on first page load. + type: boolean + type: object + errorReportingPanel: + description: A widget that displays a list of error + groups. + properties: + projectRefs: + description: The projects from which to gather + errors. + items: + description: The Project that this resource + belongs to. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: The `projectID` field of a + project, when not managed by Config Connector. + type: string + kind: + description: The kind of the Project resource; + optional but must be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` + resource. + type: string + namespace: + description: The `namespace` field of a + `Project` resource. + type: string + type: object + type: array + services: + description: An identifier of the service, such + as the name of the executable, job, or Google + App Engine service name. This field is expected + to have a low number of values that are relatively + stable over time, as opposed to `version`, which + can be changed whenever new code is deployed. + items: + type: string + type: array + versions: + description: Represents the source code version + that the developer provided, which could represent + a version label or a Git SHA-1 hash, for example. + For App Engine standard environment, the version + is set to the version of the app. + items: + type: string + type: array + type: object + id: + description: Optional. The widget id. Ids may be made + up of alphanumerics, dashes and underscores. Widget + ids are optional. + type: string + incidentList: + description: A widget that shows list of incidents. + properties: + monitoredResources: + description: Optional. The monitored resource + for which incidents are listed. + items: + properties: + labels: + additionalProperties: + type: string + description: Required. Values for all of + the labels listed in the associated monitored + resource descriptor. + type: object + type: + description: Required. The monitored resource + type. This field must match the `type` + field of a [MonitoredResourceDescriptor][google.api.MonitoredResourceDescriptor] + object. + type: string + type: object + type: array + policyRefs: + description: Optional. A list of alert policies + to filter the incident list by. + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The MonitoringAlertPolicy link + in the form "projects/[PROJECT_ID_OR_NUMBER]/alertPolicies/[ALERT_POLICY_ID]", + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `MonitoringAlertPolicy` + resource. + type: string + namespace: + description: The `namespace` field of a + `MonitoringAlertPolicy` resource. + type: string + type: object + type: array + type: object + logsPanel: + description: A widget that shows a stream of logs. + properties: + filter: + description: A filter that chooses which log entries + to return. See [Advanced Logs Queries](https://cloud.google.com/logging/docs/view/advanced-queries). + type: string + resourceNames: + description: The names of logging resources to + collect logs for. + items: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: The external name of the referenced + resource + type: string + kind: + description: Kind of the referent. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + pieChart: + description: A widget that displays timeseries data + as a pie chart. + properties: + chartType: + description: Required. Indicates the visualization + type for the PieChart. + type: string + dataSets: + description: Required. The queries for the chart's + data. + items: + properties: + minAlignmentPeriod: + description: Optional. The lower bound on + data point frequency for this data set. + type: string + sliceNameTemplate: + description: Optional. A template for the + name of the slice. + type: string + timeSeriesQuery: + description: Required. The query for the + PieChart. See, `google.monitoring.dashboard.v1.TimeSeriesQuery`. + properties: + outputFullDuration: + description: Optional. If set, Cloud + Monitoring will treat the full query + duration as the alignment period so + that there will be only 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time + series with PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch + time series. + properties: + aggregation: + description: By default, the raw + time series data is returned. + Use this field to combine multiple + time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: How to use the + ranking to select time series + that pass through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio + between two time series filters. + properties: + denominator: + description: The denominator of + the ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. + type: string + type: object + filter: + description: The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the + ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. + type: string + type: object + filter: + description: The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: How to use the + ranking to select time series + that pass through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time + series with MQL. + type: string + unitOverride: + description: The unit of data contained + in fetched time series. If non-empty, + this unit will override any unit that + accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + type: array + showLabels: + description: Optional. Indicates whether or not + the pie chart should show slices' labels + type: boolean + required: + - chartType + - dataSets + type: object + scorecard: + description: A scorecard summarizing time series data. + properties: + blankView: + description: Will cause the `Scorecard` to show + only the value, with no indicator to its value + relative to its thresholds. + type: object + gaugeView: + description: Will cause the scorecard to show + a gauge chart. + properties: + lowerBound: + description: The lower bound for this gauge + chart. The value of the chart should always + be greater than or equal to this. + format: double + type: number + upperBound: + description: The upper bound for this gauge + chart. The value of the chart should always + be less than or equal to this. + format: double + type: number + type: object + sparkChartView: + description: Will cause the scorecard to show + a spark chart. + properties: + minAlignmentPeriod: + description: The lower bound on data point + frequency in the chart implemented by specifying + the minimum alignment period to use in a + time series query. + type: string + sparkChartType: + description: Required. The type of sparkchart + to show in this chartView. + type: string + required: + - sparkChartType + type: object + thresholds: + description: The thresholds used to determine + the state of the scorecard given the time series' + current value. + items: + properties: + color: + description: The state color for this threshold. + Color is not allowed in a XyChart. + type: string + direction: + description: The direction for the current + threshold. Direction is not allowed in + a XyChart. + type: string + label: + description: A label for the threshold. + type: string + targetAxis: + description: The target axis to use for + plotting the threshold. Target axis is + not allowed in a Scorecard. + type: string + value: + description: The value of the threshold. + The value should be defined in the native + scale of the metric. + format: double + type: number + type: object + type: array + timeSeriesQuery: + description: Required. Fields for querying time + series data from the Stackdriver metrics API. + properties: + outputFullDuration: + description: Optional. If set, Cloud Monitoring + will treat the full query duration as the + alignment period so that there will be only + 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time series + with PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch time + series. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this field + to combine multiple time series for + different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio between + two time series filters. + properties: + denominator: + description: The denominator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time series + with MQL. + type: string + unitOverride: + description: The unit of data contained in + fetched time series. If non-empty, this + unit will override any unit that accompanies + fetched data. The format is the same as + the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + sectionHeader: + description: A widget that defines a section header + for easier navigation of the dashboard. + properties: + dividerBelow: + description: Whether to insert a divider below + the section in the table of contents + type: boolean + subtitle: + description: The subtitle of the section + type: string + type: object + singleViewGroup: + description: A widget that groups the other widgets + by using a dropdown menu. + type: object + text: + description: A raw string or markdown displaying textual + content. + properties: + content: + description: The text content to be displayed. + type: string + format: + description: How the text content is formatted. + type: string + style: + description: How the text is styled + properties: + backgroundColor: + description: The background color as a hex + string. "#RRGGBB" or "#RGB" + type: string + fontSize: + description: Font sizes for both the title + and content. The title will still be larger + relative to the content. + type: string + horizontalAlignment: + description: The horizontal alignment of both + the title and content + type: string + padding: + description: The amount of padding around + the widget + type: string + pointerLocation: + description: The pointer location for this + widget (also sometimes called a "tail") + type: string + textColor: + description: The text color as a hex string. + "#RRGGBB" or "#RGB" + type: string + verticalAlignment: + description: The vertical alignment of both + the title and content + type: string + type: object + type: object + timeSeriesTable: + description: A widget that displays time series data + in a tabular format. + properties: + columnSettings: + description: Optional. The list of the persistent + column settings for the table. + items: + properties: + column: + description: Required. The id of the column. + type: string + visible: + description: Required. Whether the column + should be visible on page load. + type: boolean + required: + - column + - visible + type: object + type: array + dataSets: + description: Required. The data displayed in this + table. + items: + properties: + minAlignmentPeriod: + description: Optional. The lower bound on + data point frequency for this data set. + type: string + tableDisplayOptions: + description: Optional. Table display options + for configuring how the table is rendered. + properties: + shownColumns: + description: Optional. This field is + unused and has been replaced by TimeSeriesTable.column_settings + items: + type: string + type: array + type: object + tableTemplate: + description: Optional. A template string + for naming `TimeSeries` in the resulting + data set. + type: string + timeSeriesQuery: + description: Required. Fields for querying + time series data from the Stackdriver + metrics API. + properties: + outputFullDuration: + description: Optional. If set, Cloud + Monitoring will treat the full query + duration as the alignment period so + that there will be only 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time + series with PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch + time series. + properties: + aggregation: + description: By default, the raw + time series data is returned. + Use this field to combine multiple + time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: How to use the + ranking to select time series + that pass through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio + between two time series filters. + properties: + denominator: + description: The denominator of + the ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. + type: string + type: object + filter: + description: The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the + ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. + type: string + type: object + filter: + description: The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: How to use the + ranking to select time series + that pass through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time + series with MQL. + type: string + unitOverride: + description: The unit of data contained + in fetched time series. If non-empty, + this unit will override any unit that + accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + type: object + type: array + metricVisualization: + description: Optional. Store rendering strategy + type: string + required: + - dataSets + type: object + title: + description: Optional. The title of the widget. + type: string + xyChart: + description: A chart of time series data. + properties: + chartOptions: + description: Display options for the chart. + properties: + mode: + description: The chart mode. + type: string + type: object + dataSets: + description: Required. The data displayed in this + chart. + items: + properties: + legendTemplate: + description: A template string for naming + `TimeSeries` in the resulting data set. + type: string + minAlignmentPeriod: + description: Optional. The lower bound on + data point frequency for this data set. + type: string + plotType: + description: How this data should be plotted + on the chart. + type: string + targetAxis: + description: Optional. The target axis to + use for plotting the metric. + type: string + timeSeriesQuery: + description: Fields for querying time series + data from the Stackdriver metrics API. + properties: + outputFullDuration: + description: Optional. If set, Cloud + Monitoring will treat the full query + duration as the alignment period so + that there will be only 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time + series with PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch + time series. + properties: + aggregation: + description: By default, the raw + time series data is returned. + Use this field to combine multiple + time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: How to use the + ranking to select time series + that pass through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio + between two time series filters. + properties: + denominator: + description: The denominator of + the ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. + type: string + type: object + filter: + description: The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the + ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. + type: string + type: object + filter: + description: The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: How to use the + ranking to select time series + that pass through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time + series with MQL. + type: string + unitOverride: + description: The unit of data contained + in fetched time series. If non-empty, + this unit will override any unit that + accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + type: array + thresholds: + description: Threshold lines drawn horizontally + across the chart. + items: + properties: + color: + description: The state color for this threshold. + Color is not allowed in a XyChart. + type: string + direction: + description: The direction for the current + threshold. Direction is not allowed in + a XyChart. + type: string + label: + description: A label for the threshold. + type: string + targetAxis: + description: The target axis to use for + plotting the threshold. Target axis is + not allowed in a Scorecard. + type: string + value: + description: The value of the threshold. + The value should be defined in the native + scale of the metric. + format: double + type: number + type: object + type: array + timeshiftDuration: + description: The duration used to display a comparison + chart. + type: string + xAxis: + description: The properties applied to the x-axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: The axis scale. By default, a + linear scale is used. + type: string + type: object + y2Axis: + description: The properties applied to the y2-axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: The axis scale. By default, a + linear scale is used. + type: string + type: object + yAxis: + description: The properties applied to the y-axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: The axis scale. By default, a + linear scale is used. + type: string + type: object + required: + - dataSets + type: object + type: object + type: array + type: object + type: array + type: object + dashboardFilters: + description: Filters to reduce the amount of data charted based on + the filter criteria. + items: + properties: + filterType: + description: The specified filter type + type: string + labelKey: + description: Required. The key for the label + type: string + stringValue: + description: A variable-length string value. + type: string + templateVariable: + description: The placeholder text that can be referenced in + a filter string or MQL query. If omitted, the dashboard filter + will be applied to all relevant widgets in the dashboard. + type: string + required: + - labelKey + type: object + type: array + displayName: + description: Required. The mutable, human-readable name. + type: string + gridLayout: + description: Content is arranged with a basic layout that re-flows + a simple list of informational elements like widgets or tiles. + properties: + columns: + description: The number of columns into which the view's width + is divided. If omitted or set to zero, a system default will + be used while rendering. + format: int64 + type: integer + widgets: + description: The informational elements that are arranged into + the columns row-first. + items: + properties: + alertChart: + description: A chart of alert policy data. + properties: + alertPolicyRef: + description: Required. A reference to the MonitoringAlertPolicy. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The MonitoringAlertPolicy link in the + form "projects/[PROJECT_ID_OR_NUMBER]/alertPolicies/[ALERT_POLICY_ID]", + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `MonitoringAlertPolicy` + resource. + type: string + namespace: + description: The `namespace` field of a `MonitoringAlertPolicy` + resource. + type: string + type: object + required: + - alertPolicyRef + type: object + blank: + description: A blank space. + type: object + collapsibleGroup: + description: A widget that groups the other widgets. All + widgets that are within the area spanned by the grouping + widget are considered member widgets. + properties: + collapsed: + description: The collapsed state of the widget on first + page load. + type: boolean + type: object + errorReportingPanel: + description: A widget that displays a list of error groups. + properties: + projectRefs: + description: The projects from which to gather errors. + items: + description: The Project that this resource belongs + to. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: The `projectID` field of a project, + when not managed by Config Connector. + type: string + kind: + description: The kind of the Project resource; + optional but must be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` + resource. + type: string + type: object + type: array + services: + description: An identifier of the service, such as the + name of the executable, job, or Google App Engine + service name. This field is expected to have a low + number of values that are relatively stable over time, + as opposed to `version`, which can be changed whenever + new code is deployed. + items: + type: string + type: array + versions: + description: Represents the source code version that + the developer provided, which could represent a version + label or a Git SHA-1 hash, for example. For App Engine + standard environment, the version is set to the version + of the app. + items: + type: string + type: array + type: object + id: + description: Optional. The widget id. Ids may be made up + of alphanumerics, dashes and underscores. Widget ids are + optional. + type: string + incidentList: + description: A widget that shows list of incidents. + properties: + monitoredResources: + description: Optional. The monitored resource for which + incidents are listed. + items: + properties: + labels: + additionalProperties: + type: string + description: Required. Values for all of the labels + listed in the associated monitored resource + descriptor. + type: object + type: + description: Required. The monitored resource + type. This field must match the `type` field + of a [MonitoredResourceDescriptor][google.api.MonitoredResourceDescriptor] + object. + type: string + type: object + type: array + policyRefs: + description: Optional. A list of alert policies to filter + the incident list by. + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The MonitoringAlertPolicy link in + the form "projects/[PROJECT_ID_OR_NUMBER]/alertPolicies/[ALERT_POLICY_ID]", + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `MonitoringAlertPolicy` + resource. + type: string + namespace: + description: The `namespace` field of a `MonitoringAlertPolicy` + resource. + type: string + type: object + type: array + type: object + logsPanel: + description: A widget that shows a stream of logs. + properties: + filter: + description: A filter that chooses which log entries + to return. See [Advanced Logs Queries](https://cloud.google.com/logging/docs/view/advanced-queries). + type: string + resourceNames: + description: The names of logging resources to collect + logs for. + items: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: The external name of the referenced + resource + type: string + kind: + description: Kind of the referent. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + pieChart: + description: A widget that displays timeseries data as a + pie chart. + properties: + chartType: + description: Required. Indicates the visualization type + for the PieChart. + type: string + dataSets: + description: Required. The queries for the chart's data. + items: + properties: + minAlignmentPeriod: + description: Optional. The lower bound on data + point frequency for this data set. + type: string + sliceNameTemplate: + description: Optional. A template for the name + of the slice. + type: string + timeSeriesQuery: + description: Required. The query for the PieChart. + See, `google.monitoring.dashboard.v1.TimeSeriesQuery`. + properties: + outputFullDuration: + description: Optional. If set, Cloud Monitoring + will treat the full query duration as the + alignment period so that there will be only + 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time series + with PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch time + series. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this field + to combine multiple time series for + different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio between + two time series filters. + properties: + denominator: + description: The denominator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time series + with MQL. + type: string + unitOverride: + description: The unit of data contained in + fetched time series. If non-empty, this + unit will override any unit that accompanies + fetched data. The format is the same as + the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + type: array + showLabels: + description: Optional. Indicates whether or not the + pie chart should show slices' labels + type: boolean + required: + - chartType + - dataSets + type: object + scorecard: + description: A scorecard summarizing time series data. + properties: + blankView: + description: Will cause the `Scorecard` to show only + the value, with no indicator to its value relative + to its thresholds. + type: object + gaugeView: + description: Will cause the scorecard to show a gauge + chart. + properties: + lowerBound: + description: The lower bound for this gauge chart. + The value of the chart should always be greater + than or equal to this. + format: double + type: number + upperBound: + description: The upper bound for this gauge chart. + The value of the chart should always be less than + or equal to this. + format: double + type: number + type: object + sparkChartView: + description: Will cause the scorecard to show a spark + chart. + properties: + minAlignmentPeriod: + description: The lower bound on data point frequency + in the chart implemented by specifying the minimum + alignment period to use in a time series query. + type: string + sparkChartType: + description: Required. The type of sparkchart to + show in this chartView. + type: string + required: + - sparkChartType + type: object + thresholds: + description: The thresholds used to determine the state + of the scorecard given the time series' current value. + items: + properties: + color: + description: The state color for this threshold. + Color is not allowed in a XyChart. + type: string + direction: + description: The direction for the current threshold. + Direction is not allowed in a XyChart. + type: string + label: + description: A label for the threshold. + type: string + targetAxis: + description: The target axis to use for plotting + the threshold. Target axis is not allowed in + a Scorecard. + type: string + value: + description: The value of the threshold. The value + should be defined in the native scale of the + metric. + format: double + type: number + type: object + type: array + timeSeriesQuery: + description: Required. Fields for querying time series + data from the Stackdriver metrics API. + properties: + outputFullDuration: + description: Optional. If set, Cloud Monitoring + will treat the full query duration as the alignment + period so that there will be only 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time series with + PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch time series. + properties: + aggregation: + description: By default, the raw time series + data is returned. Use this field to combine + multiple time series for different views of + the data. + properties: + alignmentPeriod: + description: The `alignment_period` specifies + a time interval, in seconds, that is used + to divide the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This will + be done before the per-series aligner + can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation to + be used to combine time series into a + single time series, where the value of + each data point in the resulting series + is a function of all the already aligned + values in the input time series. + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes how + to bring the data points in a single time + series into temporal alignment. Except + for `ALIGN_NONE`, all alignments cause + all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for each + `alignment_period` with end timestamp + at the end of the period. + type: string + type: object + filter: + description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series filter. + properties: + direction: + description: How to use the ranking to select + time series that pass through the filter. + type: string + numTimeSeries: + description: How many time series to allow + to pass through the filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` is applied + to each time series independently to produce + the value which will be used to compare + the time series to other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation after + `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` specifies + a time interval, in seconds, that is used + to divide the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This will + be done before the per-series aligner + can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation to + be used to combine time series into a + single time series, where the value of + each data point in the resulting series + is a function of all the already aligned + values in the input time series. + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes how + to bring the data points in a single time + series into temporal alignment. Except + for `ALIGN_NONE`, all alignments cause + all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for each + `alignment_period` with end timestamp + at the end of the period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio between + two time series filters. + properties: + denominator: + description: The denominator of the ratio. + properties: + aggregation: + description: By default, the raw time series + data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This + will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where the + value of each data point in the resulting + series is a function of all the already + aligned values in the input time series. + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in a + single time series into temporal alignment. + Except for `ALIGN_NONE`, all alignments + cause all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for + each `alignment_period` with end timestamp + at the end of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the ratio. + properties: + aggregation: + description: By default, the raw time series + data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This + will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where the + value of each data point in the resulting + series is a function of all the already + aligned values in the input time series. + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in a + single time series into temporal alignment. + Except for `ALIGN_NONE`, all alignments + cause all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for + each `alignment_period` with end timestamp + at the end of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series filter. + properties: + direction: + description: How to use the ranking to select + time series that pass through the filter. + type: string + numTimeSeries: + description: How many time series to allow + to pass through the filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` is applied + to each time series independently to produce + the value which will be used to compare + the time series to other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation after + the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` specifies + a time interval, in seconds, that is used + to divide the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This will + be done before the per-series aligner + can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation to + be used to combine time series into a + single time series, where the value of + each data point in the resulting series + is a function of all the already aligned + values in the input time series. + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes how + to bring the data points in a single time + series into temporal alignment. Except + for `ALIGN_NONE`, all alignments cause + all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for each + `alignment_period` with end timestamp + at the end of the period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time series with + MQL. + type: string + unitOverride: + description: The unit of data contained in fetched + time series. If non-empty, this unit will override + any unit that accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + sectionHeader: + description: A widget that defines a section header for + easier navigation of the dashboard. + properties: + dividerBelow: + description: Whether to insert a divider below the section + in the table of contents + type: boolean + subtitle: + description: The subtitle of the section + type: string + type: object + singleViewGroup: + description: A widget that groups the other widgets by using + a dropdown menu. + type: object + text: + description: A raw string or markdown displaying textual + content. + properties: + content: + description: The text content to be displayed. + type: string + format: + description: How the text content is formatted. + type: string + style: + description: How the text is styled + properties: + backgroundColor: + description: The background color as a hex string. + "#RRGGBB" or "#RGB" + type: string + fontSize: + description: Font sizes for both the title and content. + The title will still be larger relative to the + content. + type: string + horizontalAlignment: + description: The horizontal alignment of both the + title and content + type: string + padding: + description: The amount of padding around the widget + type: string + pointerLocation: + description: The pointer location for this widget + (also sometimes called a "tail") + type: string + textColor: + description: The text color as a hex string. "#RRGGBB" + or "#RGB" + type: string + verticalAlignment: + description: The vertical alignment of both the + title and content + type: string + type: object + type: object + timeSeriesTable: + description: A widget that displays time series data in + a tabular format. + properties: + columnSettings: + description: Optional. The list of the persistent column + settings for the table. + items: + properties: + column: + description: Required. The id of the column. + type: string + visible: + description: Required. Whether the column should + be visible on page load. + type: boolean + required: + - column + - visible + type: object + type: array + dataSets: + description: Required. The data displayed in this table. + items: + properties: + minAlignmentPeriod: + description: Optional. The lower bound on data + point frequency for this data set. + type: string + tableDisplayOptions: + description: Optional. Table display options for + configuring how the table is rendered. + properties: + shownColumns: + description: Optional. This field is unused + and has been replaced by TimeSeriesTable.column_settings + items: + type: string + type: array + type: object + tableTemplate: + description: Optional. A template string for naming + `TimeSeries` in the resulting data set. + type: string + timeSeriesQuery: + description: Required. Fields for querying time + series data from the Stackdriver metrics API. + properties: + outputFullDuration: + description: Optional. If set, Cloud Monitoring + will treat the full query duration as the + alignment period so that there will be only + 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time series + with PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch time + series. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this field + to combine multiple time series for + different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio between + two time series filters. + properties: + denominator: + description: The denominator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time series + with MQL. + type: string + unitOverride: + description: The unit of data contained in + fetched time series. If non-empty, this + unit will override any unit that accompanies + fetched data. The format is the same as + the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + type: object + type: array + metricVisualization: + description: Optional. Store rendering strategy + type: string + required: + - dataSets + type: object + title: + description: Optional. The title of the widget. + type: string + xyChart: + description: A chart of time series data. + properties: + chartOptions: + description: Display options for the chart. + properties: + mode: + description: The chart mode. + type: string + type: object + dataSets: + description: Required. The data displayed in this chart. + items: + properties: + legendTemplate: + description: A template string for naming `TimeSeries` + in the resulting data set. + type: string + minAlignmentPeriod: + description: Optional. The lower bound on data + point frequency for this data set. + type: string + plotType: + description: How this data should be plotted on + the chart. + type: string + targetAxis: + description: Optional. The target axis to use + for plotting the metric. + type: string + timeSeriesQuery: + description: Fields for querying time series data + from the Stackdriver metrics API. + properties: + outputFullDuration: + description: Optional. If set, Cloud Monitoring + will treat the full query duration as the + alignment period so that there will be only + 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time series + with PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch time + series. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this field + to combine multiple time series for + different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio between + two time series filters. + properties: + denominator: + description: The denominator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time series + with MQL. + type: string + unitOverride: + description: The unit of data contained in + fetched time series. If non-empty, this + unit will override any unit that accompanies + fetched data. The format is the same as + the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + type: array + thresholds: + description: Threshold lines drawn horizontally across + the chart. + items: + properties: + color: + description: The state color for this threshold. + Color is not allowed in a XyChart. + type: string + direction: + description: The direction for the current threshold. + Direction is not allowed in a XyChart. + type: string + label: + description: A label for the threshold. + type: string + targetAxis: + description: The target axis to use for plotting + the threshold. Target axis is not allowed in + a Scorecard. + type: string + value: + description: The value of the threshold. The value + should be defined in the native scale of the + metric. + format: double + type: number + type: object + type: array + timeshiftDuration: + description: The duration used to display a comparison + chart. + type: string + xAxis: + description: The properties applied to the x-axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: The axis scale. By default, a linear + scale is used. + type: string + type: object + y2Axis: + description: The properties applied to the y2-axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: The axis scale. By default, a linear + scale is used. + type: string + type: object + yAxis: + description: The properties applied to the y-axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: The axis scale. By default, a linear + scale is used. + type: string + type: object + required: + - dataSets + type: object + type: object + type: array + type: object + mosaicLayout: + description: The content is arranged as a grid of tiles, with each + content widget occupying one or more grid blocks. + properties: + columns: + description: The number of columns in the mosaic grid. The number + of columns must be between 1 and 12, inclusive. + format: int32 + type: integer + tiles: + description: The tiles to display. + items: + properties: + height: + description: The height of the tile, measured in grid blocks. + Tiles must have a minimum height of 1. + format: int32 + type: integer + widget: + description: The informational widget contained in the tile. + For example an `XyChart`. + properties: + alertChart: + description: A chart of alert policy data. + properties: + alertPolicyRef: + description: Required. A reference to the MonitoringAlertPolicy. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The MonitoringAlertPolicy link + in the form "projects/[PROJECT_ID_OR_NUMBER]/alertPolicies/[ALERT_POLICY_ID]", + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `MonitoringAlertPolicy` + resource. + type: string + namespace: + description: The `namespace` field of a `MonitoringAlertPolicy` + resource. + type: string + type: object + required: + - alertPolicyRef + type: object + blank: + description: A blank space. + type: object + collapsibleGroup: + description: A widget that groups the other widgets. + All widgets that are within the area spanned by the + grouping widget are considered member widgets. + properties: + collapsed: + description: The collapsed state of the widget on + first page load. + type: boolean + type: object + errorReportingPanel: + description: A widget that displays a list of error + groups. + properties: + projectRefs: + description: The projects from which to gather errors. + items: + description: The Project that this resource belongs + to. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: The `projectID` field of a project, + when not managed by Config Connector. + type: string + kind: + description: The kind of the Project resource; + optional but must be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` + resource. + type: string + namespace: + description: The `namespace` field of a `Project` + resource. + type: string + type: object + type: array + services: + description: An identifier of the service, such + as the name of the executable, job, or Google + App Engine service name. This field is expected + to have a low number of values that are relatively + stable over time, as opposed to `version`, which + can be changed whenever new code is deployed. + items: + type: string + type: array + versions: + description: Represents the source code version + that the developer provided, which could represent + a version label or a Git SHA-1 hash, for example. + For App Engine standard environment, the version + is set to the version of the app. + items: + type: string + type: array + type: object + id: + description: Optional. The widget id. Ids may be made + up of alphanumerics, dashes and underscores. Widget + ids are optional. + type: string + incidentList: + description: A widget that shows list of incidents. + properties: + monitoredResources: + description: Optional. The monitored resource for + which incidents are listed. + items: + properties: + labels: + additionalProperties: + type: string + description: Required. Values for all of the + labels listed in the associated monitored + resource descriptor. + type: object + type: + description: Required. The monitored resource + type. This field must match the `type` field + of a [MonitoredResourceDescriptor][google.api.MonitoredResourceDescriptor] + object. + type: string + type: object + type: array + policyRefs: + description: Optional. A list of alert policies + to filter the incident list by. + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The MonitoringAlertPolicy link + in the form "projects/[PROJECT_ID_OR_NUMBER]/alertPolicies/[ALERT_POLICY_ID]", + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `MonitoringAlertPolicy` + resource. + type: string + namespace: + description: The `namespace` field of a `MonitoringAlertPolicy` + resource. + type: string + type: object + type: array + type: object + logsPanel: + description: A widget that shows a stream of logs. + properties: + filter: + description: A filter that chooses which log entries + to return. See [Advanced Logs Queries](https://cloud.google.com/logging/docs/view/advanced-queries). + type: string + resourceNames: + description: The names of logging resources to collect + logs for. + items: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: The external name of the referenced + resource + type: string + kind: + description: Kind of the referent. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + pieChart: + description: A widget that displays timeseries data + as a pie chart. + properties: + chartType: + description: Required. Indicates the visualization + type for the PieChart. + type: string + dataSets: + description: Required. The queries for the chart's + data. + items: + properties: + minAlignmentPeriod: + description: Optional. The lower bound on + data point frequency for this data set. + type: string + sliceNameTemplate: + description: Optional. A template for the + name of the slice. + type: string + timeSeriesQuery: + description: Required. The query for the PieChart. + See, `google.monitoring.dashboard.v1.TimeSeriesQuery`. + properties: + outputFullDuration: + description: Optional. If set, Cloud Monitoring + will treat the full query duration as + the alignment period so that there will + be only 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time + series with PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch + time series. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to other + time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio + between two time series filters. + properties: + denominator: + description: The denominator of the + ratio. + properties: + aggregation: + description: By default, the raw + time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in all + the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done + before the per-series aligner + can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, where + the value of each data point + in the resulting series + is a function of all the + already aligned values in + the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring the + data points in a single + time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all + the data points in an `alignment_period` + to be mathematically grouped + together, resulting in a + single data point for each + `alignment_period` with + end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the + ratio. + properties: + aggregation: + description: By default, the raw + time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in all + the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done + before the per-series aligner + can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, where + the value of each data point + in the resulting series + is a function of all the + already aligned values in + the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring the + data points in a single + time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all + the data points in an `alignment_period` + to be mathematically grouped + together, resulting in a + single data point for each + `alignment_period` with + end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to other + time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time + series with MQL. + type: string + unitOverride: + description: The unit of data contained + in fetched time series. If non-empty, + this unit will override any unit that + accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + type: array + showLabels: + description: Optional. Indicates whether or not + the pie chart should show slices' labels + type: boolean + required: + - chartType + - dataSets + type: object + scorecard: + description: A scorecard summarizing time series data. + properties: + blankView: + description: Will cause the `Scorecard` to show + only the value, with no indicator to its value + relative to its thresholds. + type: object + gaugeView: + description: Will cause the scorecard to show a + gauge chart. + properties: + lowerBound: + description: The lower bound for this gauge + chart. The value of the chart should always + be greater than or equal to this. + format: double + type: number + upperBound: + description: The upper bound for this gauge + chart. The value of the chart should always + be less than or equal to this. + format: double + type: number + type: object + sparkChartView: + description: Will cause the scorecard to show a + spark chart. + properties: + minAlignmentPeriod: + description: The lower bound on data point frequency + in the chart implemented by specifying the + minimum alignment period to use in a time + series query. + type: string + sparkChartType: + description: Required. The type of sparkchart + to show in this chartView. + type: string + required: + - sparkChartType + type: object + thresholds: + description: The thresholds used to determine the + state of the scorecard given the time series' + current value. + items: + properties: + color: + description: The state color for this threshold. + Color is not allowed in a XyChart. + type: string + direction: + description: The direction for the current + threshold. Direction is not allowed in a + XyChart. + type: string + label: + description: A label for the threshold. + type: string + targetAxis: + description: The target axis to use for plotting + the threshold. Target axis is not allowed + in a Scorecard. + type: string + value: + description: The value of the threshold. The + value should be defined in the native scale + of the metric. + format: double + type: number + type: object + type: array + timeSeriesQuery: + description: Required. Fields for querying time + series data from the Stackdriver metrics API. + properties: + outputFullDuration: + description: Optional. If set, Cloud Monitoring + will treat the full query duration as the + alignment period so that there will be only + 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time series + with PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch time + series. + properties: + aggregation: + description: By default, the raw time series + data is returned. Use this field to combine + multiple time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This + will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where the + value of each data point in the resulting + series is a function of all the already + aligned values in the input time series. + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in a + single time series into temporal alignment. + Except for `ALIGN_NONE`, all alignments + cause all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for + each `alignment_period` with end timestamp + at the end of the period. + type: string + type: object + filter: + description: Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series filter. + properties: + direction: + description: How to use the ranking + to select time series that pass through + the filter. + type: string + numTimeSeries: + description: How many time series to + allow to pass through the filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` is applied + to each time series independently + to produce the value which will be + used to compare the time series to + other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This + will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where the + value of each data point in the resulting + series is a function of all the already + aligned values in the input time series. + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in a + single time series into temporal alignment. + Except for `ALIGN_NONE`, all alignments + cause all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for + each `alignment_period` with end timestamp + at the end of the period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio between + two time series filters. + properties: + denominator: + description: The denominator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the + data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the + data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series filter. + properties: + direction: + description: How to use the ranking + to select time series that pass through + the filter. + type: string + numTimeSeries: + description: How many time series to + allow to pass through the filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` is applied + to each time series independently + to produce the value which will be + used to compare the time series to + other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. This + will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where the + value of each data point in the resulting + series is a function of all the already + aligned values in the input time series. + type: string + groupByFields: + description: The set of fields to preserve + when `cross_series_reducer` is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in a + single time series into temporal alignment. + Except for `ALIGN_NONE`, all alignments + cause all the data points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point for + each `alignment_period` with end timestamp + at the end of the period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time series + with MQL. + type: string + unitOverride: + description: The unit of data contained in fetched + time series. If non-empty, this unit will + override any unit that accompanies fetched + data. The format is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + sectionHeader: + description: A widget that defines a section header + for easier navigation of the dashboard. + properties: + dividerBelow: + description: Whether to insert a divider below the + section in the table of contents + type: boolean + subtitle: + description: The subtitle of the section + type: string + type: object + singleViewGroup: + description: A widget that groups the other widgets + by using a dropdown menu. + type: object + text: + description: A raw string or markdown displaying textual + content. + properties: + content: + description: The text content to be displayed. + type: string + format: + description: How the text content is formatted. + type: string + style: + description: How the text is styled + properties: + backgroundColor: + description: The background color as a hex string. + "#RRGGBB" or "#RGB" + type: string + fontSize: + description: Font sizes for both the title and + content. The title will still be larger relative + to the content. + type: string + horizontalAlignment: + description: The horizontal alignment of both + the title and content + type: string + padding: + description: The amount of padding around the + widget + type: string + pointerLocation: + description: The pointer location for this widget + (also sometimes called a "tail") + type: string + textColor: + description: The text color as a hex string. + "#RRGGBB" or "#RGB" + type: string + verticalAlignment: + description: The vertical alignment of both + the title and content + type: string + type: object + type: object + timeSeriesTable: + description: A widget that displays time series data + in a tabular format. + properties: + columnSettings: + description: Optional. The list of the persistent + column settings for the table. + items: + properties: + column: + description: Required. The id of the column. + type: string + visible: + description: Required. Whether the column + should be visible on page load. + type: boolean + required: + - column + - visible + type: object + type: array + dataSets: + description: Required. The data displayed in this + table. + items: + properties: + minAlignmentPeriod: + description: Optional. The lower bound on + data point frequency for this data set. + type: string + tableDisplayOptions: + description: Optional. Table display options + for configuring how the table is rendered. + properties: + shownColumns: + description: Optional. This field is unused + and has been replaced by TimeSeriesTable.column_settings + items: + type: string + type: array + type: object + tableTemplate: + description: Optional. A template string for + naming `TimeSeries` in the resulting data + set. + type: string + timeSeriesQuery: + description: Required. Fields for querying + time series data from the Stackdriver metrics + API. + properties: + outputFullDuration: + description: Optional. If set, Cloud Monitoring + will treat the full query duration as + the alignment period so that there will + be only 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time + series with PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch + time series. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to other + time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio + between two time series filters. + properties: + denominator: + description: The denominator of the + ratio. + properties: + aggregation: + description: By default, the raw + time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in all + the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done + before the per-series aligner + can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, where + the value of each data point + in the resulting series + is a function of all the + already aligned values in + the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring the + data points in a single + time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all + the data points in an `alignment_period` + to be mathematically grouped + together, resulting in a + single data point for each + `alignment_period` with + end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the + ratio. + properties: + aggregation: + description: By default, the raw + time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in all + the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done + before the per-series aligner + can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, where + the value of each data point + in the resulting series + is a function of all the + already aligned values in + the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring the + data points in a single + time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all + the data points in an `alignment_period` + to be mathematically grouped + together, resulting in a + single data point for each + `alignment_period` with + end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to other + time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time + series with MQL. + type: string + unitOverride: + description: The unit of data contained + in fetched time series. If non-empty, + this unit will override any unit that + accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + type: object + type: array + metricVisualization: + description: Optional. Store rendering strategy + type: string + required: + - dataSets + type: object + title: + description: Optional. The title of the widget. + type: string + xyChart: + description: A chart of time series data. + properties: + chartOptions: + description: Display options for the chart. + properties: + mode: + description: The chart mode. + type: string + type: object + dataSets: + description: Required. The data displayed in this + chart. + items: + properties: + legendTemplate: + description: A template string for naming + `TimeSeries` in the resulting data set. + type: string + minAlignmentPeriod: + description: Optional. The lower bound on + data point frequency for this data set. + type: string + plotType: + description: How this data should be plotted + on the chart. + type: string + targetAxis: + description: Optional. The target axis to + use for plotting the metric. + type: string + timeSeriesQuery: + description: Fields for querying time series + data from the Stackdriver metrics API. + properties: + outputFullDuration: + description: Optional. If set, Cloud Monitoring + will treat the full query duration as + the alignment period so that there will + be only 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time + series with PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch + time series. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this + field to combine multiple time series + for different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to other + time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio + between two time series filters. + properties: + denominator: + description: The denominator of the + ratio. + properties: + aggregation: + description: By default, the raw + time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in all + the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done + before the per-series aligner + can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, where + the value of each data point + in the resulting series + is a function of all the + already aligned values in + the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring the + data points in a single + time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all + the data points in an `alignment_period` + to be mathematically grouped + together, resulting in a + single data point for each + `alignment_period` with + end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the + ratio. + properties: + aggregation: + description: By default, the raw + time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in all + the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done + before the per-series aligner + can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, where + the value of each data point + in the resulting series + is a function of all the + already aligned values in + the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring the + data points in a single + time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all + the data points in an `alignment_period` + to be mathematically grouped + together, resulting in a + single data point for each + `alignment_period` with + end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to other + time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time + series with MQL. + type: string + unitOverride: + description: The unit of data contained + in fetched time series. If non-empty, + this unit will override any unit that + accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + type: array + thresholds: + description: Threshold lines drawn horizontally + across the chart. + items: + properties: + color: + description: The state color for this threshold. + Color is not allowed in a XyChart. + type: string + direction: + description: The direction for the current + threshold. Direction is not allowed in a + XyChart. + type: string + label: + description: A label for the threshold. + type: string + targetAxis: + description: The target axis to use for plotting + the threshold. Target axis is not allowed + in a Scorecard. + type: string + value: + description: The value of the threshold. The + value should be defined in the native scale + of the metric. + format: double + type: number + type: object + type: array + timeshiftDuration: + description: The duration used to display a comparison + chart. + type: string + xAxis: + description: The properties applied to the x-axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: The axis scale. By default, a linear + scale is used. + type: string + type: object + y2Axis: + description: The properties applied to the y2-axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: The axis scale. By default, a linear + scale is used. + type: string + type: object + yAxis: + description: The properties applied to the y-axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: The axis scale. By default, a linear + scale is used. + type: string + type: object + required: + - dataSets + type: object + type: object + width: + description: The width of the tile, measured in grid blocks. + Tiles must have a minimum width of 1. + format: int32 + type: integer + xPos: + description: The zero-indexed position of the tile in grid + blocks relative to the left edge of the grid. Tiles must + be contained within the specified number of columns. `x_pos` + cannot be negative. + format: int32 + type: integer + yPos: + description: The zero-indexed position of the tile in grid + blocks relative to the top edge of the grid. `y_pos` cannot + be negative. + format: int32 + type: integer + type: object + type: array + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. + type: string + rowLayout: + description: The content is divided into equally spaced rows and the + widgets are arranged horizontally. + properties: + rows: + description: The rows of content to display. + items: + properties: + weight: + description: The relative weight of this row. The row weight + is used to adjust the height of rows on the screen (relative + to peers). + format: int64 + type: integer + widgets: + description: The display widgets arranged horizontally in + this row. + items: + properties: + alertChart: + description: A chart of alert policy data. + properties: + alertPolicyRef: + description: Required. A reference to the MonitoringAlertPolicy. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The MonitoringAlertPolicy link + in the form "projects/[PROJECT_ID_OR_NUMBER]/alertPolicies/[ALERT_POLICY_ID]", + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `MonitoringAlertPolicy` + resource. + type: string + namespace: + description: The `namespace` field of a `MonitoringAlertPolicy` + resource. + type: string + type: object + required: + - alertPolicyRef + type: object + blank: + description: A blank space. + type: object + collapsibleGroup: + description: A widget that groups the other widgets. + All widgets that are within the area spanned by + the grouping widget are considered member widgets. + properties: + collapsed: + description: The collapsed state of the widget + on first page load. + type: boolean + type: object + errorReportingPanel: + description: A widget that displays a list of error + groups. + properties: + projectRefs: + description: The projects from which to gather + errors. + items: + description: The Project that this resource + belongs to. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: The `projectID` field of a + project, when not managed by Config Connector. + type: string + kind: + description: The kind of the Project resource; + optional but must be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` + resource. + type: string + namespace: + description: The `namespace` field of a + `Project` resource. + type: string + type: object + type: array + services: + description: An identifier of the service, such + as the name of the executable, job, or Google + App Engine service name. This field is expected + to have a low number of values that are relatively + stable over time, as opposed to `version`, which + can be changed whenever new code is deployed. + items: + type: string + type: array + versions: + description: Represents the source code version + that the developer provided, which could represent + a version label or a Git SHA-1 hash, for example. + For App Engine standard environment, the version + is set to the version of the app. + items: + type: string + type: array + type: object + id: + description: Optional. The widget id. Ids may be made + up of alphanumerics, dashes and underscores. Widget + ids are optional. + type: string + incidentList: + description: A widget that shows list of incidents. + properties: + monitoredResources: + description: Optional. The monitored resource + for which incidents are listed. + items: + properties: + labels: + additionalProperties: + type: string + description: Required. Values for all of + the labels listed in the associated monitored + resource descriptor. + type: object + type: + description: Required. The monitored resource + type. This field must match the `type` + field of a [MonitoredResourceDescriptor][google.api.MonitoredResourceDescriptor] + object. + type: string + type: object + type: array + policyRefs: + description: Optional. A list of alert policies + to filter the incident list by. + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The MonitoringAlertPolicy link + in the form "projects/[PROJECT_ID_OR_NUMBER]/alertPolicies/[ALERT_POLICY_ID]", + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `MonitoringAlertPolicy` + resource. + type: string + namespace: + description: The `namespace` field of a + `MonitoringAlertPolicy` resource. + type: string + type: object + type: array + type: object + logsPanel: + description: A widget that shows a stream of logs. + properties: + filter: + description: A filter that chooses which log entries + to return. See [Advanced Logs Queries](https://cloud.google.com/logging/docs/view/advanced-queries). + type: string + resourceNames: + description: The names of logging resources to + collect logs for. + items: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: The external name of the referenced + resource + type: string + kind: + description: Kind of the referent. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + pieChart: + description: A widget that displays timeseries data + as a pie chart. + properties: + chartType: + description: Required. Indicates the visualization + type for the PieChart. + type: string + dataSets: + description: Required. The queries for the chart's + data. + items: + properties: + minAlignmentPeriod: + description: Optional. The lower bound on + data point frequency for this data set. + type: string + sliceNameTemplate: + description: Optional. A template for the + name of the slice. + type: string + timeSeriesQuery: + description: Required. The query for the + PieChart. See, `google.monitoring.dashboard.v1.TimeSeriesQuery`. + properties: + outputFullDuration: + description: Optional. If set, Cloud + Monitoring will treat the full query + duration as the alignment period so + that there will be only 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time + series with PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch + time series. + properties: + aggregation: + description: By default, the raw + time series data is returned. + Use this field to combine multiple + time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: How to use the + ranking to select time series + that pass through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio + between two time series filters. + properties: + denominator: + description: The denominator of + the ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. + type: string + type: object + filter: + description: The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the + ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. + type: string + type: object + filter: + description: The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: How to use the + ranking to select time series + that pass through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time + series with MQL. + type: string + unitOverride: + description: The unit of data contained + in fetched time series. If non-empty, + this unit will override any unit that + accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + type: array + showLabels: + description: Optional. Indicates whether or not + the pie chart should show slices' labels + type: boolean + required: + - chartType + - dataSets + type: object + scorecard: + description: A scorecard summarizing time series data. + properties: + blankView: + description: Will cause the `Scorecard` to show + only the value, with no indicator to its value + relative to its thresholds. + type: object + gaugeView: + description: Will cause the scorecard to show + a gauge chart. + properties: + lowerBound: + description: The lower bound for this gauge + chart. The value of the chart should always + be greater than or equal to this. + format: double + type: number + upperBound: + description: The upper bound for this gauge + chart. The value of the chart should always + be less than or equal to this. + format: double + type: number + type: object + sparkChartView: + description: Will cause the scorecard to show + a spark chart. + properties: + minAlignmentPeriod: + description: The lower bound on data point + frequency in the chart implemented by specifying + the minimum alignment period to use in a + time series query. + type: string + sparkChartType: + description: Required. The type of sparkchart + to show in this chartView. + type: string + required: + - sparkChartType + type: object + thresholds: + description: The thresholds used to determine + the state of the scorecard given the time series' + current value. + items: + properties: + color: + description: The state color for this threshold. + Color is not allowed in a XyChart. + type: string + direction: + description: The direction for the current + threshold. Direction is not allowed in + a XyChart. + type: string + label: + description: A label for the threshold. + type: string + targetAxis: + description: The target axis to use for + plotting the threshold. Target axis is + not allowed in a Scorecard. + type: string + value: + description: The value of the threshold. + The value should be defined in the native + scale of the metric. + format: double + type: number + type: object + type: array + timeSeriesQuery: + description: Required. Fields for querying time + series data from the Stackdriver metrics API. + properties: + outputFullDuration: + description: Optional. If set, Cloud Monitoring + will treat the full query duration as the + alignment period so that there will be only + 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time series + with PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch time + series. + properties: + aggregation: + description: By default, the raw time + series data is returned. Use this field + to combine multiple time series for + different views of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, resources, + and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio between + two time series filters. + properties: + denominator: + description: The denominator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the ratio. + properties: + aggregation: + description: By default, the raw time + series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in + seconds, that is used to divide + the data in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the + per-series aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point + in the resulting series is a + function of all the already + aligned values in the input + time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points in + an `alignment_period` to be + mathematically grouped together, + resulting in a single data point + for each `alignment_period` + with end timestamp at the end + of the period. + type: string + type: object + filter: + description: The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time series + filter. + properties: + direction: + description: How to use the ranking + to select time series that pass + through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` is + applied to each time series independently + to produce the value which will + be used to compare the time series + to other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, in seconds, + that is used to divide the data + in all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of time. + This will be done before the per-series + aligner can be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time series + into a single time series, where + the value of each data point in + the resulting series is a function + of all the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields to + preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points in + a single time series into temporal + alignment. Except for `ALIGN_NONE`, + all alignments cause all the data + points in an `alignment_period` + to be mathematically grouped together, + resulting in a single data point + for each `alignment_period` with + end timestamp at the end of the + period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time series + with MQL. + type: string + unitOverride: + description: The unit of data contained in + fetched time series. If non-empty, this + unit will override any unit that accompanies + fetched data. The format is the same as + the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + sectionHeader: + description: A widget that defines a section header + for easier navigation of the dashboard. + properties: + dividerBelow: + description: Whether to insert a divider below + the section in the table of contents + type: boolean + subtitle: + description: The subtitle of the section + type: string + type: object + singleViewGroup: + description: A widget that groups the other widgets + by using a dropdown menu. + type: object + text: + description: A raw string or markdown displaying textual + content. + properties: + content: + description: The text content to be displayed. + type: string + format: + description: How the text content is formatted. + type: string + style: + description: How the text is styled + properties: + backgroundColor: + description: The background color as a hex + string. "#RRGGBB" or "#RGB" + type: string + fontSize: + description: Font sizes for both the title + and content. The title will still be larger + relative to the content. + type: string + horizontalAlignment: + description: The horizontal alignment of both + the title and content + type: string + padding: + description: The amount of padding around + the widget + type: string + pointerLocation: + description: The pointer location for this + widget (also sometimes called a "tail") + type: string + textColor: + description: The text color as a hex string. + "#RRGGBB" or "#RGB" + type: string + verticalAlignment: + description: The vertical alignment of both + the title and content + type: string + type: object + type: object + timeSeriesTable: + description: A widget that displays time series data + in a tabular format. + properties: + columnSettings: + description: Optional. The list of the persistent + column settings for the table. + items: + properties: + column: + description: Required. The id of the column. + type: string + visible: + description: Required. Whether the column + should be visible on page load. + type: boolean + required: + - column + - visible + type: object + type: array + dataSets: + description: Required. The data displayed in this + table. + items: + properties: + minAlignmentPeriod: + description: Optional. The lower bound on + data point frequency for this data set. + type: string + tableDisplayOptions: + description: Optional. Table display options + for configuring how the table is rendered. + properties: + shownColumns: + description: Optional. This field is + unused and has been replaced by TimeSeriesTable.column_settings + items: + type: string + type: array + type: object + tableTemplate: + description: Optional. A template string + for naming `TimeSeries` in the resulting + data set. + type: string + timeSeriesQuery: + description: Required. Fields for querying + time series data from the Stackdriver + metrics API. + properties: + outputFullDuration: + description: Optional. If set, Cloud + Monitoring will treat the full query + duration as the alignment period so + that there will be only 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time + series with PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch + time series. + properties: + aggregation: + description: By default, the raw + time series data is returned. + Use this field to combine multiple + time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: How to use the + ranking to select time series + that pass through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio + between two time series filters. + properties: + denominator: + description: The denominator of + the ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. + type: string + type: object + filter: + description: The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the + ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. + type: string + type: object + filter: + description: The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: How to use the + ranking to select time series + that pass through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time + series with MQL. + type: string + unitOverride: + description: The unit of data contained + in fetched time series. If non-empty, + this unit will override any unit that + accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + type: object + type: array + metricVisualization: + description: Optional. Store rendering strategy + type: string + required: + - dataSets + type: object + title: + description: Optional. The title of the widget. + type: string + xyChart: + description: A chart of time series data. + properties: + chartOptions: + description: Display options for the chart. + properties: + mode: + description: The chart mode. + type: string + type: object + dataSets: + description: Required. The data displayed in this + chart. + items: + properties: + legendTemplate: + description: A template string for naming + `TimeSeries` in the resulting data set. + type: string + minAlignmentPeriod: + description: Optional. The lower bound on + data point frequency for this data set. + type: string + plotType: + description: How this data should be plotted + on the chart. + type: string + targetAxis: + description: Optional. The target axis to + use for plotting the metric. + type: string + timeSeriesQuery: + description: Fields for querying time series + data from the Stackdriver metrics API. + properties: + outputFullDuration: + description: Optional. If set, Cloud + Monitoring will treat the full query + duration as the alignment period so + that there will be only 1 output value. + type: boolean + prometheusQuery: + description: A query used to fetch time + series with PromQL. + type: string + timeSeriesFilter: + description: Filter parameters to fetch + time series. + properties: + aggregation: + description: By default, the raw + time series data is returned. + Use this field to combine multiple + time series for different views + of the data. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + filter: + description: Required. The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric types, + resources, and projects to query. + type: string + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: How to use the + ranking to select time series + that pass through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after `aggregation` is applied. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + required: + - filter + type: object + timeSeriesFilterRatio: + description: Parameters to fetch a ratio + between two time series filters. + properties: + denominator: + description: The denominator of + the ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. + type: string + type: object + filter: + description: The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + numerator: + description: The numerator of the + ratio. + properties: + aggregation: + description: By default, the + raw time series data is returned. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used + to divide the data in + all the [time series][google.monitoring.v3.TimeSeries] + into consistent blocks + of time. This will be + done before the per-series + aligner can be applied + to the data. + type: string + crossSeriesReducer: + description: The reduction + operation to be used to + combine time series into + a single time series, + where the value of each + data point in the resulting + series is a function of + all the already aligned + values in the input time + series. + type: string + groupByFields: + description: The set of + fields to preserve when + `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` + describes how to bring + the data points in a single + time series into temporal + alignment. Except for + `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` + to be mathematically grouped + together, resulting in + a single data point for + each `alignment_period` + with end timestamp at + the end of the period. + type: string + type: object + filter: + description: The [monitoring + filter](https://cloud.google.com/monitoring/api/v3/filters) + that identifies the metric + types, resources, and projects + to query. + type: string + required: + - filter + type: object + pickTimeSeriesFilter: + description: Ranking based time + series filter. + properties: + direction: + description: How to use the + ranking to select time series + that pass through the filter. + type: string + numTimeSeries: + description: How many time series + to allow to pass through the + filter. + format: int32 + type: integer + rankingMethod: + description: '`ranking_method` + is applied to each time series + independently to produce the + value which will be used to + compare the time series to + other time series.' + type: string + type: object + secondaryAggregation: + description: Apply a second aggregation + after the ratio is computed. + properties: + alignmentPeriod: + description: The `alignment_period` + specifies a time interval, + in seconds, that is used to + divide the data in all the + [time series][google.monitoring.v3.TimeSeries] + into consistent blocks of + time. This will be done before + the per-series aligner can + be applied to the data. + type: string + crossSeriesReducer: + description: The reduction operation + to be used to combine time + series into a single time + series, where the value of + each data point in the resulting + series is a function of all + the already aligned values + in the input time series. + type: string + groupByFields: + description: The set of fields + to preserve when `cross_series_reducer` + is specified. + items: + type: string + type: array + perSeriesAligner: + description: An `Aligner` describes + how to bring the data points + in a single time series into + temporal alignment. Except + for `ALIGN_NONE`, all alignments + cause all the data points + in an `alignment_period` to + be mathematically grouped + together, resulting in a single + data point for each `alignment_period` + with end timestamp at the + end of the period. + type: string + type: object + type: object + timeSeriesQueryLanguage: + description: A query used to fetch time + series with MQL. + type: string + unitOverride: + description: The unit of data contained + in fetched time series. If non-empty, + this unit will override any unit that + accompanies fetched data. The format + is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) + field in `MetricDescriptor`. + type: string + type: object + required: + - timeSeriesQuery + type: object + type: array + thresholds: + description: Threshold lines drawn horizontally + across the chart. + items: + properties: + color: + description: The state color for this threshold. + Color is not allowed in a XyChart. + type: string + direction: + description: The direction for the current + threshold. Direction is not allowed in + a XyChart. + type: string + label: + description: A label for the threshold. + type: string + targetAxis: + description: The target axis to use for + plotting the threshold. Target axis is + not allowed in a Scorecard. + type: string + value: + description: The value of the threshold. + The value should be defined in the native + scale of the metric. + format: double + type: number + type: object + type: array + timeshiftDuration: + description: The duration used to display a comparison + chart. + type: string + xAxis: + description: The properties applied to the x-axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: The axis scale. By default, a + linear scale is used. + type: string + type: object + y2Axis: + description: The properties applied to the y2-axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: The axis scale. By default, a + linear scale is used. + type: string + type: object + yAxis: + description: The properties applied to the y-axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: The axis scale. By default, a + linear scale is used. + type: string + type: object + required: + - dataSets + type: object + type: object + type: array + type: object + type: array + type: object + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observations + of the MonitoringDashboard's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: \`etag\` is used for optimistic concurrency control as + a way to help prevent simultaneous updates of a policy from overwriting + each other. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringgroups.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringGroup + plural: monitoringgroups + shortNames: + - gcpmonitoringgroup + - gcpmonitoringgroups + singular: monitoringgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: A user-assigned name for this group, used only for display + purposes. + type: string + filter: + description: The filter used to determine which monitored resources + belong to this group. + type: string + isCluster: + description: If true, the members of this group are considered to + be a cluster. The system can perform additional analysis on groups + that are clusters. + type: boolean + parentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of the group's parent, if it has one. The format is: projects/ For groups with no parent, `parent_name` is the empty string, ``. + + Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project of the group + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - filter + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringmetricdescriptors.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringMetricDescriptor + plural: monitoringmetricdescriptors + shortNames: + - gcpmonitoringmetricdescriptor + - gcpmonitoringmetricdescriptors + singular: monitoringmetricdescriptor + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. A detailed description of the metric, which + can be used in documentation. + type: string + displayName: + description: Immutable. A concise name for the metric, which can be + displayed in user interfaces. Use sentence case without an ending + period, for example "Request count". This field is optional but + it is recommended to be set for any metrics associated with user-visible + concepts, such as Quota. + type: string + labels: + description: Immutable. The set of labels that can be used to describe + a specific instance of this metric type. For example, the `appengine.googleapis.com/http/server/response_latencies` + metric type has a label for the HTTP response code, `response_code`, + so you can look at latencies for successful responses or just for + responses that failed. + items: + properties: + description: + description: Immutable. A human-readable description for the + label. + type: string + key: + description: 'Immutable. The key for this label. The key must + meet the following criteria: * Does not exceed 100 characters. + * Matches the following regular expression: `a-zA-Z*` * The + first character must be an upper- or lower-case letter. * + The remaining characters must be letters, digits, or underscores.' + type: string + valueType: + description: 'Immutable. The type of data that can be assigned + to the label. Possible values: STRING, BOOL, INT64' + type: string + type: object + type: array + launchStage: + description: 'Immutable. Optional. The launch stage of the metric + definition. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, + PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + type: string + metadata: + description: Immutable. Optional. Metadata which can be used to guide + usage of the metric. + properties: + ingestDelay: + description: Immutable. The delay of data points caused by ingestion. + Data points older than this age are guaranteed to be ingested + and available to be read, excluding data loss due to errors. + type: string + launchStage: + description: 'Immutable. Deprecated. Must use the MetricDescriptor.launch_stage + instead. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, + PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + type: string + samplePeriod: + description: Immutable. The sampling period of metric data points. + For metrics which are written periodically, consecutive data + points are stored at this time interval, excluding data loss + due to errors. Metrics with a higher granularity have a smaller + sampling period. + type: string + type: object + metricKind: + description: 'Immutable. Whether the metric records instantaneous + values, changes to a value, etc. Some combinations of `metric_kind` + and `value_type` might not be supported. Possible values: METRIC_KIND_UNSPECIFIED, + GAUGE, DELTA, CUMULATIVE' + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: 'Immutable. The metric type, including its DNS name prefix. + The type is not URL-encoded. All user-defined metric types have + the DNS name `custom.googleapis.com` or `external.googleapis.com`. + Metric types should use a natural hierarchical grouping. For example: + "custom.googleapis.com/invoice/paid/amount" "external.googleapis.com/prometheus/up" + "appengine.googleapis.com/http/server/response_latencies"' + type: string + unit: + description: 'Immutable. The units in which the metric value is reported. + It is only applicable if the `value_type` is `INT64`, `DOUBLE`, + or `DISTRIBUTION`. The `unit` defines the representation of the + stored metric values. Different systems might scale the values to + be more easily displayed (so a value of `0.02kBy` _might_ be displayed + as `20By`, and a value of `3523kBy` _might_ be displayed as `3.5MBy`). + However, if the `unit` is `kBy`, then the value of the metric is + always in thousands of bytes, no matter how it might be displayed. + If you want a custom metric to record the exact number of CPU-seconds + used by a job, you can create an `INT64 CUMULATIVE` metric whose + `unit` is `s{CPU}` (or equivalently `1s{CPU}` or just `s`). If the + job uses 12,005 CPU-seconds, then the value is written as `12005`. + Alternatively, if you want a custom metric to record data in a more + granular way, you can create a `DOUBLE CUMULATIVE` metric whose + `unit` is `ks{CPU}`, and then write the value `12.005` (which is + `12005/1000`), or use `Kis{CPU}` and write `11.723` (which is `12005/1024`). + The supported units are a subset of [The Unified Code for Units + of Measure](https://unitsofmeasure.org/ucum.html) standard: **Basic + units (UNIT)** * `bit` bit * `By` byte * `s` second * `min` minute + * `h` hour * `d` day * `1` dimensionless **Prefixes (PREFIX)** * + `k` kilo (10^3) * `M` mega (10^6) * `G` giga (10^9) * `T` tera (10^12) + * `P` peta (10^15) * `E` exa (10^18) * `Z` zetta (10^21) * `Y` yotta + (10^24) * `m` milli (10^-3) * `u` micro (10^-6) * `n` nano (10^-9) + * `p` pico (10^-12) * `f` femto (10^-15) * `a` atto (10^-18) * `z` + zepto (10^-21) * `y` yocto (10^-24) * `Ki` kibi (2^10) * `Mi` mebi + (2^20) * `Gi` gibi (2^30) * `Ti` tebi (2^40) * `Pi` pebi (2^50) + **Grammar** The grammar also includes these connectors: * `/` division + or ratio (as an infix operator). For examples, `kBy/{email}` or + `MiBy/10ms` (although you should almost never have `/s` in a metric + `unit`; rates should always be computed at query time from the underlying + cumulative or delta value). * `.` multiplication or composition + (as an infix operator). For examples, `GBy.d` or `k{watt}.h`. The + grammar for a unit is as follows: Expression = Component: { "." + Component } { "/" Component } ; Component = ( [ PREFIX ] UNIT | + "%" ) [ Annotation ] | Annotation | "1" ; Annotation = "{" NAME + "}" ; Notes: * `Annotation` is just a comment if it follows a `UNIT`. + If the annotation is used alone, then the unit is equivalent to + `1`. For examples, `{request}/s == 1/s`, `By{transmitted}/s == By/s`. + * `NAME` is a sequence of non-blank printable ASCII characters not + containing `{` or `}`. * `1` represents a unitary [dimensionless + unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) of 1, + such as in `1/s`. It is typically used when none of the basic units + are appropriate. For example, "new users per day" can be represented + as `1/d` or `{new-users}/d` (and a metric value `5` would mean "5 + new users). Alternatively, "thousands of page views per day" would + be represented as `1000/d` or `k1/d` or `k{page_views}/d` (and a + metric value of `5.3` would mean "5300 page views per day"). * `%` + represents dimensionless value of 1/100, and annotates values giving + a percentage (so the metric values are typically in the range of + 0..100, and a metric value `3` means "3 percent"). * `10^2.%` indicates + a metric contains a ratio, typically in the range 0..1, that will + be multiplied by 100 and displayed as a percentage (so a metric + value `0.03` means "3 percent").' + type: string + valueType: + description: 'Immutable. Whether the measurement is an integer, a + floating-point number, etc. Some combinations of `metric_kind` and + `value_type` might not be supported. Possible values: STRING, BOOL, + INT64' + type: string + required: + - metricKind + - projectRef + - type + - valueType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + monitoredResourceTypes: + description: Read-only. If present, then a time series, which is identified + partially by a metric type and a MonitoredResourceDescriptor, that + is associated with this metric type can only be associated with + one of the monitored resource types listed here. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The resource name of the metric descriptor. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringmonitoredprojects.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringMonitoredProject + plural: monitoringmonitoredprojects + shortNames: + - gcpmonitoringmonitoredproject + - gcpmonitoringmonitoredprojects + singular: monitoringmonitoredproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + metricsScope: + description: 'Immutable. Required. The resource name of the existing + Metrics Scope that will monitor this project. Example: locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}' + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - metricsScope + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when this `MonitoredProject` was + created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: monitoringnotificationchannels.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringNotificationChannel + plural: monitoringnotificationchannels + shortNames: + - gcpmonitoringnotificationchannel + - gcpmonitoringnotificationchannels + singular: monitoringnotificationchannel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional human-readable description of this notification + channel. This description may provide additional details, beyond + the display name, for the channel. This may not exceed 1024 Unicode + characters. + type: string + enabled: + description: Whether notifications are forwarded to the described + channel. This makes it possible to disable delivery of notifications + to a particular channel without removing the channel from all alerting + policies that reference the channel. This is a more convenient approach + when the change is temporary and you want to receive notifications + from the same set of alerting policies on the channel at some point + in the future. + type: boolean + forceDelete: + description: |- + If true, the notification channel will be deleted regardless + of its use in alert policies (the policies will be updated + to remove the channel). If false, channels that are still + referenced by an existing alerting policy will fail to be + deleted in a delete operation. + type: boolean + labels: + additionalProperties: + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + sensitiveLabels: + description: |- + Different notification type behaviors are configured primarily using the the 'labels' field on this + resource. This block contains the labels which contain secrets or passwords so that they can be marked + sensitive and hidden from plan output. The name of the field, eg: password, will be the key + in the 'labels' map in the api request. + + Credentials may not be specified in both locations and will cause an error. Changing from one location + to a different credential configuration in the config will require an apply to update state. + properties: + authToken: + description: 'An authorization token for a notification channel. + Channel types that support this field include: slack.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + password: + description: 'An password for a notification channel. Channel + types that support this field include: webhook_basicauth.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + serviceKey: + description: 'An servicekey token for a notification channel. + Channel types that support this field include: pagerduty.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + type: object + type: + description: The type of the notification channel. This field matches + the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list + to get the list of valid values such as "email", "slack", etc... + type: string + required: + - type + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The full REST resource name for this channel. The syntax is: + projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID] + The [CHANNEL_ID] is automatically assigned by the server on creation. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + verificationStatus: + description: Indicates whether this channel has been verified or not. + On a ListNotificationChannels or GetNotificationChannel operation, + this field is expected to be populated.If the value is UNVERIFIED, + then it indicates that the channel is non-functioning (it both requires + verification and lacks verification); otherwise, it is assumed that + the channel works.If the channel is neither VERIFIED nor UNVERIFIED, + it implies that the channel is of a type that does not require verification + or that this specific channel has been exempted from verification + because it was created prior to verification being required for + channels of this type.This field cannot be modified using a standard + UpdateNotificationChannel operation. To change the value of this + field, you must call VerifyNotificationChannel. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringservicelevelobjectives.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringServiceLevelObjective + plural: monitoringservicelevelobjectives + shortNames: + - gcpmonitoringservicelevelobjective + - gcpmonitoringservicelevelobjectives + singular: monitoringservicelevelobjective + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + calendarPeriod: + description: 'A calendar period, semantically "since the start of + the current ``". At this time, only `DAY`, `WEEK`, `FORTNIGHT`, + and `MONTH` are supported. Possible values: CALENDAR_PERIOD_UNSPECIFIED, + DAY, WEEK, FORTNIGHT, MONTH, QUARTER, HALF, YEAR' + type: string + displayName: + description: Name used for UI elements listing this SLO. + type: string + goal: + description: The fraction of service that must be good in order for + this objective to be met. `0 < goal <= 0.999`. + format: double + type: number + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rollingPeriod: + description: A rolling time period, semantically "in the past ``". + Must be an integer multiple of 1 day no larger than 30 days. + type: string + serviceLevelIndicator: + description: The definition of good service, used to measure and calculate + the quality of the `Service`'s performance with respect to a single + aspect of service quality. + properties: + basicSli: + description: Basic SLI on a well-known service type. + properties: + availability: + description: Good service is defined to be the count of requests + made to this service that return successfully. + type: object + x-kubernetes-preserve-unknown-fields: true + latency: + description: Good service is defined to be the count of requests + made to this service that are fast enough with respect to + `latency.threshold`. + properties: + experience: + description: 'A description of the experience associated + with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, + DELIGHTING, SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the count of + requests made to this service that return in no more + than `threshold`. + type: string + type: object + location: + description: 'OPTIONAL: The set of locations to which this + SLI is relevant. Telemetry from other locations will not + be used to calculate performance for this SLI. If omitted, + this SLI applies to all locations in which the Service has + activity. For service types that don''t support breaking + down by location, setting this field will result in an error.' + items: + type: string + type: array + method: + description: 'OPTIONAL: The set of RPCs to which this SLI + is relevant. Telemetry from other methods will not be used + to calculate performance for this SLI. If omitted, this + SLI applies to all the Service''s methods. For service types + that don''t support breaking down by method, setting this + field will result in an error.' + items: + type: string + type: array + operationAvailability: + description: Good service is defined to be the count of operations + performed by this service that return successfully + type: object + x-kubernetes-preserve-unknown-fields: true + operationLatency: + description: Good service is defined to be the count of operations + performed by this service that are fast enough with respect + to `operation_latency.threshold`. + properties: + experience: + description: 'A description of the experience associated + with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, + DELIGHTING, SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the count of + operations that are completed in no more than `threshold`. + type: string + type: object + version: + description: 'OPTIONAL: The set of API versions to which this + SLI is relevant. Telemetry from other API versions will + not be used to calculate performance for this SLI. If omitted, + this SLI applies to all API versions. For service types + that don''t support breaking down by version, setting this + field will result in an error.' + items: + type: string + type: array + type: object + requestBased: + description: Request-based SLIs + properties: + distributionCut: + description: '`distribution_cut` is used when `good_service` + is a count of values aggregated in a `Distribution` that + fall into a good range. The `total_service` is the total + count of all values aggregated in the `Distribution`.' + properties: + distributionFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` aggregating values. Must have + `ValueType = DISTRIBUTION` and `MetricKind = DELTA` + or `MetricKind = CUMULATIVE`. + type: string + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + type: object + goodTotalRatio: + description: '`good_total_ratio` is used when the ratio of + `good_service` to `total_service` is computed from two `TimeSeries`.' + properties: + badServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying bad service, either + demanded service that was not provided or demanded service + that was of inadequate quality. Must have `ValueType + = DOUBLE` or `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + goodServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying good service provided. + Must have `ValueType = DOUBLE` or `ValueType = INT64` + and must have `MetricKind = DELTA` or `MetricKind = + CUMULATIVE`. + type: string + totalServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying total demanded + service. Must have `ValueType = DOUBLE` or `ValueType + = INT64` and must have `MetricKind = DELTA` or `MetricKind + = CUMULATIVE`. + type: string + type: object + type: object + windowsBased: + description: Windows-based SLIs + properties: + goodBadMetricFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` with `ValueType = BOOL`. The window + is good if any `true` values appear in the window. + type: string + goodTotalRatioThreshold: + description: A window is good if its `performance` is high + enough. + properties: + basicSliPerformance: + description: '`BasicSli` to evaluate to judge window quality.' + properties: + availability: + description: Good service is defined to be the count + of requests made to this service that return successfully. + type: object + x-kubernetes-preserve-unknown-fields: true + latency: + description: Good service is defined to be the count + of requests made to this service that are fast enough + with respect to `latency.threshold`. + properties: + experience: + description: 'A description of the experience + associated with failing requests. Possible values: + LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, + SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the + count of requests made to this service that + return in no more than `threshold`. + type: string + type: object + location: + description: 'OPTIONAL: The set of locations to which + this SLI is relevant. Telemetry from other locations + will not be used to calculate performance for this + SLI. If omitted, this SLI applies to all locations + in which the Service has activity. For service types + that don''t support breaking down by location, setting + this field will result in an error.' + items: + type: string + type: array + method: + description: 'OPTIONAL: The set of RPCs to which this + SLI is relevant. Telemetry from other methods will + not be used to calculate performance for this SLI. + If omitted, this SLI applies to all the Service''s + methods. For service types that don''t support breaking + down by method, setting this field will result in + an error.' + items: + type: string + type: array + operationAvailability: + description: Good service is defined to be the count + of operations performed by this service that return + successfully + type: object + x-kubernetes-preserve-unknown-fields: true + operationLatency: + description: Good service is defined to be the count + of operations performed by this service that are + fast enough with respect to `operation_latency.threshold`. + properties: + experience: + description: 'A description of the experience + associated with failing requests. Possible values: + LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, + SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the + count of operations that are completed in no + more than `threshold`. + type: string + type: object + version: + description: 'OPTIONAL: The set of API versions to + which this SLI is relevant. Telemetry from other + API versions will not be used to calculate performance + for this SLI. If omitted, this SLI applies to all + API versions. For service types that don''t support + breaking down by version, setting this field will + result in an error.' + items: + type: string + type: array + type: object + performance: + description: '`RequestBasedSli` to evaluate to judge window + quality.' + properties: + distributionCut: + description: '`distribution_cut` is used when `good_service` + is a count of values aggregated in a `Distribution` + that fall into a good range. The `total_service` + is the total count of all values aggregated in the + `Distribution`.' + properties: + distributionFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` aggregating values. + Must have `ValueType = DISTRIBUTION` and `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + range: + description: Range of values considered "good." + For a one-sided range, set one bound to an infinite + value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + type: object + goodTotalRatio: + description: '`good_total_ratio` is used when the + ratio of `good_service` to `total_service` is computed + from two `TimeSeries`.' + properties: + badServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying bad service, + either demanded service that was not provided + or demanded service that was of inadequate quality. + Must have `ValueType = DOUBLE` or `ValueType + = INT64` and must have `MetricKind = DELTA` + or `MetricKind = CUMULATIVE`. + type: string + goodServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying good service + provided. Must have `ValueType = DOUBLE` or + `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + totalServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying total + demanded service. Must have `ValueType = DOUBLE` + or `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + type: object + type: object + threshold: + description: If window `performance >= threshold`, the + window is counted as good. + format: double + type: number + type: object + metricMeanInRange: + description: A window is good if the metric's value is in + a good range, averaged across returned streams. + properties: + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + timeSeries: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying the `TimeSeries` to use for evaluating window + quality. + type: string + type: object + metricSumInRange: + description: A window is good if the metric's value is in + a good range, summed across returned streams. + properties: + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + timeSeries: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying the `TimeSeries` to use for evaluating window + quality. + type: string + type: object + windowPeriod: + description: Duration over which window quality is evaluated. + Must be an integer fraction of a day and at least `60s`. + type: string + type: object + type: object + serviceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The service for the resource + + Allowed value: The Google Cloud resource name of a `MonitoringService` resource (format: `projects/{{project}}/services/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - goal + - projectRef + - serviceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time stamp of the `Create` or most recent `Update` command + on this `Slo`. + format: date-time + type: string + deleteTime: + description: Time stamp of the `Update` or `Delete` command that made + this no longer a current `Slo`. This field is not populated in `ServiceLevelObjective`s + returned from calls to `GetServiceLevelObjective` and `ListServiceLevelObjectives`, + because it is always empty in the current version. It is populated + in `ServiceLevelObjective`s representing previous versions in the + output of `ListServiceLevelObjectiveVersions`. Because all old configuration + versions are stored, `Update` operations mark the obsoleted version + as deleted. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + serviceManagementOwned: + description: Output only. If set, this SLO is managed at the [Service + Management](https://cloud.google.com/service-management/overview) + level. Therefore the service yaml file is the source of truth for + this SLO, and API `Update` and `Delete` operations are forbidden. + type: boolean + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringservices.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringService + plural: monitoringservices + shortNames: + - gcpmonitoringservice + - gcpmonitoringservices + singular: monitoringservice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Name used for UI elements listing this Service. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + telemetry: + description: Configuration for how to query telemetry on a Service. + properties: + resourceName: + description: The full name of the resource that defines this service. + Formatted as described in https://cloud.google.com/apis/design/resource_names. + type: string + type: object + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringuptimecheckconfigs.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringUptimeCheckConfig + plural: monitoringuptimecheckconfigs + shortNames: + - gcpmonitoringuptimecheckconfig + - gcpmonitoringuptimecheckconfigs + singular: monitoringuptimecheckconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + contentMatchers: + description: The content that is expected to appear in the data returned + by the target server against which the check is run. Currently, + only the first entry in the `content_matchers` list is supported, + and additional entries will be ignored. This field is optional and + should only be specified if a content match is required as part + of the/ Uptime check. + items: + properties: + content: + type: string + matcher: + description: ' Possible values: CONTENT_MATCHER_OPTION_UNSPECIFIED, + CONTAINS_STRING, NOT_CONTAINS_STRING, MATCHES_REGEX, NOT_MATCHES_REGEX' + type: string + required: + - content + type: object + type: array + displayName: + description: A human-friendly name for the Uptime check configuration. + The display name should be unique within a Stackdriver Workspace + in order to make it easier to identify; however, uniqueness is not + enforced. Required. + type: string + httpCheck: + description: Contains information needed to make an HTTP or HTTPS + check. + properties: + authInfo: + description: The authentication information. Optional when creating + an HTTP check; defaults to empty. + properties: + password: + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + type: string + required: + - password + - username + type: object + body: + description: 'The request body associated with the HTTP POST request. + If `content_type` is `URL_ENCODED`, the body passed in must + be URL-encoded. Users can provide a `Content-Length` header + via the `headers` field or the API will do so. If the `request_method` + is `GET` and `body` is not empty, the API will return an error. + The maximum byte size is 1 megabyte. Note: As with all `bytes` + fields JSON representations are base64 encoded. e.g.: "foo=bar" + in URL-encoded form is "foo%3Dbar" and in base64 encoding is + "Zm9vJTI1M0RiYXI=".' + type: string + contentType: + description: 'Immutable. The content type to use for the check. Possible + values: TYPE_UNSPECIFIED, URL_ENCODED' + type: string + headers: + additionalProperties: + type: string + description: The list of headers to send as part of the Uptime + check request. If two headers have the same key and different + values, they should be entered as a single header, with the + value being a comma-separated list of all the desired values + as described at https://www.w3.org/Protocols/rfc2616/rfc2616.txt + (page 31). Entering two separate headers with the same key in + a Create call will cause the first to be overwritten by the + second. The maximum number of headers allowed is 100. + type: object + maskHeaders: + description: Immutable. Boolean specifying whether to encrypt + the header information. Encryption should be specified for any + headers related to authentication that you do not wish to be + seen when retrieving the configuration. The server will be responsible + for encrypting the headers. On Get/List calls, if `mask_headers` + is set to `true` then the headers will be obscured with `******.` + type: boolean + path: + description: Optional (defaults to "/"). The path to the page + against which to run the check. Will be combined with the `host` + (specified within the `monitored_resource`) and `port` to construct + the full URL. If the provided path does not begin with "/", + a "/" will be prepended automatically. + type: string + port: + description: Optional (defaults to 80 when `use_ssl` is `false`, + and 443 when `use_ssl` is `true`). The TCP port on the HTTP + server against which to run the check. Will be combined with + host (specified within the `monitored_resource`) and `path` + to construct the full URL. + format: int64 + type: integer + requestMethod: + description: Immutable. The HTTP request method to use for the + check. If set to `METHOD_UNSPECIFIED` then `request_method` + defaults to `GET`. + type: string + useSsl: + description: If `true`, use HTTPS instead of HTTP to run the check. + type: boolean + validateSsl: + description: Boolean specifying whether to include SSL certificate + validation as a part of the Uptime check. Only applies to checks + where `monitored_resource` is set to `uptime_url`. If `use_ssl` + is `false`, setting `validate_ssl` to `true` has no effect. + type: boolean + type: object + monitoredResource: + description: 'Immutable. The [monitored resource](https://cloud.google.com/monitoring/api/resources) + associated with the configuration. The following monitored resource + types are supported for Uptime checks: `uptime_url`, `gce_instance`, `gae_app`, `aws_ec2_instance`, `aws_elb_load_balancer`' + properties: + filterLabels: + additionalProperties: + type: string + description: Immutable. + type: object + type: + description: Immutable. + type: string + required: + - filterLabels + - type + type: object + period: + description: How often, in seconds, the Uptime check is performed. + Currently, the only supported values are `60s` (1 minute), `300s` + (5 minutes), `600s` (10 minutes), and `900s` (15 minutes). Optional, + defaults to `60s`. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for this uptime check config. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceGroup: + description: Immutable. The group resource associated with the configuration. + properties: + groupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The group of resources being monitored. Should be only the `[GROUP_ID]`, and not the full-path `projects/[PROJECT_ID_OR_NUMBER]/groups/[GROUP_ID]`. + + Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceType: + description: 'Immutable. The resource type of the group members. + Possible values: RESOURCE_TYPE_UNSPECIFIED, INSTANCE, AWS_ELB_LOAD_BALANCER' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + selectedRegions: + description: The list of regions from which the check will be run. + Some regions contain one location, and others contain more than + one. If this field is specified, enough regions must be provided + to include a minimum of 3 locations. Not specifying this field + will result in Uptime checks running from all available regions. + items: + type: string + type: array + tcpCheck: + description: Contains information needed to make a TCP check. + properties: + port: + description: The TCP port on the server against which to run the + check. Will be combined with host (specified within the `monitored_resource`) + to construct the full URL. Required. + format: int64 + type: integer + required: + - port + type: object + timeout: + description: The maximum amount of time to wait for the request to + complete (must be between 1 and 60 seconds). Required. + type: string + required: + - displayName + - projectRef + - timeout + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkconnectivityhubs.networkconnectivity.cnrm.cloud.google.com +spec: + group: networkconnectivity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkConnectivityHub + plural: networkconnectivityhubs + shortNames: + - gcpnetworkconnectivityhub + - gcpnetworkconnectivityhubs + singular: networkconnectivityhub + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional description of the hub. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time the hub was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + routingVpcs: + description: The VPC network associated with this hub's spokes. All + of the VPN tunnels, VLAN attachments, and router appliance instances + referenced by this hub's spokes must belong to this VPC network. + This field is read-only. Network Connectivity Center automatically + populates it based on the set of spokes attached to the hub. + items: + properties: + uri: + description: The URI of the VPC network. + type: string + type: object + type: array + state: + description: 'Output only. The current lifecycle state of this hub. + Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string + uniqueId: + description: Output only. The Google-generated UUID for the hub. This + value is unique across all hub resources. If a hub is deleted and + another with the same name is created, the new hub is assigned a + different unique_id. + type: string + updateTime: + description: Output only. The time the hub was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: networkconnectivityserviceconnectionpolicies.networkconnectivity.cnrm.cloud.google.com +spec: + group: networkconnectivity.cnrm.cloud.google.com + names: + kind: NetworkConnectivityServiceConnectionPolicy + listKind: NetworkConnectivityServiceConnectionPolicyList + plural: networkconnectivityserviceconnectionpolicies + singular: networkconnectivityserviceconnectionpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: NetworkConnectivityServiceConnectionPolicy is the Schema for + the NetworkConnectivityServiceConnectionPolicy API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: NetworkConnectivityServiceConnectionPolicySpec defines the + desired state of NetworkConnectivityServiceConnectionPolicy + properties: + description: + description: A description of this resource. + type: string + location: + description: Immutable. Location of the resource. + type: string + networkRef: + description: 'The resource path of the consumer network. Example: + - projects/{projectNumOrId}/global/networks/{resourceId}.' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed Compute Network + resource. Should be in the format `projects//global/networks/`. + type: string + name: + description: The `name` field of a `ComputeNetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeNetwork` resource. + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + pscConfig: + description: Configuration used for Private Service Connect connections. + Used when Infrastructure is PSC. + properties: + limit: + description: Optional. Max number of PSC connections for this + policy. + format: int64 + type: integer + producerInstanceLocation: + description: Required. ProducerInstanceLocation is used to specify + which authorization mechanism to use to determine which projects + the Producer instance can be within. + type: string + subnetworkRefs: + description: 'The resource paths of subnetworks to use for IP + address management. Example: projects/{projectNumOrId}/regions/{region}/subnetworks/{resourceId}.' + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The ComputeSubnetwork selflink of form "projects/{{project}}/regions/{{region}}/subnetworks/{{name}}", + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `ComputeSubnetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeSubnetwork` + resource. + type: string + type: object + type: array + type: object + resourceID: + description: The NetworkConnectivityServiceConnectionPolicy name. + If not given, the metadata.name will be used. + type: string + serviceClass: + description: The service class identifier for which this ServiceConnectionPolicy + is for. The service class identifier is a unique, symbolic representation + of a ServiceClass. It is provided by the Service Producer. Google + services have a prefix of gcp. For example, gcp-cloud-sql. 3rd party + services do not. For example, test-service-a3dfcx. + type: string + required: + - location + - projectRef + type: object + status: + description: NetworkConnectivityServiceConnectionPolicyStatus defines + the config connector machine state of NetworkConnectivityServiceConnectionPolicy + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the NetworkConnectivityServiceConnectionPolicy + resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + createTime: + description: Output only. Time when the ServiceConnectionMap was + created. + type: string + etag: + description: Optional. The etag is computed by the server, and + may be sent on update and delete requests to ensure the client + has an up-to-date value before proceeding. + type: string + infrastructure: + description: Output only. The type of underlying resources used + to create the connection. + type: string + pscConnections: + description: Output only. [Output only] Information about each + Private Service Connect connection. + items: + properties: + consumerAddress: + description: The resource reference of the consumer address. + type: string + consumerForwardingRule: + description: The resource reference of the PSC Forwarding + Rule within the consumer VPC. + type: string + consumerTargetProject: + description: The project where the PSC connection is created. + type: string + error: + description: The most recent error during operating this + connection. + properties: + code: + description: The status code, which should be an enum + value of google.rpc.Code. + format: int32 + type: integer + message: + description: A developer-facing error message, which + should be in English. Any user-facing error message + should be localized and sent in the google.rpc.Status.details + field, or localized by the client. + type: string + type: object + errorInfo: + description: Output only. The error info for the latest + error during operating this connection. + properties: + domain: + description: 'The logical grouping to which the "reason" + belongs. The error domain is typically the registered + service name of the tool or product that generates + the error. Example: "pubsub.googleapis.com". If the + error is generated by some common infrastructure, + the error domain must be a globally unique value that + identifies the infrastructure. For Google API infrastructure, + the error domain is "googleapis.com".' + type: string + metadata: + additionalProperties: + type: string + description: 'Additional structured details about this + error. Keys must match /a-z+/ but should ideally be + lowerCamelCase. Also they must be limited to 64 characters + in length. When identifying the current value of an + exceeded limit, the units should be contained in the + key, not the value. For example, rather than {"instanceLimit": + "100/request"}, should be returned as, {"instanceLimitPerRequest": + "100"}, if the client exceeds the number of instances + that can be created in a single (batch) request.' + type: object + reason: + description: The reason of the error. This is a constant + value that identifies the proximate cause of the error. + Error reasons are unique within a particular domain + of errors. This should be at most 63 characters and + match a regular expression of `A-Z+[A-Z0-9]`, which + represents UPPER_SNAKE_CASE. + type: string + type: object + errorType: + description: The error type indicates whether the error + is consumer facing, producer facing or system internal. + type: string + gceOperation: + description: The last Compute Engine operation to setup + PSC connection. + type: string + producerInstanceID: + description: Immutable. An immutable identifier for the + producer instance. + type: string + pscConnectionID: + description: The PSC connection id of the PSC forwarding + rule. + type: string + selectedSubnetwork: + description: Output only. The URI of the subnetwork selected + to allocate IP address for this connection. + type: string + state: + description: State of the PSC Connection + type: string + type: object + type: array + updateTime: + description: Output only. Time when the ServiceConnectionMap was + updated. + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkconnectivityspokes.networkconnectivity.cnrm.cloud.google.com +spec: + group: networkconnectivity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkConnectivitySpoke + plural: networkconnectivityspokes + shortNames: + - gcpnetworkconnectivityspoke + - gcpnetworkconnectivityspokes + singular: networkconnectivityspoke + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional description of the spoke. + type: string + hubRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The URI of the hub that this spoke is attached to. + + Allowed value: The Google Cloud resource name of a `NetworkConnectivityHub` resource (format: `projects/{{project}}/locations/global/hubs/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + linkedInterconnectAttachments: + description: Immutable. A collection of VLAN attachment resources. + These resources should be redundant attachments that all advertise + the same prefixes to Google Cloud. Alternatively, in active/passive + configurations, all attachments should be capable of advertising + the same prefixes. + properties: + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + uris: + description: Immutable. + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInterconnectAttachment` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - siteToSiteDataTransfer + - uris + type: object + linkedRouterApplianceInstances: + description: Immutable. The URIs of linked Router appliance resources + properties: + instances: + description: Immutable. The list of router appliance instances + items: + properties: + ipAddress: + description: Immutable. The IP address on the VM to use + for peering. + type: string + virtualMachineRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URI of the virtual machine resource + + Allowed value: The `selfLink` field of a `ComputeInstance` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + required: + - instances + - siteToSiteDataTransfer + type: object + linkedVPCNetwork: + description: Immutable. VPC network that is associated with the spoke. + properties: + excludeExportRanges: + description: Immutable. IP ranges encompassing the subnets to + be excluded from peering. + items: + type: string + type: array + uriRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URI of the VPC network resource. + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - uriRef + type: object + linkedVpnTunnels: + description: Immutable. The URIs of linked VPN tunnel resources + properties: + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + uris: + description: Immutable. + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - siteToSiteDataTransfer + - uris + type: object + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - hubRef + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time the spoke was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The current lifecycle state of this spoke. + Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string + uniqueId: + description: Output only. The Google-generated UUID for the spoke. + This value is unique across all spoke resources. If a spoke is deleted + and another with the same name is created, the new spoke is assigned + a different unique_id. + type: string + updateTime: + description: Output only. The time the spoke was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: networkmanagementconnectivitytests.networkmanagement.cnrm.cloud.google.com +spec: + group: networkmanagement.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkManagementConnectivityTest + plural: networkmanagementconnectivitytests + shortNames: + - gcpnetworkmanagementconnectivitytest + - gcpnetworkmanagementconnectivitytests + singular: networkmanagementconnectivitytest + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + The user-supplied description of the Connectivity Test. + Maximum of 512 characters. + type: string + destination: + description: |- + Required. Destination specification of the Connectivity Test. + + You can use a combination of destination IP address, Compute + Engine VM instance, or VPC network to uniquely identify the + destination location. + + Even if the destination IP address is not unique, the source IP + location is unique. Usually, the analysis can infer the destination + endpoint from route information. + + If the destination you specify is a VM instance and the instance has + multiple network interfaces, then you must also specify either a + destination IP address or VPC network to identify the destination + interface. + + A reachability analysis proceeds even if the destination location + is ambiguous. However, the result can include endpoints that you + don't intend to test. + properties: + instance: + description: A Compute Engine instance URI. + type: string + ipAddress: + description: |- + The IP address of the endpoint, which can be an external or + internal IP. An IPv6 address is only allowed when the test's + destination is a global load balancer VIP. + type: string + network: + description: A Compute Engine network URI. + type: string + port: + description: |- + The IP protocol port of the endpoint. Only applicable when + protocol is TCP or UDP. + type: integer + projectId: + description: |- + Project ID where the endpoint is located. The Project ID can be + derived from the URI if you provide a VM instance or network URI. + The following are two cases where you must provide the project ID: + 1. Only the IP address is specified, and the IP address is within + a GCP project. 2. When you are using Shared VPC and the IP address + that you provide is from the service project. In this case, the + network that the IP address resides in is defined in the host + project. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + protocol: + description: IP Protocol of the test. When not provided, "TCP" is + assumed. + type: string + relatedProjects: + description: |- + Other projects that may be relevant for reachability analysis. + This is applicable to scenarios where a test can cross project + boundaries. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + source: + description: |- + Required. Source specification of the Connectivity Test. + + You can use a combination of source IP address, virtual machine + (VM) instance, or Compute Engine network to uniquely identify the + source location. + + Examples: If the source IP address is an internal IP address within + a Google Cloud Virtual Private Cloud (VPC) network, then you must + also specify the VPC network. Otherwise, specify the VM instance, + which already contains its internal IP address and VPC network + information. + + If the source of the test is within an on-premises network, then + you must provide the destination VPC network. + + If the source endpoint is a Compute Engine VM instance with multiple + network interfaces, the instance itself is not sufficient to + identify the endpoint. So, you must also specify the source IP + address or VPC network. + + A reachability analysis proceeds even if the source location is + ambiguous. However, the test result may include endpoints that + you don't intend to test. + properties: + instance: + description: A Compute Engine instance URI. + type: string + ipAddress: + description: |- + The IP address of the endpoint, which can be an external or + internal IP. An IPv6 address is only allowed when the test's + destination is a global load balancer VIP. + type: string + network: + description: A Compute Engine network URI. + type: string + networkType: + description: 'Type of the network where the endpoint is located. + Possible values: ["GCP_NETWORK", "NON_GCP_NETWORK"].' + type: string + port: + description: |- + The IP protocol port of the endpoint. Only applicable when + protocol is TCP or UDP. + type: integer + projectId: + description: |- + Project ID where the endpoint is located. The Project ID can be + derived from the URI if you provide a VM instance or network URI. + The following are two cases where you must provide the project ID: + + 1. Only the IP address is specified, and the IP address is + within a GCP project. + 2. When you are using Shared VPC and the IP address + that you provide is from the service project. In this case, + the network that the IP address resides in is defined in the + host project. + type: string + type: object + required: + - destination + - projectRef + - source + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networksecurityauthorizationpolicies.networksecurity.cnrm.cloud.google.com +spec: + group: networksecurity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkSecurityAuthorizationPolicy + plural: networksecurityauthorizationpolicies + shortNames: + - gcpnetworksecurityauthorizationpolicy + - gcpnetworksecurityauthorizationpolicies + singular: networksecurityauthorizationpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: 'Required. The action to take when a rule match is found. + Possible values are "ALLOW" or "DENY". Possible values: ACTION_UNSPECIFIED, + ALLOW, DENY' + type: string + description: + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Optional. List of rules to match. If not set, the action + specified in the ‘action’ field will be applied without any additional + rule checks. + items: + properties: + destinations: + description: Optional. List of attributes for the traffic destination. + If not set, the action specified in the ‘action’ field will + be applied without any rule checks for the destination. + items: + properties: + hosts: + description: Required. List of host names to match. Matched + against HOST header in http requests. Each host can + be an exact match, or a prefix match (example, “mydomain.*”) + or a suffix match (example, *.myorg.com”) or a presence(any) + match “*”. + items: + type: string + type: array + httpHeaderMatch: + description: Optional. Match against key:value pair in + http header. Provides a flexible match based on HTTP + headers, for potentially advanced use cases. + properties: + headerName: + description: Required. The name of the HTTP header + to match. For matching against the HTTP request's + authority, use a headerMatch with the header name + ":authority". For matching a request's method, use + the headerName ":method". + type: string + regexMatch: + description: 'Required. The value of the header must + match the regular expression specified in regexMatch. + For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript + For matching against a port specified in the HTTP + request, use a headerMatch with headerName set to + Host and a regular expression that satisfies the + RFC2616 Host header''s port specifier.' + type: string + required: + - headerName + - regexMatch + type: object + methods: + description: Optional. A list of HTTP methods to match. + Should not be set for gRPC services. + items: + type: string + type: array + ports: + description: Required. List of destination ports to match. + items: + format: int64 + type: integer + type: array + required: + - hosts + - ports + type: object + type: array + sources: + description: Optional. List of attributes for the traffic source. + If not set, the action specified in the ‘action’ field will + be applied without any rule checks for the source. + items: + properties: + ipBlocks: + description: Optional. List of CIDR ranges to match based + on source IP address. Single IP (e.g., "1.2.3.4") and + CIDR (e.g., "1.2.3.0/24") are supported. + items: + type: string + type: array + principals: + description: Optional. List of peer identities to match + for authorization. Each peer can be an exact match, + or a prefix match (example, “namespace/*”) or a suffix + match (example, */service-account”) or a presence match + “*”. + items: + type: string + type: array + type: object + type: array + type: object + type: array + required: + - action + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networksecurityclienttlspolicies.networksecurity.cnrm.cloud.google.com +spec: + group: networksecurity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkSecurityClientTLSPolicy + plural: networksecurityclienttlspolicies + shortNames: + - gcpnetworksecurityclienttlspolicy + - gcpnetworksecurityclienttlspolicies + singular: networksecurityclienttlspolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clientCertificate: + description: Optional. Defines a mechanism to provision client identity + (public and private keys) for peer to peer authentication. The presence + of this dictates mTLS. + properties: + certificateProviderInstance: + description: The certificate provider instance specification that + will be passed to the data plane, which will be used to load + necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC server + to obtain the cert and private key. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri + type: object + type: object + description: + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serverValidationCa: + description: Required. Defines the mechanism to obtain the Certificate + Authority certificate to validate the server certificate. + items: + properties: + certificateProviderInstance: + description: The certificate provider instance specification + that will be passed to the data plane, which will be used + to load necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC + server to obtain the CA certificate. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri + type: object + type: object + type: array + sni: + description: 'Optional. Server Name Indication string to present to + the server during TLS handshake. E.g: "secure.example.com".' + type: string + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networksecurityservertlspolicies.networksecurity.cnrm.cloud.google.com +spec: + group: networksecurity.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkSecurityServerTLSPolicy + plural: networksecurityservertlspolicies + shortNames: + - gcpnetworksecurityservertlspolicy + - gcpnetworksecurityservertlspolicies + singular: networksecurityservertlspolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + allowOpen: + description: Optional. Determines if server allows plaintext connections. + If set to true, server allows plain text connections. By default, + it is set to false. This setting is not exclusive of other encryption + modes. For example, if allow_open and mtls_policy are set, server + allows both plain text and mTLS connections. See documentation of + other encryption modes to confirm compatibility. + type: boolean + description: + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource + type: string + mtlsPolicy: + description: Optional. Defines a mechanism to provision peer validation + certificates for peer to peer authentication (Mutual TLS - mTLS). + If not specified, client certificate will not be requested. The + connection is treated as TLS and not mTLS. If allow_open and mtls_policy + are set, server allows both plain text and mTLS connections. + properties: + clientValidationCa: + description: Required. Defines the mechanism to obtain the Certificate + Authority certificate to validate the client certificate. + items: + properties: + certificateProviderInstance: + description: The certificate provider instance specification + that will be passed to the data plane, which will be used + to load necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to + locate and load CertificateProvider instance configuration. + Set to "google_cloud_private_spiffe" to use Certificate + Authority Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC + server to obtain the CA certificate. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with + “unix:”. + type: string + required: + - targetUri + type: object + type: object + type: array + required: + - clientValidationCa + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serverCertificate: + description: Optional. Defines a mechanism to provision server identity + (public and private keys). Cannot be combined with allow_open as + a permissive mode that allows both plain text and TLS is not supported. + properties: + certificateProviderInstance: + description: The certificate provider instance specification that + will be passed to the data plane, which will be used to load + necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC server + to obtain the cert and private key. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri + type: object + type: object + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: networkservicesedgecachekeysets.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesEdgeCacheKeyset + plural: networkservicesedgecachekeysets + shortNames: + - gcpnetworkservicesedgecachekeyset + - gcpnetworkservicesedgecachekeysets + singular: networkservicesedgecachekeyset + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + publicKey: + description: |- + An ordered list of Ed25519 public keys to use for validating signed requests. + You must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first. + You may specify no more than one Google-managed public key. + If you specify 'public_keys', you must specify at least one (1) key and may specify up to three (3) keys. + + Ed25519 public keys are not secret, and only allow Google to validate a request was signed by your corresponding private key. + Ensure that the private key is kept secret, and that only authorized users can add public keys to a keyset. + items: + properties: + id: + description: |- + The ID of the public key. The ID must be 1-63 characters long, and comply with RFC1035. + The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* + which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. + type: string + managed: + description: Set to true to have the CDN automatically manage + this public key value. + type: boolean + value: + description: |- + The base64-encoded value of the Ed25519 public key. The base64 encoding can be padded (44 bytes) or unpadded (43 bytes). + Representations or encodings of the public key other than this will be rejected with an error. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be + extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - id + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + validationSharedKeys: + description: |- + An ordered list of shared keys to use for validating signed requests. + Shared keys are secret. Ensure that only authorized users can add 'validation_shared_keys' to a keyset. + You can rotate keys by appending (pushing) a new key to the list of 'validation_shared_keys' and removing any superseded keys. + You must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first. + items: + properties: + secretVersion: + description: |- + The name of the secret version in Secret Manager. + + The resource name of the secret version must be in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the secrets themselves. + The secrets must be at least 16 bytes large. The recommended secret size depends on the signature algorithm you are using. + * If you are using HMAC-SHA1, we suggest 20-byte secrets. + * If you are using HMAC-SHA256, we suggest 32-byte secrets. + See RFC 2104, Section 3 for more details on these recommendations. + type: string + required: + - secretVersion + type: object + type: array + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: networkservicesedgecacheorigins.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesEdgeCacheOrigin + plural: networkservicesedgecacheorigins + shortNames: + - gcpnetworkservicesedgecacheorigin + - gcpnetworkservicesedgecacheorigins + singular: networkservicesedgecacheorigin + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + awsV4Authentication: + description: Enable AWS Signature Version 4 origin authentication. + properties: + accessKeyId: + description: The access key ID your origin uses to identify the + key. + type: string + originRegion: + description: The name of the AWS region that your origin is in. + type: string + secretAccessKeyVersion: + description: |- + The Secret Manager secret version of the secret access key used by your origin. + + This is the resource name of the secret version in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the project, secret, and version you require. + type: string + required: + - accessKeyId + - originRegion + - secretAccessKeyVersion + type: object + description: + description: A human-readable description of the resource. + type: string + failoverOrigin: + description: |- + The Origin resource to try when the current origin cannot be reached. + After maxAttempts is reached, the configured failoverOrigin will be used to fulfil the request. + + The value of timeout.maxAttemptsTimeout dictates the timeout across all origins. + A reference to a Topic resource. + type: string + maxAttempts: + description: |- + The maximum number of attempts to cache fill from this origin. Another attempt is made when a cache fill fails with one of the retryConditions. + + Once maxAttempts to this origin have failed the failoverOrigin will be used, if one is specified. That failoverOrigin may specify its own maxAttempts, + retryConditions and failoverOrigin to control its own cache fill failures. + + The total number of allowed attempts to cache fill across this and failover origins is limited to four. + The total time allowed for cache fill attempts across this and failover origins can be controlled with maxAttemptsTimeout. + + The last valid, non-retried response from all origins will be returned to the client. + If no origin returns a valid response, an HTTP 502 will be returned to the client. + + Defaults to 1. Must be a value greater than 0 and less than 4. + type: integer + originAddress: + description: |- + A fully qualified domain name (FQDN) or IP address reachable over the public Internet, or the address of a Google Cloud Storage bucket. + + This address will be used as the origin for cache requests - e.g. FQDN: media-backend.example.com, IPv4: 35.218.1.1, IPv6: 2607:f8b0:4012:809::200e, Cloud Storage: gs://bucketname + + When providing an FQDN (hostname), it must be publicly resolvable (e.g. via Google public DNS) and IP addresses must be publicly routable. It must not contain a protocol (e.g., https://) and it must not contain any slashes. + If a Cloud Storage bucket is provided, it must be in the canonical "gs://bucketname" format. Other forms, such as "storage.googleapis.com", will be rejected. + type: string + originOverrideAction: + description: |- + The override actions, including url rewrites and header + additions, for requests that use this origin. + properties: + headerAction: + description: |- + The header actions, including adding and removing + headers, for request handled by this origin. + properties: + requestHeadersToAdd: + description: |- + Describes a header to add. + + You may add a maximum of 25 request headers. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + Whether to replace all existing headers with the same name. + + By default, added header values are appended + to the response or request headers with the + same field names. The added values are + separated by commas. + + To overwrite existing values, set 'replace' to 'true'. + type: boolean + required: + - headerName + - headerValue + type: object + type: array + type: object + urlRewrite: + description: |- + The URL rewrite configuration for request that are + handled by this origin. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected + origin, the request's host header is replaced with + contents of the hostRewrite. + + This value must be between 1 and 255 characters. + type: string + type: object + type: object + originRedirect: + description: Follow redirects from this origin. + properties: + redirectConditions: + description: |- + The set of redirect response codes that the CDN + follows. Values of + [RedirectConditions](https://cloud.google.com/media-cdn/docs/reference/rest/v1/projects.locations.edgeCacheOrigins#redirectconditions) + are accepted. + items: + type: string + type: array + type: object + port: + description: |- + The port to connect to the origin on. + Defaults to port 443 for HTTP2 and HTTPS protocols, and port 80 for HTTP. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + protocol: + description: |- + The protocol to use to connect to the configured origin. Defaults to HTTP2, and it is strongly recommended that users use HTTP2 for both security & performance. + + When using HTTP2 or HTTPS as the protocol, a valid, publicly-signed, unexpired TLS (SSL) certificate must be presented by the origin server. Possible values: ["HTTP2", "HTTPS", "HTTP"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retryConditions: + description: |- + Specifies one or more retry conditions for the configured origin. + + If the failure mode during a connection attempt to the origin matches the configured retryCondition(s), + the origin request will be retried up to maxAttempts times. The failoverOrigin, if configured, will then be used to satisfy the request. + + The default retryCondition is "CONNECT_FAILURE". + + retryConditions apply to this origin, and not subsequent failoverOrigin(s), + which may specify their own retryConditions and maxAttempts. + + Valid values are: + + - CONNECT_FAILURE: Retry on failures connecting to origins, for example due to connection timeouts. + - HTTP_5XX: Retry if the origin responds with any 5xx response code, or if the origin does not respond at all, example: disconnects, reset, read timeout, connection failure, and refused streams. + - GATEWAY_ERROR: Similar to 5xx, but only applies to response codes 502, 503 or 504. + - RETRIABLE_4XX: Retry for retriable 4xx response codes, which include HTTP 409 (Conflict) and HTTP 429 (Too Many Requests) + - NOT_FOUND: Retry if the origin returns a HTTP 404 (Not Found). This can be useful when generating video content, and the segment is not available yet. + - FORBIDDEN: Retry if the origin returns a HTTP 403 (Forbidden). Possible values: ["CONNECT_FAILURE", "HTTP_5XX", "GATEWAY_ERROR", "RETRIABLE_4XX", "NOT_FOUND", "FORBIDDEN"]. + items: + type: string + type: array + timeout: + description: The connection and HTTP timeout configuration for this + origin. + properties: + connectTimeout: + description: |- + The maximum duration to wait for a single origin connection to be established, including DNS lookup, TLS handshake and TCP/QUIC connection establishment. + + Defaults to 5 seconds. The timeout must be a value between 1s and 15s. + + The connectTimeout capped by the deadline set by the request's maxAttemptsTimeout. The last connection attempt may have a smaller connectTimeout in order to adhere to the overall maxAttemptsTimeout. + type: string + maxAttemptsTimeout: + description: |- + The maximum time across all connection attempts to the origin, including failover origins, before returning an error to the client. A HTTP 504 will be returned if the timeout is reached before a response is returned. + + Defaults to 15 seconds. The timeout must be a value between 1s and 30s. + + If a failoverOrigin is specified, the maxAttemptsTimeout of the first configured origin sets the deadline for all connection attempts across all failoverOrigins. + type: string + readTimeout: + description: |- + The maximum duration to wait between reads of a single HTTP connection/stream. + + Defaults to 15 seconds. The timeout must be a value between 1s and 30s. + + The readTimeout is capped by the responseTimeout. All reads of the HTTP connection/stream must be completed by the deadline set by the responseTimeout. + + If the response headers have already been written to the connection, the response will be truncated and logged. + type: string + responseTimeout: + description: |- + The maximum duration to wait for the last byte of a response to arrive when reading from the HTTP connection/stream. + + Defaults to 30 seconds. The timeout must be a value between 1s and 120s. + + The responseTimeout starts after the connection has been established. + + This also applies to HTTP Chunked Transfer Encoding responses, and/or when an open-ended Range request is made to the origin. Origins that take longer to write additional bytes to the response than the configured responseTimeout will result in an error being returned to the client. + + If the response headers have already been written to the connection, the response will be truncated and logged. + type: string + type: object + required: + - originAddress + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: networkservicesedgecacheservices.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesEdgeCacheService + plural: networkservicesedgecacheservices + shortNames: + - gcpnetworkservicesedgecacheservice + - gcpnetworkservicesedgecacheservices + singular: networkservicesedgecacheservice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. + type: string + disableHttp2: + description: |- + Disables HTTP/2. + + HTTP/2 (h2) is enabled by default and recommended for performance. HTTP/2 improves connection re-use and reduces connection setup overhead by sending multiple streams over the same connection. + + Some legacy HTTP clients may have issues with HTTP/2 connections due to broken HTTP/2 implementations. Setting this to true will prevent HTTP/2 from being advertised and negotiated. + type: boolean + disableQuic: + description: HTTP/3 (IETF QUIC) and Google QUIC are enabled by default. + type: boolean + edgeSecurityPolicy: + description: Resource URL that points at the Cloud Armor edge security + policy that is applied on each request against the EdgeCacheService. + type: string + edgeSslCertificates: + description: |- + URLs to sslCertificate resources that are used to authenticate connections between users and the EdgeCacheService. + + Note that only "global" certificates with a "scope" of "EDGE_CACHE" can be attached to an EdgeCacheService. + items: + type: string + type: array + logConfig: + description: Specifies the logging options for the traffic served + by this service. If logging is enabled, logs will be exported to + Cloud Logging. + properties: + enable: + description: Specifies whether to enable logging for traffic served + by this service. + type: boolean + sampleRate: + description: |- + Configures the sampling rate of requests, where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0, and the value of the field must be in [0, 1]. + + This field can only be specified if logging is enabled for this service. + type: number + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + requireTls: + description: |- + Require TLS (HTTPS) for all clients connecting to this service. + + Clients who connect over HTTP (port 80) will receive a HTTP 301 to the same URL over HTTPS (port 443). + You must have at least one (1) edgeSslCertificate specified to enable this. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routing: + description: Defines how requests are routed, modified, cached and/or + which origin content is filled from. + properties: + hostRule: + description: The list of hostRules to match against. These rules + define which hostnames the EdgeCacheService will match against, + and which route configurations apply. + items: + properties: + description: + description: A human-readable description of the hostRule. + type: string + hosts: + description: |- + The list of host patterns to match. + + Host patterns must be valid hostnames. Ports are not allowed. Wildcard hosts are supported in the suffix or prefix form. * matches any string of ([a-z0-9-.]*). It does not match the empty string. + + When multiple hosts are specified, hosts are matched in the following priority: + + 1. Exact domain names: ''www.foo.com''. + 2. Suffix domain wildcards: ''*.foo.com'' or ''*-bar.foo.com''. + 3. Prefix domain wildcards: ''foo.*'' or ''foo-*''. + 4. Special wildcard ''*'' matching any domain. + + Notes: + + The wildcard will not match the empty string. e.g. ''*-bar.foo.com'' will match ''baz-bar.foo.com'' but not ''-bar.foo.com''. The longest wildcards match first. Only a single host in the entire service can match on ''*''. A domain must be unique across all configured hosts within a service. + + Hosts are matched against the HTTP Host header, or for HTTP/2 and HTTP/3, the ":authority" header, from the incoming request. + + You may specify up to 10 hosts. + items: + type: string + type: array + pathMatcher: + description: The name of the pathMatcher associated with + this hostRule. + type: string + required: + - hosts + - pathMatcher + type: object + type: array + pathMatcher: + description: The list of pathMatchers referenced via name by hostRules. + PathMatcher is used to match the path portion of the URL when + a HostRule matches the URL's host portion. + items: + properties: + description: + description: A human-readable description of the resource. + type: string + name: + description: The name to which this PathMatcher is referred + by the HostRule. + type: string + routeRule: + description: The routeRules to match against. routeRules + support advanced routing behaviour, and can match on paths, + headers and query parameters, as well as status codes + and HTTP methods. + items: + properties: + description: + description: A human-readable description of the routeRule. + type: string + headerAction: + description: The header actions, including adding + & removing headers, for requests that match this + route. + properties: + requestHeaderToAdd: + description: Describes a header to add. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: Whether to replace all existing + headers with the same name. + type: boolean + required: + - headerName + - headerValue + type: object + type: array + requestHeaderToRemove: + description: A list of header names for headers + that need to be removed from the request prior + to forwarding the request to the origin. + items: + properties: + headerName: + description: The name of the header to remove. + type: string + required: + - headerName + type: object + type: array + responseHeaderToAdd: + description: |- + Headers to add to the response prior to sending it back to the client. + + Response headers are only sent to the client, and do not have an effect on the cache serving the response. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: Whether to replace all existing + headers with the same name. + type: boolean + required: + - headerName + - headerValue + type: object + type: array + responseHeaderToRemove: + description: A list of header names for headers + that need to be removed from the request prior + to forwarding the request to the origin. + items: + properties: + headerName: + description: |- + Headers to remove from the response prior to sending it back to the client. + + Response headers are only sent to the client, and do not have an effect on the cache serving the response. + type: string + required: + - headerName + type: object + type: array + type: object + matchRule: + description: |- + The list of criteria for matching attributes of a request to this routeRule. This list has OR semantics: the request matches this routeRule when any of the matchRules are satisfied. However predicates + within a given matchRule have AND semantics. All predicates within a matchRule must match for the request to match the rule. + items: + properties: + fullPathMatch: + description: For satisfying the matchRule condition, + the path of the request must exactly match + the value specified in fullPathMatch after + removing any query parameters and anchor that + may be part of the original URL. + type: string + headerMatch: + description: Specifies a list of header match + criteria, all of which must match corresponding + headers in the request. + items: + properties: + exactMatch: + description: The value of the header should + exactly match contents of exactMatch. + type: string + headerName: + description: The header name to match + on. + type: string + invertMatch: + description: |- + If set to false (default), the headerMatch is considered a match if the match criteria above are met. + If set to true, the headerMatch is considered a match if the match criteria above are NOT met. + type: boolean + prefixMatch: + description: The value of the header must + start with the contents of prefixMatch. + type: string + presentMatch: + description: A header with the contents + of headerName must exist. The match + takes place whether or not the request's + header has a value. + type: boolean + suffixMatch: + description: The value of the header must + end with the contents of suffixMatch. + type: string + required: + - headerName + type: object + type: array + ignoreCase: + description: Specifies that prefixMatch and + fullPathMatch matches are case sensitive. + type: boolean + pathTemplateMatch: + description: |- + For satisfying the matchRule condition, the path of the request + must match the wildcard pattern specified in pathTemplateMatch + after removing any query parameters and anchor that may be part + of the original URL. + + pathTemplateMatch must be between 1 and 255 characters + (inclusive). The pattern specified by pathTemplateMatch may + have at most 5 wildcard operators and at most 5 variable + captures in total. + type: string + prefixMatch: + description: For satisfying the matchRule condition, + the request's path must begin with the specified + prefixMatch. prefixMatch must begin with a + /. + type: string + queryParameterMatch: + description: Specifies a list of query parameter + match criteria, all of which must match corresponding + query parameters in the request. + items: + properties: + exactMatch: + description: The queryParameterMatch matches + if the value of the parameter exactly + matches the contents of exactMatch. + type: string + name: + description: The name of the query parameter + to match. The query parameter must exist + in the request, in the absence of which + the request match fails. + type: string + presentMatch: + description: Specifies that the queryParameterMatch + matches if the request contains the + query parameter, irrespective of whether + the parameter has a value or not. + type: boolean + required: + - name + type: object + type: array + type: object + type: array + origin: + description: |- + The Origin resource that requests to this route should fetch from when a matching response is not in cache. Origins can be defined as short names ("my-origin") or fully-qualified resource URLs - e.g. "networkservices.googleapis.com/projects/my-project/global/edgecacheorigins/my-origin" + + Only one of origin or urlRedirect can be set. + type: string + priority: + description: |- + The priority of this route rule, where 1 is the highest priority. + + You cannot configure two or more routeRules with the same priority. Priority for each rule must be set to a number between 1 and 999 inclusive. + + Priority numbers can have gaps, which enable you to add or remove rules in the future without affecting the rest of the rules. For example, 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers + to which you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the future without any impact on existing rules. + type: string + routeAction: + description: In response to a matching path, the routeAction + performs advanced routing actions like URL rewrites, + header transformations, etc. prior to forwarding + the request to the selected origin. + properties: + cdnPolicy: + description: The policy to use for defining caching + and signed request behaviour for requests that + match this route. + properties: + addSignatures: + description: |- + Enable signature generation or propagation on this route. + + This field may only be specified when signedRequestMode is set to REQUIRE_TOKENS. + properties: + actions: + description: 'The actions to take to add + signatures to responses. Possible values: + ["GENERATE_COOKIE", "GENERATE_TOKEN_HLS_COOKIELESS", + "PROPAGATE_TOKEN_HLS_COOKIELESS"].' + items: + type: string + type: array + copiedParameters: + description: |- + The parameters to copy from the verified token to the generated token. + + Only the following parameters may be copied: + + * 'PathGlobs' + * 'paths' + * 'acl' + * 'URLPrefix' + * 'IPRanges' + * 'SessionID' + * 'id' + * 'Data' + * 'data' + * 'payload' + * 'Headers' + + You may specify up to 6 parameters to copy. A given parameter is be copied only if the parameter exists in the verified token. Parameter names are matched exactly as specified. The order of the parameters does not matter. Duplicates are not allowed. + + This field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. + items: + type: string + type: array + keyset: + description: |- + The keyset to use for signature generation. + + The following are both valid paths to an EdgeCacheKeyset resource: + + * 'projects/project/locations/global/edgeCacheKeysets/yourKeyset' + * 'yourKeyset' + + This must be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. This field may not be specified otherwise. + type: string + tokenQueryParameter: + description: |- + The query parameter in which to put the generated token. + + If not specified, defaults to 'edge-cache-token'. + + If specified, the name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. + + This field may only be set when the GENERATE_TOKEN_HLS_COOKIELESS or PROPAGATE_TOKEN_HLS_COOKIELESS actions are specified. + type: string + tokenTtl: + description: |- + The duration the token is valid starting from the moment the token is first generated. + + Defaults to '86400s' (1 day). + + The TTL must be >= 0 and <= 604,800 seconds (1 week). + + This field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + required: + - actions + type: object + cacheKeyPolicy: + description: Defines the request parameters + that contribute to the cache key. + properties: + excludeHost: + description: |- + If true, requests to different hosts will be cached separately. + + Note: this should only be enabled if hosts share the same origin and content. Removing the host from the cache key may inadvertently result in different objects being cached than intended, depending on which route the first user matched. + type: boolean + excludeQueryString: + description: |- + If true, exclude query string parameters from the cache key + + If false (the default), include the query string parameters in + the cache key according to includeQueryParameters and + excludeQueryParameters. If neither includeQueryParameters nor + excludeQueryParameters is set, the entire query string will be + included. + type: boolean + excludedQueryParameters: + description: |- + Names of query string parameters to exclude from cache keys. All other parameters will be included. + + Either specify includedQueryParameters or excludedQueryParameters, not both. '&' and '=' will be percent encoded and not treated as delimiters. + items: + type: string + type: array + includeProtocol: + description: If true, http and https requests + will be cached separately. + type: boolean + includedCookieNames: + description: |- + Names of Cookies to include in cache keys. The cookie name and cookie value of each cookie named will be used as part of the cache key. + + Cookie names: + - must be valid RFC 6265 "cookie-name" tokens + - are case sensitive + - cannot start with "Edge-Cache-" (case insensitive) + + Note that specifying several cookies, and/or cookies that have a large range of values (e.g., per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance. + + You may specify up to three cookie names. + items: + type: string + type: array + includedHeaderNames: + description: |- + Names of HTTP request headers to include in cache keys. The value of the header field will be used as part of the cache key. + + - Header names must be valid HTTP RFC 7230 header field values. + - Header field names are case insensitive + - To include the HTTP method, use ":method" + + Note that specifying several headers, and/or headers that have a large range of values (e.g. per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance. + items: + type: string + type: array + includedQueryParameters: + description: |- + Names of query string parameters to include in cache keys. All other parameters will be excluded. + + Either specify includedQueryParameters or excludedQueryParameters, not both. '&' and '=' will be percent encoded and not treated as delimiters. + items: + type: string + type: array + type: object + cacheMode: + description: |- + Cache modes allow users to control the behaviour of the cache, what content it should cache automatically, whether to respect origin headers, or whether to unconditionally cache all responses. + + For all cache modes, Cache-Control headers will be passed to the client. Use clientTtl to override what is sent to the client. Possible values: ["CACHE_ALL_STATIC", "USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "BYPASS_CACHE"]. + type: string + clientTtl: + description: |- + Specifies a separate client (e.g. browser client) TTL, separate from the TTL used by the edge caches. Leaving this empty will use the same cache TTL for both the CDN and the client-facing response. + + - The TTL must be > 0 and <= 86400s (1 day) + - The clientTtl cannot be larger than the defaultTtl (if set) + - Fractions of a second are not allowed. + + Omit this field to use the defaultTtl, or the max-age set by the origin, as the client-facing TTL. + + When the cache mode is set to "USE_ORIGIN_HEADERS" or "BYPASS_CACHE", you must omit this field. + A duration in seconds terminated by 's'. Example: "3s". + type: string + defaultTtl: + description: |- + Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). + + Defaults to 3600s (1 hour). + + - The TTL must be >= 0 and <= 31,536,000 seconds (1 year) + - Setting a TTL of "0" means "always revalidate" (equivalent to must-revalidate) + - The value of defaultTTL cannot be set to a value greater than that of maxTTL. + - Fractions of a second are not allowed. + - When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. + + Note that infrequently accessed objects may be evicted from the cache before the defined TTL. Objects that expire will be revalidated with the origin. + + When the cache mode is set to "USE_ORIGIN_HEADERS" or "BYPASS_CACHE", you must omit this field. + + A duration in seconds terminated by 's'. Example: "3s". + type: string + maxTtl: + description: |- + Specifies the maximum allowed TTL for cached content served by this origin. + + Defaults to 86400s (1 day). + + Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTtl seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. + + - The TTL must be >= 0 and <= 31,536,000 seconds (1 year) + - Setting a TTL of "0" means "always revalidate" + - The value of maxTtl must be equal to or greater than defaultTtl. + - Fractions of a second are not allowed. + + When the cache mode is set to "USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", or "BYPASS_CACHE", you must omit this field. + + A duration in seconds terminated by 's'. Example: "3s". + type: string + negativeCaching: + description: |- + Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. + + By default, the CDNPolicy will apply the following default TTLs to these status codes: + + - HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m + - HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s + - HTTP 405 (Method Not Found), 414 (URI Too Long), 501 (Not Implemented): 60s + + These defaults can be overridden in negativeCachingPolicy. + type: boolean + negativeCachingPolicy: + additionalProperties: + type: string + description: |- + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + + - Omitting the policy and leaving negativeCaching enabled will use the default TTLs for each status code, defined in negativeCaching. + - TTLs must be >= 0 (where 0 is "always revalidate") and <= 86400s (1 day) + + Note that when specifying an explicit negativeCachingPolicy, you should take care to specify a cache TTL for all response codes that you wish to cache. The CDNPolicy will not apply any default negative caching when a policy exists. + type: object + signedRequestKeyset: + description: The EdgeCacheKeyset containing + the set of public keys used to validate + signed requests at the edge. + type: string + signedRequestMaximumExpirationTtl: + description: |- + Limit how far into the future the expiration time of a signed request may be. + + When set, a signed request is rejected if its expiration time is later than now + signedRequestMaximumExpirationTtl, where now is the time at which the signed request is first handled by the CDN. + + - The TTL must be > 0. + - Fractions of a second are not allowed. + + By default, signedRequestMaximumExpirationTtl is not set and the expiration time of a signed request may be arbitrarily far into future. + type: string + signedRequestMode: + description: |- + Whether to enforce signed requests. The default value is DISABLED, which means all content is public, and does not authorize access. + + You must also set a signedRequestKeyset to enable signed requests. + + When set to REQUIRE_SIGNATURES, all matching requests will have their signature validated. Requests that were not signed with the corresponding private key, or that are otherwise invalid (expired, do not match the signature, IP address, or header) will be rejected with a HTTP 403 and (if enabled) logged. Possible values: ["DISABLED", "REQUIRE_SIGNATURES", "REQUIRE_TOKENS"]. + type: string + signedTokenOptions: + description: |- + Additional options for signed tokens. + + signedTokenOptions may only be specified when signedRequestMode is REQUIRE_TOKENS. + properties: + allowedSignatureAlgorithms: + description: |- + The allowed signature algorithms to use. + + Defaults to using only ED25519. + + You may specify up to 3 signature algorithms to use. Possible values: ["ED25519", "HMAC_SHA_256", "HMAC_SHA1"]. + items: + type: string + type: array + tokenQueryParameter: + description: |- + The query parameter in which to find the token. + + The name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. + + Defaults to 'edge-cache-token'. + type: string + type: object + type: object + corsPolicy: + description: CORSPolicy defines Cross-Origin-Resource-Sharing + configuration, including which CORS response + headers will be set. + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. + + This translates to the Access-Control-Allow-Credentials response header. + type: boolean + allowHeaders: + description: Specifies the content for the + Access-Control-Allow-Headers response header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the + Access-Control-Allow-Methods response header. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + + This translates to the Access-Control-Allow-Origin response header. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy + is disabled. The default value is false, + which indicates that the CORS policy is + in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the + Access-Control-Allow-Headers response header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached by a client in seconds. Note that many browser clients enforce a maximum TTL of 600s (10 minutes). + + - Setting the value to -1 forces a pre-flight check for all requests (not recommended) + - A maximum TTL of 86400s can be set, but note that (as above) some clients may force pre-flight checks at a more regular interval. + - This translates to the Access-Control-Max-Age header. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + required: + - maxAge + type: object + urlRewrite: + description: The URL rewrite configuration for + requests that match this route. + properties: + hostRewrite: + description: Prior to forwarding the request + to the selected origin, the request's host + header is replaced with contents of hostRewrite. + type: string + pathPrefixRewrite: + description: Prior to forwarding the request + to the selected origin, the matching portion + of the request's path is replaced by pathPrefixRewrite. + type: string + pathTemplateRewrite: + description: |- + Prior to forwarding the request to the selected origin, if the + request matched a pathTemplateMatch, the matching portion of the + request's path is replaced re-written using the pattern specified + by pathTemplateRewrite. + + pathTemplateRewrite must be between 1 and 255 characters + (inclusive), must start with a '/', and must only use variables + captured by the route's pathTemplate matchers. + + pathTemplateRewrite may only be used when all of a route's + MatchRules specify pathTemplate. + + Only one of pathPrefixRewrite and pathTemplateRewrite may be + specified. + type: string + type: object + type: object + urlRedirect: + description: The URL redirect configuration for requests + that match this route. + properties: + hostRedirect: + description: The host that will be used in the + redirect response instead of the one that was + supplied in the request. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request. + + This can only be set if there is at least one (1) edgeSslCertificate set on the service. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one that was supplied in the request. + + pathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. + + The path value must be between 1 and 1024 characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the routeRule, retaining the remaining portion of the URL before redirecting the request. + + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. + + The supported values are: + + - 'MOVED_PERMANENTLY_DEFAULT', which is the default value and corresponds to 301. + - 'FOUND', which corresponds to 302. + - 'SEE_OTHER' which corresponds to 303. + - 'TEMPORARY_REDIRECT', which corresponds to 307. in this case, the request method will be retained. + - 'PERMANENT_REDIRECT', which corresponds to 308. in this case, the request method will be retained. Possible values: ["MOVED_PERMANENTLY_DEFAULT", "FOUND", "SEE_OTHER", "TEMPORARY_REDIRECT", "PERMANENT_REDIRECT"]. + type: string + stripQuery: + description: If set to true, any accompanying + query portion of the original URL is removed + prior to redirecting the request. If set to + false, the query portion of the original URL + is retained. + type: boolean + type: object + required: + - matchRule + - priority + type: object + type: array + required: + - name + - routeRule + type: object + type: array + required: + - hostRule + - pathMatcher + type: object + sslPolicy: + description: |- + URL of the SslPolicy resource that will be associated with the EdgeCacheService. + + If not set, the EdgeCacheService has no SSL policy configured, and will default to the "COMPATIBLE" policy. + type: string + required: + - projectRef + - routing + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + ipv4Addresses: + description: The IPv4 addresses associated with this service. Addresses + are static for the lifetime of the service. + items: + type: string + type: array + ipv6Addresses: + description: The IPv6 addresses associated with this service. Addresses + are static for the lifetime of the service. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkservicesendpointpolicies.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesEndpointPolicy + plural: networkservicesendpointpolicies + shortNames: + - gcpnetworkservicesendpointpolicy + - gcpnetworkservicesendpointpolicies + singular: networkservicesendpointpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + authorizationPolicyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint. + + Allowed value: The Google Cloud resource name of a `NetworkSecurityAuthorizationPolicy` resource (format: `projects/{{project}}/locations/{{location}}/authorizationPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + clientTlsPolicyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints. More specifically, it is applied to the outgoing traffic from the proxy to the endpoint. This is typically used for sidecar model where the proxy identifies itself as endpoint to the control plane, with the connection between sidecar and endpoint requiring authentication. If this field is not set, authentication is disabled(open). Applicable only when EndpointPolicyType is SIDECAR_PROXY. + + Allowed value: The Google Cloud resource name of a `NetworkSecurityClientTLSPolicy` resource (format: `projects/{{project}}/locations/{{location}}/clientTlsPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + endpointMatcher: + description: Required. A matcher that selects endpoints to which the + policies should be applied. + properties: + metadataLabelMatcher: + description: The matcher is based on node metadata presented by + xDS clients. + properties: + metadataLabelMatchCriteria: + description: 'Specifies how matching should be done. Supported + values are: MATCH_ANY: At least one of the Labels specified + in the matcher should match the metadata presented by xDS + client. MATCH_ALL: The metadata presented by the xDS client + should contain all of the labels specified here. The selection + is determined based on the best match. For example, suppose + there are three EndpointPolicy resources P1, P2 and P3 and + if P1 has a the matcher as MATCH_ANY , P2 has MATCH_ALL + , and P3 has MATCH_ALL . If a client with label connects, + the config from P1 will be selected. If a client with label + connects, the config from P2 will be selected. If a client + with label connects, the config from P3 will be selected. + If there is more than one best match, (for example, if a + config P4 with selector exists and if a client with label + connects), an error will be thrown. Possible values: METADATA_LABEL_MATCH_CRITERIA_UNSPECIFIED, + MATCH_ANY, MATCH_ALL' + type: string + metadataLabels: + description: The list of label value pairs that must match + labels in the provided metadata based on filterMatchCriteria + This list can have at most 64 entries. The list can be empty + if the match criteria is MATCH_ANY, to specify a wildcard + match (i.e this matches any client). + items: + properties: + labelName: + description: Required. Label name presented as key in + xDS Node Metadata. + type: string + labelValue: + description: Required. Label value presented as value + corresponding to the above key, in xDS Node Metadata. + type: string + required: + - labelName + - labelValue + type: object + type: array + type: object + type: object + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serverTlsPolicyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to determine the authentication policy to be applied to terminate the inbound traffic at the identified backends. If this field is not set, authentication is disabled(open) for this endpoint. + + Allowed value: The Google Cloud resource name of a `NetworkSecurityServerTLSPolicy` resource (format: `projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + trafficPortSelector: + description: Optional. Port selector for the (matched) endpoints. + If no port selector is provided, the matched config is applied to + all ports. + properties: + ports: + description: Optional. A list of ports. Can be port numbers or + port range (example, specifies all ports from 80 to 90, including + 80 and 90) or named ports or * to specify all ports. If the + list is empty, all ports are selected. + items: + type: string + type: array + type: object + type: + description: 'Required. The type of endpoint config. This is primarily + used to validate the configuration. Possible values: ENDPOINT_CONFIG_SELECTOR_TYPE_UNSPECIFIED, + SIDECAR_PROXY, GRPC_SERVER' + type: string + required: + - endpointMatcher + - location + - projectRef + - type + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkservicesgateways.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesGateway + plural: networkservicesgateways + shortNames: + - gcpnetworkservicesgateway + - gcpnetworkservicesgateways + singular: networkservicesgateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addresses: + description: One or more addresses with ports in format of ":" that + the Gateway must receive traffic on. The proxy binds to the ports + specified. IP address can be anything that is allowed by the underlying + infrastructure (auto-allocation, static IP, BYOIP). + items: + type: string + type: array + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + location: + description: Immutable. The location for the resource + type: string + ports: + description: Required. One or more ports that the Gateway must receive + traffic on. The proxy binds to the ports specified. Gateway listen + on 0.0.0.0 on the ports specified below. + items: + format: int64 + type: integer + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + scope: + description: Immutable. Required. Immutable. Scope determines how + configuration across multiple Gateway instances are merged. The + configuration for multiple Gateway instances with the same scope + will be merged as presented as a single coniguration to the proxy/load + balancer. Max length 64 characters. Scope should start with a letter + and can only have letters, numbers, hyphens. + type: string + serverTlsPolicyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated. If empty, TLS termination is disabled. + + Allowed value: The Google Cloud resource name of a `NetworkSecurityServerTLSPolicy` resource (format: `projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: 'Immutable. Immutable. The type of the customer managed + gateway. Possible values: TYPE_UNSPECIFIED, OPEN_MESH, SECURE_WEB_GATEWAY' + type: string + required: + - location + - ports + - projectRef + - scope + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkservicesgrpcroutes.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesGRPCRoute + plural: networkservicesgrpcroutes + shortNames: + - gcpnetworkservicesgrpcroute + - gcpnetworkservicesgrpcroutes + singular: networkservicesgrpcroute + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + gateways: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + hostnames: + description: 'Required. Service hostnames with an optional port for + which this route describes traffic. Format: [:] Hostname is the + fully qualified domain name of a network host. This matches the + RFC 1123 definition of a hostname with 2 notable exceptions: - IPs + are not allowed. - A hostname may be prefixed with a wildcard label + (*.). The wildcard label must appear by itself as the first label. + Hostname can be “precise” which is a domain name without the terminating + dot of a network host (e.g. “foo.example.com”) or “wildcard”, which + is a domain name prefixed with a single wildcard label (e.g. *.example.com). + Note that as per RFC1035 and RFC1123, a label must consist of lower + case alphanumeric characters or ‘-’, and must start and end with + an alphanumeric character. No other punctuation is allowed. The + routes associated with a Router must have unique hostnames. If you + attempt to attach multiple routes with conflicting hostnames, the + configuration will be rejected. For example, while it is acceptable + for routes for the hostnames "*.foo.bar.com" and "*.bar.com" to + be associated with the same route, it is not possible to associate + two routes both with "*.bar.com" or both with "bar.com". In the + case that multiple routes match the hostname, the most specific + match will be selected. For example, "foo.bar.baz.com" will take + precedence over "*.bar.baz.com" and "*.bar.baz.com" will take precedence + over "*.baz.com". If a port is specified, then gRPC clients must + use the channel URI with the port to match this rule (i.e. "xds:///service:123"), + otherwise they must supply the URI without a port (i.e. "xds:///service").' + items: + type: string + type: array + location: + description: Immutable. The location for the resource + type: string + meshes: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesMesh` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Required. A list of detailed rules defining how to route + traffic. Within a single GrpcRoute, the GrpcRoute.RouteAction associated + with the first matching GrpcRoute.RouteRule will be executed. At + least one rule must be supplied. + items: + properties: + action: + description: Required. A detailed rule defining how to route + traffic. This field is required. + properties: + destinations: + description: Optional. The destination services to which + traffic should be forwarded. If multiple destinations + are specified, traffic will be split between Backend Service(s) + according to the weight field of these destinations. + items: + properties: + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URL of a destination service to which to route traffic. Must refer to either a BackendService or ServiceDirectoryService. + + Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + weight: + description: 'Optional. Specifies the proportion of + requests forwarded to the backend referenced by + the serviceName field. This is computed as: weight/Sum(weights + in this destination list). For non-zero values, + there may be some epsilon from the exact proportion + defined here depending on the precision an implementation + supports. If only one serviceName is specified and + it has a weight greater than 0, 100% of the traffic + is forwarded to that backend. If weights are specified + for any one service name, they need to be specified + for all of them. If weights are unspecified for + all services, then, traffic is distributed in equal + proportions to all of them.' + format: int64 + type: integer + required: + - serviceRef + type: object + type: array + faultInjectionPolicy: + description: Optional. The specification for fault injection + introduced into traffic to test the resiliency of clients + to destination service failure. As part of fault injection, + when clients send requests to a destination, delays can + be introduced on a percentage of requests before sending + those requests to the destination service. Similarly requests + from clients can be aborted by for a percentage of requests. + timeout and retry_policy will be ignored by clients that + are configured with a fault_injection_policy + properties: + abort: + description: The specification for aborting to client + requests. + properties: + httpStatus: + description: The HTTP status code used to abort + the request. The value must be between 200 and + 599 inclusive. + format: int64 + type: integer + percentage: + description: The percentage of traffic which will + be aborted. The value must be between [0, 100] + format: int64 + type: integer + type: object + delay: + description: The specification for injecting delay to + client requests. + properties: + fixedDelay: + description: Specify a fixed delay before forwarding + the request. + type: string + percentage: + description: The percentage of traffic on which + delay will be injected. The value must be between + [0, 100] + format: int64 + type: integer + type: object + type: object + retryPolicy: + description: Optional. Specifies the retry policy associated + with this route. + properties: + numRetries: + description: Specifies the allowed number of retries. + This number must be > 0. If not specpfied, default + to 1. + format: int64 + type: integer + retryConditions: + description: '- connect-failure: Router will retry on + failures connecting to Backend Services, for example + due to connection timeouts. - refused-stream: Router + will retry if the backend service resets the stream + with a REFUSED_STREAM error code. This reset type + indicates that it is safe to retry. - cancelled: Router + will retry if the gRPC status code in the response + header is set to cancelled - deadline-exceeded: Router + will retry if the gRPC status code in the response + header is set to deadline-exceeded - resource-exhausted: + Router will retry if the gRPC status code in the response + header is set to resource-exhausted - unavailable: + Router will retry if the gRPC status code in the response + header is set to unavailable' + items: + type: string + type: array + type: object + timeout: + description: Optional. Specifies the timeout for selected + route. Timeout is computed from the time the request has + been fully processed (i.e. end of stream) up until the + response has been completely processed. Timeout includes + all retries. + type: string + type: object + matches: + description: Optional. Matches define conditions used for matching + the rule against incoming gRPC requests. Each match is independent, + i.e. this rule will be matched if ANY one of the matches is + satisfied. If no matches field is specified, this rule will + unconditionally match traffic. + items: + properties: + headers: + description: Optional. Specifies a collection of headers + to match. + items: + properties: + key: + description: Required. The key of the header. + type: string + type: + description: 'Optional. Specifies how to match against + the value of the header. If not specified, a default + value of EXACT is used. Possible values: MATCH_TYPE_UNSPECIFIED, + MATCH_ANY, MATCH_ALL' + type: string + value: + description: Required. The value of the header. + type: string + required: + - key + - value + type: object + type: array + method: + description: Optional. A gRPC method to match against. + If this field is empty or omitted, will match all methods. + properties: + caseSensitive: + description: Optional. Specifies that matches are + case sensitive. The default value is true. case_sensitive + must not be used with a type of REGULAR_EXPRESSION. + type: boolean + grpcMethod: + description: Required. Name of the method to match + against. If unspecified, will match all methods. + type: string + grpcService: + description: Required. Name of the service to match + against. If unspecified, will match all services. + type: string + type: + description: 'Optional. Specifies how to match against + the name. If not specified, a default value of "EXACT" + is used. Possible values: TYPE_UNSPECIFIED, EXACT, + REGULAR_EXPRESSION' + type: string + required: + - grpcMethod + - grpcService + type: object + type: object + type: array + required: + - action + type: object + type: array + required: + - hostnames + - location + - projectRef + - rules + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkserviceshttproutes.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesHTTPRoute + plural: networkserviceshttproutes + shortNames: + - gcpnetworkserviceshttproute + - gcpnetworkserviceshttproutes + singular: networkserviceshttproute + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + gateways: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + hostnames: + description: Required. Hostnames define a set of hosts that should + match against the HTTP host header to select a HttpRoute to process + the request. Hostname is the fully qualified domain name of a network + host, as defined by RFC 1123 with the exception that ip addresses + are not allowed. Wildcard hosts are supported as "*" (no prefix + or suffix allowed). + items: + type: string + type: array + location: + description: Immutable. The location for the resource + type: string + meshes: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesMesh` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Required. Rules that define how traffic is routed and + handled. + items: + properties: + action: + description: The detailed rule defining how to route matched + traffic. + properties: + corsPolicy: + description: The specification for allowing client side + cross-origin requests. + properties: + allowCredentials: + description: In response to a preflight request, setting + this to true indicates that the actual request can + include user credentials. This translates to the Access-Control-Allow-Credentials + header. Default value is false. + type: boolean + allowHeaders: + description: Specifies the content for Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: Specifies the regular expression patterns + that match allowed origins. For regular expression + grammar, please see https://github.com/google/re2/wiki/Syntax. + items: + type: string + type: array + allowOrigins: + description: Specifies the list of origins that will + be allowed to do CORS requests. An origin is allowed + if it matches either an item in allow_origins or an + item in allow_origin_regexes. + items: + type: string + type: array + disabled: + description: If true, the CORS policy is disabled. The + default value is false, which indicates that the CORS + policy is in effect. + type: boolean + exposeHeaders: + description: Specifies the content for Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: Specifies how long result of a preflight + request can be cached in seconds. This translates + to the Access-Control-Max-Age header. + type: string + type: object + destinations: + description: The destination to which traffic should be + forwarded. + items: + properties: + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of a BackendService to route traffic to. + + Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + weight: + description: 'Specifies the proportion of requests + forwarded to the backend referenced by the serviceName + field. This is computed as: weight/Sum(weights in + this destination list). For non-zero values, there + may be some epsilon from the exact proportion defined + here depending on the precision an implementation + supports. If only one serviceName is specified and + it has a weight greater than 0, 100% of the traffic + is forwarded to that backend. If weights are specified + for any one service name, they need to be specified + for all of them. If weights are unspecified for + all services, then, traffic is distributed in equal + proportions to all of them.' + format: int64 + type: integer + type: object + type: array + faultInjectionPolicy: + description: The specification for fault injection introduced + into traffic to test the resiliency of clients to backend + service failure. As part of fault injection, when clients + send requests to a backend service, delays can be introduced + on a percentage of requests before sending those requests + to the backend service. Similarly requests from clients + can be aborted for a percentage of requests. timeout and + retry_policy will be ignored by clients that are configured + with a fault_injection_policy + properties: + abort: + description: The specification for aborting to client + requests. + properties: + httpStatus: + description: The HTTP status code used to abort + the request. The value must be between 200 and + 599 inclusive. + format: int64 + type: integer + percentage: + description: The percentage of traffic which will + be aborted. The value must be between [0, 100] + format: int64 + type: integer + type: object + delay: + description: The specification for injecting delay to + client requests. + properties: + fixedDelay: + description: Specify a fixed delay before forwarding + the request. + type: string + percentage: + description: The percentage of traffic on which + delay will be injected. The value must be between + [0, 100] + format: int64 + type: integer + type: object + type: object + redirect: + description: If set, the request is directed as configured + by this field. + properties: + hostRedirect: + description: The host that will be used in the redirect + response instead of the one that was supplied in the + request. + type: string + httpsRedirect: + description: If set to true, the URL scheme in the redirected + request is set to https. If set to false, the URL + scheme of the redirected request will remain the same + as that of the request. The default is set to false. + type: boolean + pathRedirect: + description: The path that will be used in the redirect + response instead of the one that was supplied in the + request. path_redirect can not be supplied together + with prefix_redirect. Supply one alone or neither. + If neither is supplied, the path of the original request + will be used for the redirect. + type: string + portRedirect: + description: The port that will be used in the redirected + request instead of the one that was supplied in the + request. + format: int64 + type: integer + prefixRewrite: + description: Indicates that during redirection, the + matched prefix (or path) should be swapped with this + value. This option allows URLs be dynamically created + based on the request. + type: string + responseCode: + description: 'The HTTP Status code to use for the redirect. + Possible values: MOVED_PERMANENTLY_DEFAULT, FOUND, + SEE_OTHER, TEMPORARY_REDIRECT, PERMANENT_REDIRECT' + type: string + stripQuery: + description: if set to true, any accompanying query + portion of the original URL is removed prior to redirecting + the request. If set to false, the query portion of + the original URL is retained. The default is set to + false. + type: boolean + type: object + requestHeaderModifier: + description: The specification for modifying the headers + of a matching request prior to delivery of the request + to the destination. + properties: + add: + additionalProperties: + type: string + description: Add the headers with given map where key + is the name of the header, value is the value of the + header. + type: object + remove: + description: Remove headers (matching by header names) + specified in the list. + items: + type: string + type: array + set: + additionalProperties: + type: string + description: Completely overwrite/replace the headers + with given map where key is the name of the header, + value is the value of the header. + type: object + type: object + requestMirrorPolicy: + description: Specifies the policy on how requests intended + for the routes destination are shadowed to a separate + mirrored destination. Proxy will not wait for the shadow + destination to respond before returning the response. + Prior to sending traffic to the shadow service, the host/authority + header is suffixed with -shadow. + properties: + destination: + description: The destination the requests will be mirrored + to. The weight of the destination will be ignored. + properties: + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of a BackendService to route traffic to. + + Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + weight: + description: 'Specifies the proportion of requests + forwarded to the backend referenced by the serviceName + field. This is computed as: weight/Sum(weights + in this destination list). For non-zero values, + there may be some epsilon from the exact proportion + defined here depending on the precision an implementation + supports. If only one serviceName is specified + and it has a weight greater than 0, 100% of the + traffic is forwarded to that backend. If weights + are specified for any one service name, they need + to be specified for all of them. If weights are + unspecified for all services, then, traffic is + distributed in equal proportions to all of them.' + format: int64 + type: integer + type: object + type: object + responseHeaderModifier: + description: The specification for modifying the headers + of a response prior to sending the response back to the + client. + properties: + add: + additionalProperties: + type: string + description: Add the headers with given map where key + is the name of the header, value is the value of the + header. + type: object + remove: + description: Remove headers (matching by header names) + specified in the list. + items: + type: string + type: array + set: + additionalProperties: + type: string + description: Completely overwrite/replace the headers + with given map where key is the name of the header, + value is the value of the header. + type: object + type: object + retryPolicy: + description: Specifies the retry policy associated with + this route. + properties: + numRetries: + description: Specifies the allowed number of retries. + This number must be > 0. If not specified, default + to 1. + format: int64 + type: integer + perTryTimeout: + description: Specifies a non-zero timeout per retry + attempt. + type: string + retryConditions: + description: 'Specifies one or more conditions when + this retry policy applies. Valid values are: 5xx: + Proxy will attempt a retry if the destination service + responds with any 5xx response code, of if the destination + service does not respond at all, example: disconnect, + reset, read timeout, connection failure and refused + streams. gateway-error: Similar to 5xx, but only applies + to response codes 502, 503, 504. reset: Proxy will + attempt a retry if the destination service does not + respond at all (disconnect/reset/read timeout) connect-failure: + Proxy will retry on failures connecting to destination + for example due to connection timeouts. retriable-4xx: + Proxy will retry fro retriable 4xx response codes. + Currently the only retriable error supported is 409. + refused-stream: Proxy will retry if the destination + resets the stream with a REFUSED_STREAM error code. + This reset type indicates that it is safe to retry.' + items: + type: string + type: array + type: object + timeout: + description: Specifies the timeout for selected route. Timeout + is computed from the time the request has been fully processed + (i.e. end of stream) up until the response has been completely + processed. Timeout includes all retries. + type: string + urlRewrite: + description: The specification for rewrite URL before forwarding + requests to the destination. + properties: + hostRewrite: + description: Prior to forwarding the request to the + selected destination, the requests host header is + replaced by this value. + type: string + pathPrefixRewrite: + description: Prior to forwarding the request to the + selected destination, the matching portion of the + requests path is replaced by this value. + type: string + type: object + type: object + matches: + description: A list of matches define conditions used for matching + the rule against incoming HTTP requests. Each match is independent, + i.e. this rule will be matched if ANY one of the matches is + satisfied. + items: + properties: + fullPathMatch: + description: The HTTP request path value should exactly + match this value. Only one of full_path_match, prefix_match, + or regex_match should be used. + type: string + headers: + description: Specifies a list of HTTP request headers + to match against. ALL of the supplied headers must be + matched. + items: + properties: + exactMatch: + description: The value of the header should match + exactly the content of exact_match. + type: string + header: + description: The name of the HTTP header to match + against. + type: string + invertMatch: + description: If specified, the match result will + be inverted before checking. Default value is + set to false. + type: boolean + prefixMatch: + description: The value of the header must start + with the contents of prefix_match. + type: string + presentMatch: + description: A header with header_name must exist. + The match takes place whether or not the header + has a value. + type: boolean + rangeMatch: + description: If specified, the rule will match if + the request header value is within the range. + properties: + end: + description: End of the range (exclusive) + format: int64 + type: integer + start: + description: Start of the range (inclusive) + format: int64 + type: integer + type: object + regexMatch: + description: 'The value of the header must match + the regular expression specified in regex_match. + For regular expression grammar, please see: https://github.com/google/re2/wiki/Syntax' + type: string + suffixMatch: + description: The value of the header must end with + the contents of suffix_match. + type: string + type: object + type: array + ignoreCase: + description: Specifies if prefix_match and full_path_match + matches are case sensitive. The default value is false. + type: boolean + prefixMatch: + description: The HTTP request path value must begin with + specified prefix_match. prefix_match must begin with + a /. Only one of full_path_match, prefix_match, or regex_match + should be used. + type: string + queryParameters: + description: Specifies a list of query parameters to match + against. ALL of the query parameters must be matched. + items: + properties: + exactMatch: + description: The value of the query parameter must + exactly match the contents of exact_match. Only + one of exact_match, regex_match, or present_match + must be set. + type: string + presentMatch: + description: Specifies that the QueryParameterMatcher + matches if request contains query parameter, irrespective + of whether the parameter has a value or not. Only + one of exact_match, regex_match, or present_match + must be set. + type: boolean + queryParameter: + description: The name of the query parameter to + match. + type: string + regexMatch: + description: The value of the query parameter must + match the regular expression specified by regex_match. + For regular expression grammar, please see https://github.com/google/re2/wiki/Syntax + Only one of exact_match, regex_match, or present_match + must be set. + type: string + type: object + type: array + regexMatch: + description: The HTTP request path value must satisfy + the regular expression specified by regex_match after + removing any query parameters and anchor supplied with + the original URL. For regular expression grammar, please + see https://github.com/google/re2/wiki/Syntax Only one + of full_path_match, prefix_match, or regex_match should + be used. + type: string + type: object + type: array + type: object + type: array + required: + - hostnames + - location + - projectRef + - rules + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkservicesmeshes.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesMesh + plural: networkservicesmeshes + shortNames: + - gcpnetworkservicesmesh + - gcpnetworkservicesmeshes + singular: networkservicesmesh + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + interceptionPort: + description: Optional. If set to a valid TCP port (1-65535), instructs + the SIDECAR proxy to listen on the specified port of localhost (127.0.0.1) + address. The SIDECAR proxy will expect all traffic to be redirected + to this port regardless of its actual ip:port destination. If unset, + a port '15001' is used as the interception port. This field is only + valid if the type of Mesh is SIDECAR. + format: int64 + type: integer + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkservicestcproutes.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesTCPRoute + plural: networkservicestcproutes + shortNames: + - gcpnetworkservicestcproute + - gcpnetworkservicestcproutes + singular: networkservicestcproute + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + gateways: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + meshes: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesMesh` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Required. Rules that define how traffic is routed and + handled. At least one RouteRule must be supplied. If there are multiple + rules then the action taken will be the first rule to match. + items: + properties: + action: + description: Required. The detailed rule defining how to route + matched traffic. + properties: + destinations: + description: Optional. The destination services to which + traffic should be forwarded. At least one destination + service is required. + items: + properties: + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URL of a BackendService to route traffic to. + + Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + weight: + description: 'Optional. Specifies the proportion of + requests forwarded to the backend referenced by + the serviceName field. This is computed as: weight/Sum(weights + in this destination list). For non-zero values, + there may be some epsilon from the exact proportion + defined here depending on the precision an implementation + supports. If only one serviceName is specified and + it has a weight greater than 0, 100% of the traffic + is forwarded to that backend. If weights are specified + for any one service name, they need to be specified + for all of them. If weights are unspecified for + all services, then, traffic is distributed in equal + proportions to all of them.' + format: int64 + type: integer + required: + - serviceRef + type: object + type: array + originalDestination: + description: Optional. If true, Router will use the destination + IP and port of the original connection as the destination + of the request. Default is false. + type: boolean + type: object + matches: + description: Optional. RouteMatch defines the predicate used + to match requests to a given action. Multiple match types + are “OR”ed for evaluation. If no routeMatch field is specified, + this rule will unconditionally match traffic. + items: + properties: + address: + description: 'Required. Must be specified in the CIDR + range format. A CIDR range consists of an IP Address + and a prefix length to construct the subnet mask. By + default, the prefix length is 32 (i.e. matches a single + IP address). Only IPV4 addresses are supported. Examples: + “10.0.0.1” - matches against this exact IP address. + “10.0.0.0/8" - matches against any IP address within + the 10.0.0.0 subnet and 255.255.255.0 mask. "0.0.0.0/0" + - matches against any IP address''.' + type: string + port: + description: Required. Specifies the destination port + to match against. + type: string + required: + - address + - port + type: object + type: array + required: + - action + type: object + type: array + required: + - location + - projectRef + - rules + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: networkservicestlsroutes.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesTLSRoute + plural: networkservicestlsroutes + shortNames: + - gcpnetworkservicestlsroute + - gcpnetworkservicestlsroutes + singular: networkservicestlsroute + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A free-text description of the resource. Max + length 1024 characters. + type: string + gateways: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + meshes: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `NetworkServicesMesh` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rules: + description: Required. Rules that define how traffic is routed and + handled. At least one RouteRule must be supplied. If there are multiple + rules then the action taken will be the first rule to match. + items: + properties: + action: + description: Required. The detailed rule defining how to route + matched traffic. + properties: + destinations: + description: Required. The destination services to which + traffic should be forwarded. At least one destination + service is required. + items: + properties: + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URL of a BackendService to route traffic to. + + Allowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + weight: + description: 'Optional. Specifies the proportion of + requests forwareded to the backend referenced by + the service_name field. This is computed as: weight/Sum(weights + in destinations) Weights in all destinations does + not need to sum up to 100.' + format: int64 + type: integer + required: + - serviceRef + type: object + type: array + required: + - destinations + type: object + matches: + description: Required. RouteMatch defines the predicate used + to match requests to a given action. Multiple match types + are "OR"ed for evaluation. + items: + properties: + alpn: + description: 'Optional. ALPN (Application-Layer Protocol + Negotiation) to match against. Examples: "http/1.1", + "h2". At least one of sni_host and alpn is required. + Up to 5 alpns across all matches can be set.' + items: + type: string + type: array + sniHost: + description: Optional. SNI (server name indicator) to + match against. SNI will be matched against all wildcard + domains, i.e. www.example.com will be first matched + against www.example.com, then *.example.com, then *.com. + Partial wildcards are not supported, and values like + *w.example.com are invalid. At least one of sni_host + and alpn is required. Up to 5 sni hosts across all matches + can be set. + items: + type: string + type: array + type: object + type: array + required: + - action + - matches + type: object + type: array + required: + - location + - projectRef + - rules + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: notebooksenvironments.notebooks.cnrm.cloud.google.com +spec: + group: notebooks.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NotebooksEnvironment + plural: notebooksenvironments + shortNames: + - gcpnotebooksenvironment + - gcpnotebooksenvironments + singular: notebooksenvironment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + containerImage: + description: Use a container image to start the notebook instance. + properties: + repository: + description: |- + The path to the container image repository. + For example: gcr.io/{project_id}/{imageName}. + type: string + tag: + description: The tag of the container image. If not specified, + this defaults to the latest tag. + type: string + required: + - repository + type: object + description: + description: A brief description of this environment. + type: string + displayName: + description: Display name of this environment for the UI. + type: string + locationRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `NotebooksLocation` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + postStartupScript: + description: |- + Path to a Bash script that automatically runs after a notebook instance fully boots up. + The path must be a URL or Cloud Storage path. Example: "gs://path-to-file/file-name". + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + vmImage: + description: Use a Compute Engine VM image to start the notebook instance. + properties: + imageFamily: + description: Use this VM image family to find the image; the newest + image in this family will be used. + type: string + imageName: + description: Use VM image name to find the image. + type: string + project: + description: |- + The name of the Google Cloud project that this VM image belongs to. + Format: projects/{project_id}. + type: string + required: + - project + type: object + required: + - locationRef + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Instance creation time. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: orgpolicycustomconstraints.orgpolicy.cnrm.cloud.google.com +spec: + group: orgpolicy.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OrgPolicyCustomConstraint + plural: orgpolicycustomconstraints + shortNames: + - gcporgpolicycustomconstraint + - gcporgpolicycustomconstraints + singular: orgpolicycustomconstraint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + actionType: + description: 'The action to take if the condition is met. Possible + values: ["ALLOW", "DENY"].' + type: string + condition: + description: A CEL condition that refers to a supported service resource, + for example 'resource.management.autoUpgrade == false'. For details + about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language). + type: string + description: + description: A human-friendly description of the constraint to display + as an error message when the policy is violated. + type: string + displayName: + description: A human-friendly name for the constraint. + type: string + methodTypes: + description: A list of RESTful methods for which to enforce the constraint. + Can be 'CREATE', 'UPDATE', or both. Not all Google Cloud services + support both methods. To see supported methods for each service, + find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services). + items: + type: string + type: array + parent: + description: Immutable. The parent of the resource, an organization. + Format should be 'organizations/{organization_id}'. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourceTypes: + description: Immutable. Immutable. The fully qualified name of the + Google Cloud REST resource containing the object and field you want + to restrict. For example, 'container.googleapis.com/NodePool'. + items: + type: string + type: array + required: + - actionType + - condition + - methodTypes + - parent + - resourceTypes + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The timestamp representing when the constraint + was last updated. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: osconfigguestpolicies.osconfig.cnrm.cloud.google.com +spec: + group: osconfig.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OSConfigGuestPolicy + plural: osconfigguestpolicies + shortNames: + - gcposconfigguestpolicy + - gcposconfigguestpolicies + singular: osconfigguestpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + assignment: + description: Specifies the VMs that are assigned this policy. This + allows you to target sets or groups of VMs by different parameters + such as labels, names, OS, or zones. Empty assignments will target + ALL VMs underneath this policy. Conflict Management Policies that + exist higher up in the resource hierarchy (closer to the Org) will + override those lower down if there is a conflict. At the same level + in the resource hierarchy (ie. within a project), the service will + prevent the creation of multiple policies that conflict with each + other. If there are multiple policies that specify the same config + (eg. package, software recipe, repository, etc.), the service will + ensure that no VM could potentially receive instructions from both + policies. To create multiple policies that specify different versions + of a package or different configs for different Operating Systems, + each policy must be mutually exclusive in their targeting according + to labels, OS, or other criteria. Different configs are identified + for conflicts in different ways. Packages are identified by their + name and the package manager(s) they target. Package repositories + are identified by their unique id where applicable. Some package + managers don't have a unique identifier for repositories and where + that's the case, no uniqueness is validated by the service. Note + that if OS Inventory is disabled, a VM will not be assigned a policy + that targets by OS because the service will see this VM's OS as + unknown. + properties: + groupLabels: + description: Targets instances matching at least one of these + label sets. This allows an assignment to target disparate groups, + for example "env=prod or env=staging". + items: + properties: + labels: + additionalProperties: + type: string + description: Google Compute Engine instance labels that + must be present for an instance to be included in this + assignment group. + type: object + type: object + type: array + instanceNamePrefixes: + description: Targets VM instances whose name starts with one of + these prefixes. Like labels, this is another way to group VM + instances when targeting configs, for example prefix="prod-". + Only supported for project-level policies. + items: + type: string + type: array + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + osTypes: + description: Targets VM instances matching at least one of the + following OS types. VM instances must match all supplied criteria + for a given OsType to be included. + items: + properties: + osArchitecture: + description: Targets VM instances with OS Inventory enabled + and having the following OS architecture. + type: string + osShortName: + description: Targets VM instances with OS Inventory enabled + and having the following OS short name, for example "debian" + or "windows". + type: string + osVersion: + description: Targets VM instances with OS Inventory enabled + and having the following following OS version. + type: string + type: object + type: array + zones: + description: Targets instances in any of these zones. Leave empty + to target instances in any zone. Zonal targeting is uncommon + and is supported to facilitate the management of changes by + zone. + items: + type: string + type: array + type: object + description: + description: Description of the GuestPolicy. Length of the description + is limited to 1024 characters. + type: string + packageRepositories: + description: List of package repository configurations assigned to + the VM instance. + items: + properties: + apt: + description: An Apt Repository. + properties: + archiveType: + description: 'Type of archive files in this repository. + The default behavior is DEB. Possible values: ARCHIVE_TYPE_UNSPECIFIED, + DEB, DEB_SRC' + type: string + components: + description: Required. List of components for this repository. + Must contain at least one item. + items: + type: string + type: array + distribution: + description: Required. Distribution of this repository. + type: string + gpgKey: + description: URI of the key file for this repository. The + agent maintains a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` + containing all the keys in any applied guest policy. + type: string + uri: + description: Required. URI for this repository. + type: string + required: + - distribution + - uri + type: object + goo: + description: A Goo Repository. + properties: + name: + description: Required. The name of the repository. + type: string + url: + description: Required. The url of the repository. + type: string + required: + - name + - url + type: object + yum: + description: A Yum Repository. + properties: + baseUrl: + description: Required. The location of the repository directory. + type: string + displayName: + description: The display name of the repository. + type: string + gpgKeys: + description: URIs of GPG keys. + items: + type: string + type: array + id: + description: Required. A one word, unique name for this + repository. This is the `repo id` in the Yum config file + and also the `display_name` if `display_name` is omitted. + This id is also used as the unique identifier when checking + for guest policy conflicts. + type: string + required: + - baseUrl + - id + type: object + zypper: + description: A Zypper Repository. + properties: + baseUrl: + description: Required. The location of the repository directory. + type: string + displayName: + description: The display name of the repository. + type: string + gpgKeys: + description: URIs of GPG keys. + items: + type: string + type: array + id: + description: Required. A one word, unique name for this + repository. This is the `repo id` in the zypper config + file and also the `display_name` if `display_name` is + omitted. This id is also used as the unique identifier + when checking for guest policy conflicts. + type: string + required: + - baseUrl + - id + type: object + type: object + type: array + packages: + description: List of package configurations assigned to the VM instance. + items: + properties: + desiredState: + description: 'The desired_state the agent should maintain for + this package. The default is to ensure the package is installed. + Possible values: DESIRED_STATE_UNSPECIFIED, INSTALLED, REMOVED' + type: string + manager: + description: 'Type of package manager that can be used to install + this package. If a system does not have the package manager, + the package is not installed or removed no error message is + returned. By default, or if you specify `ANY`, the agent attempts + to install and remove this package using the default package + manager. This is useful when creating a policy that applies + to different types of systems. The default behavior is ANY. + Possible values: MANAGER_UNSPECIFIED, ANY, APT, YUM, ZYPPER, + GOO' + type: string + name: + description: Required. The name of the package. A package is + uniquely identified for conflict validation by checking the + package name and the manager(s) that the package targets. + type: string + type: object + type: array + recipes: + description: Optional. A list of Recipes to install on the VM. + items: + properties: + artifacts: + description: Resources available to be used in the steps in + the recipe. + items: + properties: + allowInsecure: + description: 'Defaults to false. When false, recipes are + subject to validations based on the artifact type: Remote: + A checksum must be specified, and only protocols with + transport-layer security are permitted. GCS: An object + generation number must be specified.' + type: boolean + gcs: + description: A Google Cloud Storage artifact. + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Bucket of the Google Cloud Storage object. Given an example URL: `https://storage.googleapis.com/my-bucket/foo/bar#1234567` this value would be `my-bucket`. + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + generation: + description: Must be provided if allow_insecure is + false. Generation number of the Google Cloud Storage + object. `https://storage.googleapis.com/my-bucket/foo/bar#1234567` + this value would be `1234567`. + format: int64 + type: integer + object: + description: 'Name of the Google Cloud Storage object. + As specified [here] (https://cloud.google.com/storage/docs/naming#objectnames) + Given an example URL: `https://storage.googleapis.com/my-bucket/foo/bar#1234567` + this value would be `foo/bar`.' + type: string + type: object + id: + description: Required. Id of the artifact, which the installation + and update steps of this recipe can reference. Artifacts + in a recipe cannot have the same id. + type: string + remote: + description: A generic remote artifact. + properties: + checksum: + description: Must be provided if `allow_insecure` + is `false`. SHA256 checksum in hex format, to compare + to the checksum of the artifact. If the checksum + is not empty and it doesn't match the artifact then + the recipe installation fails before running any + of the steps. + type: string + uri: + description: 'URI from which to fetch the object. + It should contain both the protocol and path following + the format: {protocol}://{location}.' + type: string + type: object + type: object + type: array + desiredState: + description: 'Default is INSTALLED. The desired state the agent + should maintain for this recipe. INSTALLED: The software recipe + is installed on the instance but won''t be updated to new + versions. UPDATED: The software recipe is installed on the + instance. The recipe is updated to a higher version, if a + higher version of the recipe is assigned to this instance. + REMOVE: Remove is unsupported for software recipes and attempts + to create or update a recipe to the REMOVE state is rejected. + Possible values: DESIRED_STATE_UNSPECIFIED, INSTALLED, REMOVED' + type: string + installSteps: + description: Actions to be taken for installing this recipe. + On failure it stops executing steps and does not attempt another + installation. Any steps taken (including partially completed + steps) are not rolled back. + items: + properties: + archiveExtraction: + description: Extracts an archive into the specified directory. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + destination: + description: Directory to extract archive to. Defaults + to `/` on Linux or `C:` on Windows. + type: string + type: + description: 'Required. The type of the archive to + extract. Possible values: TYPE_UNSPECIFIED, VALIDATION, + DESIRED_STATE_CHECK, DESIRED_STATE_ENFORCEMENT, + DESIRED_STATE_CHECK_POST_ENFORCEMENT' + type: string + type: object + dpkgInstallation: + description: Installs a deb file via dpkg. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + type: object + fileCopy: + description: Copies a file onto the instance. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + destination: + description: Required. The absolute path on the instance + to put the file. + type: string + overwrite: + description: Whether to allow this step to overwrite + existing files. If this is false and the file already + exists the file is not overwritten and the step + is considered a success. Defaults to false. + type: boolean + permissions: + description: 'Consists of three octal digits which + represent, in order, the permissions of the owner, + group, and other users for the file (similarly to + the numeric mode used in the linux chmod utility). + Each digit represents a three bit number with the + 4 bit corresponding to the read permissions, the + 2 bit corresponds to the write bit, and the one + bit corresponds to the execute permission. Default + behavior is 755. Below are some examples of permissions + and their associated values: read, write, and execute: + 7 read and execute: 5 read and write: 6 read only: + 4' + type: string + type: object + fileExec: + description: Executes an artifact or local file. + properties: + allowedExitCodes: + description: Defaults to [0]. A list of possible return + values that the program can return to indicate a + success. + items: + format: int64 + type: integer + type: array + args: + description: Arguments to be passed to the provided + executable. + items: + type: string + type: array + artifactId: + description: The id of the relevant artifact in the + recipe. + type: string + localPath: + description: The absolute path of the file on the + local filesystem. + type: string + type: object + msiInstallation: + description: Installs an MSI file. + properties: + allowedExitCodes: + description: Return codes that indicate that the software + installed or updated successfully. Behaviour defaults + to [0] + items: + format: int64 + type: integer + type: array + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + flags: + description: The flags to use when installing the + MSI defaults to ["/i"] (i.e. the install flag). + items: + type: string + type: array + type: object + rpmInstallation: + description: Installs an rpm file via the rpm utility. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + type: object + scriptRun: + description: Runs commands in a shell. + properties: + allowedExitCodes: + description: Return codes that indicate that the software + installed or updated successfully. Behaviour defaults + to [0] + items: + format: int64 + type: integer + type: array + interpreter: + description: 'The script interpreter to use to run + the script. If no interpreter is specified the script + is executed directly, which likely only succeed + for scripts with [shebang lines](https://en.wikipedia.org/wiki/Shebang_(Unix)). + Possible values: INTERPRETER_UNSPECIFIED, NONE, + SHELL, POWERSHELL' + type: string + script: + description: Required. The shell script to be executed. + type: string + type: object + type: object + type: array + name: + description: Required. Unique identifier for the recipe. Only + one recipe with a given name is installed on an instance. + Names are also used to identify resources which helps to determine + whether guest policies have conflicts. This means that requests + to create multiple recipes with the same name and version + are rejected since they could potentially have conflicting + assignments. + type: string + updateSteps: + description: Actions to be taken for updating this recipe. On + failure it stops executing steps and does not attempt another + update for this recipe. Any steps taken (including partially + completed steps) are not rolled back. + items: + properties: + archiveExtraction: + description: Extracts an archive into the specified directory. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + destination: + description: Directory to extract archive to. Defaults + to `/` on Linux or `C:` on Windows. + type: string + type: + description: 'Required. The type of the archive to + extract. Possible values: TYPE_UNSPECIFIED, VALIDATION, + DESIRED_STATE_CHECK, DESIRED_STATE_ENFORCEMENT, + DESIRED_STATE_CHECK_POST_ENFORCEMENT' + type: string + type: object + dpkgInstallation: + description: Installs a deb file via dpkg. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + type: object + fileCopy: + description: Copies a file onto the instance. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + destination: + description: Required. The absolute path on the instance + to put the file. + type: string + overwrite: + description: Whether to allow this step to overwrite + existing files. If this is false and the file already + exists the file is not overwritten and the step + is considered a success. Defaults to false. + type: boolean + permissions: + description: 'Consists of three octal digits which + represent, in order, the permissions of the owner, + group, and other users for the file (similarly to + the numeric mode used in the linux chmod utility). + Each digit represents a three bit number with the + 4 bit corresponding to the read permissions, the + 2 bit corresponds to the write bit, and the one + bit corresponds to the execute permission. Default + behavior is 755. Below are some examples of permissions + and their associated values: read, write, and execute: + 7 read and execute: 5 read and write: 6 read only: + 4' + type: string + type: object + fileExec: + description: Executes an artifact or local file. + properties: + allowedExitCodes: + description: Defaults to [0]. A list of possible return + values that the program can return to indicate a + success. + items: + format: int64 + type: integer + type: array + args: + description: Arguments to be passed to the provided + executable. + items: + type: string + type: array + artifactId: + description: The id of the relevant artifact in the + recipe. + type: string + localPath: + description: The absolute path of the file on the + local filesystem. + type: string + type: object + msiInstallation: + description: Installs an MSI file. + properties: + allowedExitCodes: + description: Return codes that indicate that the software + installed or updated successfully. Behaviour defaults + to [0] + items: + format: int64 + type: integer + type: array + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + flags: + description: The flags to use when installing the + MSI defaults to ["/i"] (i.e. the install flag). + items: + type: string + type: array + type: object + rpmInstallation: + description: Installs an rpm file via the rpm utility. + properties: + artifactId: + description: Required. The id of the relevant artifact + in the recipe. + type: string + type: object + scriptRun: + description: Runs commands in a shell. + properties: + allowedExitCodes: + description: Return codes that indicate that the software + installed or updated successfully. Behaviour defaults + to [0] + items: + format: int64 + type: integer + type: array + interpreter: + description: 'The script interpreter to use to run + the script. If no interpreter is specified the script + is executed directly, which likely only succeed + for scripts with [shebang lines](https://en.wikipedia.org/wiki/Shebang_(Unix)). + Possible values: INTERPRETER_UNSPECIFIED, NONE, + SHELL, POWERSHELL' + type: string + script: + description: Required. The shell script to be executed. + type: string + type: object + type: object + type: array + version: + description: The version of this software recipe. Version can + be up to 4 period separated numbers (e.g. 12.34.56.78). + type: string + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. Time this GuestPolicy was created. + format: date-time + type: string + etag: + description: The etag for this GuestPolicy. If this is provided on + update, it must match the server's etag. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. Last time this GuestPolicy was updated. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: osconfigospolicyassignments.osconfig.cnrm.cloud.google.com +spec: + group: osconfig.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OSConfigOSPolicyAssignment + plural: osconfigospolicyassignments + shortNames: + - gcposconfigospolicyassignment + - gcposconfigospolicyassignments + singular: osconfigospolicyassignment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: OS policy assignment description. Length of the description + is limited to 1024 characters. + type: string + instanceFilter: + description: Required. Filter to select VMs. + properties: + all: + description: Target all VMs in the project. If true, no other + criteria is permitted. + type: boolean + exclusionLabels: + description: List of label sets used for VM exclusion. If the + list has more than one label set, the VM is excluded if any + of the label sets are applicable for the VM. + items: + properties: + labels: + additionalProperties: + type: string + description: Labels are identified by key/value pairs in + this map. A VM should contain all the key/value pairs + specified in this map to be selected. + type: object + type: object + type: array + inclusionLabels: + description: List of label sets used for VM inclusion. If the + list has more than one `LabelSet`, the VM is included if any + of the label sets are applicable for the VM. + items: + properties: + labels: + additionalProperties: + type: string + description: Labels are identified by key/value pairs in + this map. A VM should contain all the key/value pairs + specified in this map to be selected. + type: object + type: object + type: array + inventories: + description: List of inventories to select VMs. A VM is selected + if its inventory data matches at least one of the following + inventories. + items: + properties: + osShortName: + description: Required. The OS short name + type: string + osVersion: + description: The OS version Prefix matches are supported + if asterisk(*) is provided as the last character. For + example, to match all versions with a major version of + `7`, specify the following value for this field `7.*` + An empty string matches all OS versions. + type: string + required: + - osShortName + type: object + type: array + type: object + location: + description: Immutable. The location for the resource + type: string + osPolicies: + description: Required. List of OS policies to be applied to the VMs. + items: + properties: + allowNoResourceGroupMatch: + description: This flag determines the OS policy compliance status + when none of the resource groups within the policy are applicable + for a VM. Set this value to `true` if the policy needs to + be reported as compliant even if the policy has nothing to + validate or enforce. + type: boolean + description: + description: Policy description. Length of the description is + limited to 1024 characters. + type: string + id: + description: 'Required. The id of the OS policy with the following + restrictions: * Must contain only lowercase letters, numbers, + and hyphens. * Must start with a letter. * Must be between + 1-63 characters. * Must end with a number or a letter. * Must + be unique within the assignment.' + type: string + mode: + description: 'Required. Policy mode Possible values: MODE_UNSPECIFIED, + VALIDATION, ENFORCEMENT' + type: string + resourceGroups: + description: Required. List of resource groups for the policy. + For a particular VM, resource groups are evaluated in the + order specified and the first resource group that is applicable + is selected and the rest are ignored. If none of the resource + groups are applicable for a VM, the VM is considered to be + non-compliant w.r.t this policy. This behavior can be toggled + by the flag `allow_no_resource_group_match` + items: + properties: + inventoryFilters: + description: 'List of inventory filters for the resource + group. The resources in this resource group are applied + to the target VM if it satisfies at least one of the + following inventory filters. For example, to apply this + resource group to VMs running either `RHEL` or `CentOS` + operating systems, specify 2 items for the list with + following values: inventory_filters[0].os_short_name=''rhel'' + and inventory_filters[1].os_short_name=''centos'' If + the list is empty, this resource group will be applied + to the target VM unconditionally.' + items: + properties: + osShortName: + description: Required. The OS short name + type: string + osVersion: + description: The OS version Prefix matches are supported + if asterisk(*) is provided as the last character. + For example, to match all versions with a major + version of `7`, specify the following value for + this field `7.*` An empty string matches all OS + versions. + type: string + required: + - osShortName + type: object + type: array + resources: + description: Required. List of resources configured for + this resource group. The resources are executed in the + exact order specified here. + items: + properties: + exec: + description: Exec resource + properties: + enforce: + description: What to run to bring this resource + into the desired state. An exit code of 100 + indicates "success", any other exit code indicates + a failure running enforce. + properties: + args: + description: Optional arguments to pass + to the source during execution. + items: + type: string + type: array + file: + description: A remote or local file. + properties: + allowInsecure: + description: 'Defaults to false. When + false, files are subject to validations + based on the file type: Remote: A + checksum must be specified. Cloud + Storage: An object generation number + must be specified.' + type: boolean + gcs: + description: A Cloud Storage object. + properties: + bucket: + description: Required. Bucket of + the Cloud Storage object. + type: string + generation: + description: Generation number of + the Cloud Storage object. + format: int64 + type: integer + object: + description: Required. Name of the + Cloud Storage object. + type: string + required: + - bucket + - object + type: object + localPath: + description: A local path within the + VM to use. + type: string + remote: + description: A generic remote file. + properties: + sha256Checksum: + description: SHA256 checksum of + the remote file. + type: string + uri: + description: Required. URI from + which to fetch the object. It + should contain both the protocol + and path following the format + `{protocol}://{location}`. + type: string + required: + - uri + type: object + type: object + interpreter: + description: 'Required. The script interpreter + to use. Possible values: INTERPRETER_UNSPECIFIED, + NONE, SHELL, POWERSHELL' + type: string + outputFilePath: + description: Only recorded for enforce Exec. + Path to an output file (that is created + by this Exec) whose content will be recorded + in OSPolicyResourceCompliance after a + successful run. Absence or failure to + read this file will result in this ExecResource + being non-compliant. Output file size + is limited to 100K bytes. + type: string + script: + description: An inline script. The size + of the script is limited to 1024 characters. + type: string + required: + - interpreter + type: object + validate: + description: Required. What to run to validate + this resource is in the desired state. An + exit code of 100 indicates "in desired state", + and exit code of 101 indicates "not in desired + state". Any other exit code indicates a failure + running validate. + properties: + args: + description: Optional arguments to pass + to the source during execution. + items: + type: string + type: array + file: + description: A remote or local file. + properties: + allowInsecure: + description: 'Defaults to false. When + false, files are subject to validations + based on the file type: Remote: A + checksum must be specified. Cloud + Storage: An object generation number + must be specified.' + type: boolean + gcs: + description: A Cloud Storage object. + properties: + bucket: + description: Required. Bucket of + the Cloud Storage object. + type: string + generation: + description: Generation number of + the Cloud Storage object. + format: int64 + type: integer + object: + description: Required. Name of the + Cloud Storage object. + type: string + required: + - bucket + - object + type: object + localPath: + description: A local path within the + VM to use. + type: string + remote: + description: A generic remote file. + properties: + sha256Checksum: + description: SHA256 checksum of + the remote file. + type: string + uri: + description: Required. URI from + which to fetch the object. It + should contain both the protocol + and path following the format + `{protocol}://{location}`. + type: string + required: + - uri + type: object + type: object + interpreter: + description: 'Required. The script interpreter + to use. Possible values: INTERPRETER_UNSPECIFIED, + NONE, SHELL, POWERSHELL' + type: string + outputFilePath: + description: Only recorded for enforce Exec. + Path to an output file (that is created + by this Exec) whose content will be recorded + in OSPolicyResourceCompliance after a + successful run. Absence or failure to + read this file will result in this ExecResource + being non-compliant. Output file size + is limited to 100K bytes. + type: string + script: + description: An inline script. The size + of the script is limited to 1024 characters. + type: string + required: + - interpreter + type: object + required: + - validate + type: object + file: + description: File resource + properties: + content: + description: A a file with this content. The + size of the content is limited to 1024 characters. + type: string + file: + description: A remote or local source. + properties: + allowInsecure: + description: 'Defaults to false. When false, + files are subject to validations based + on the file type: Remote: A checksum must + be specified. Cloud Storage: An object + generation number must be specified.' + type: boolean + gcs: + description: A Cloud Storage object. + properties: + bucket: + description: Required. Bucket of the + Cloud Storage object. + type: string + generation: + description: Generation number of the + Cloud Storage object. + format: int64 + type: integer + object: + description: Required. Name of the Cloud + Storage object. + type: string + required: + - bucket + - object + type: object + localPath: + description: A local path within the VM + to use. + type: string + remote: + description: A generic remote file. + properties: + sha256Checksum: + description: SHA256 checksum of the + remote file. + type: string + uri: + description: Required. URI from which + to fetch the object. It should contain + both the protocol and path following + the format `{protocol}://{location}`. + type: string + required: + - uri + type: object + type: object + path: + description: Required. The absolute path of + the file within the VM. + type: string + permissions: + description: 'Consists of three octal digits + which represent, in order, the permissions + of the owner, group, and other users for the + file (similarly to the numeric mode used in + the linux chmod utility). Each digit represents + a three bit number with the 4 bit corresponding + to the read permissions, the 2 bit corresponds + to the write bit, and the one bit corresponds + to the execute permission. Default behavior + is 755. Below are some examples of permissions + and their associated values: read, write, + and execute: 7 read and execute: 5 read and + write: 6 read only: 4' + type: string + state: + description: 'Required. Desired state of the + file. Possible values: OS_POLICY_COMPLIANCE_STATE_UNSPECIFIED, + COMPLIANT, NON_COMPLIANT, UNKNOWN, NO_OS_POLICIES_APPLICABLE' + type: string + required: + - path + - state + type: object + id: + description: 'Required. The id of the resource with + the following restrictions: * Must contain only + lowercase letters, numbers, and hyphens. * Must + start with a letter. * Must be between 1-63 characters. + * Must end with a number or a letter. * Must be + unique within the OS policy.' + type: string + pkg: + description: Package resource + properties: + apt: + description: A package managed by Apt. + properties: + name: + description: Required. Package name. + type: string + required: + - name + type: object + deb: + description: A deb package file. + properties: + pullDeps: + description: 'Whether dependencies should + also be installed. - install when false: + `dpkg -i package` - install when true: + `apt-get update && apt-get -y install + package.deb`' + type: boolean + source: + description: Required. A deb package. + properties: + allowInsecure: + description: 'Defaults to false. When + false, files are subject to validations + based on the file type: Remote: A + checksum must be specified. Cloud + Storage: An object generation number + must be specified.' + type: boolean + gcs: + description: A Cloud Storage object. + properties: + bucket: + description: Required. Bucket of + the Cloud Storage object. + type: string + generation: + description: Generation number of + the Cloud Storage object. + format: int64 + type: integer + object: + description: Required. Name of the + Cloud Storage object. + type: string + required: + - bucket + - object + type: object + localPath: + description: A local path within the + VM to use. + type: string + remote: + description: A generic remote file. + properties: + sha256Checksum: + description: SHA256 checksum of + the remote file. + type: string + uri: + description: Required. URI from + which to fetch the object. It + should contain both the protocol + and path following the format + `{protocol}://{location}`. + type: string + required: + - uri + type: object + type: object + required: + - source + type: object + desiredState: + description: 'Required. The desired state the + agent should maintain for this package. Possible + values: DESIRED_STATE_UNSPECIFIED, INSTALLED, + REMOVED' + type: string + googet: + description: A package managed by GooGet. + properties: + name: + description: Required. Package name. + type: string + required: + - name + type: object + msi: + description: An MSI package. + properties: + properties: + description: Additional properties to use + during installation. This should be in + the format of Property=Setting. Appended + to the defaults of `ACTION=INSTALL REBOOT=ReallySuppress`. + items: + type: string + type: array + source: + description: Required. The MSI package. + properties: + allowInsecure: + description: 'Defaults to false. When + false, files are subject to validations + based on the file type: Remote: A + checksum must be specified. Cloud + Storage: An object generation number + must be specified.' + type: boolean + gcs: + description: A Cloud Storage object. + properties: + bucket: + description: Required. Bucket of + the Cloud Storage object. + type: string + generation: + description: Generation number of + the Cloud Storage object. + format: int64 + type: integer + object: + description: Required. Name of the + Cloud Storage object. + type: string + required: + - bucket + - object + type: object + localPath: + description: A local path within the + VM to use. + type: string + remote: + description: A generic remote file. + properties: + sha256Checksum: + description: SHA256 checksum of + the remote file. + type: string + uri: + description: Required. URI from + which to fetch the object. It + should contain both the protocol + and path following the format + `{protocol}://{location}`. + type: string + required: + - uri + type: object + type: object + required: + - source + type: object + rpm: + description: An rpm package file. + properties: + pullDeps: + description: 'Whether dependencies should + also be installed. - install when false: + `rpm --upgrade --replacepkgs package.rpm` + - install when true: `yum -y install package.rpm` + or `zypper -y install package.rpm`' + type: boolean + source: + description: Required. An rpm package. + properties: + allowInsecure: + description: 'Defaults to false. When + false, files are subject to validations + based on the file type: Remote: A + checksum must be specified. Cloud + Storage: An object generation number + must be specified.' + type: boolean + gcs: + description: A Cloud Storage object. + properties: + bucket: + description: Required. Bucket of + the Cloud Storage object. + type: string + generation: + description: Generation number of + the Cloud Storage object. + format: int64 + type: integer + object: + description: Required. Name of the + Cloud Storage object. + type: string + required: + - bucket + - object + type: object + localPath: + description: A local path within the + VM to use. + type: string + remote: + description: A generic remote file. + properties: + sha256Checksum: + description: SHA256 checksum of + the remote file. + type: string + uri: + description: Required. URI from + which to fetch the object. It + should contain both the protocol + and path following the format + `{protocol}://{location}`. + type: string + required: + - uri + type: object + type: object + required: + - source + type: object + yum: + description: A package managed by YUM. + properties: + name: + description: Required. Package name. + type: string + required: + - name + type: object + zypper: + description: A package managed by Zypper. + properties: + name: + description: Required. Package name. + type: string + required: + - name + type: object + required: + - desiredState + type: object + repository: + description: Package repository resource + properties: + apt: + description: An Apt Repository. + properties: + archiveType: + description: 'Required. Type of archive + files in this repository. Possible values: + ARCHIVE_TYPE_UNSPECIFIED, DEB, DEB_SRC' + type: string + components: + description: Required. List of components + for this repository. Must contain at least + one item. + items: + type: string + type: array + distribution: + description: Required. Distribution of this + repository. + type: string + gpgKey: + description: URI of the key file for this + repository. The agent maintains a keyring + at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg`. + type: string + uri: + description: Required. URI for this repository. + type: string + required: + - archiveType + - components + - distribution + - uri + type: object + goo: + description: A Goo Repository. + properties: + name: + description: Required. The name of the repository. + type: string + url: + description: Required. The url of the repository. + type: string + required: + - name + - url + type: object + yum: + description: A Yum Repository. + properties: + baseUrl: + description: Required. The location of the + repository directory. + type: string + displayName: + description: The display name of the repository. + type: string + gpgKeys: + description: URIs of GPG keys. + items: + type: string + type: array + id: + description: Required. A one word, unique + name for this repository. This is the + `repo id` in the yum config file and also + the `display_name` if `display_name` is + omitted. This id is also used as the unique + identifier when checking for resource + conflicts. + type: string + required: + - baseUrl + - id + type: object + zypper: + description: A Zypper Repository. + properties: + baseUrl: + description: Required. The location of the + repository directory. + type: string + displayName: + description: The display name of the repository. + type: string + gpgKeys: + description: URIs of GPG keys. + items: + type: string + type: array + id: + description: Required. A one word, unique + name for this repository. This is the + `repo id` in the zypper config file and + also the `display_name` if `display_name` + is omitted. This id is also used as the + unique identifier when checking for GuestPolicy + conflicts. + type: string + required: + - baseUrl + - id + type: object + type: object + required: + - id + type: object + type: array + required: + - resources + type: object + type: array + required: + - id + - mode + - resourceGroups + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rollout: + description: 'Required. Rollout to deploy the OS policy assignment. + A rollout is triggered in the following situations: 1) OSPolicyAssignment + is created. 2) OSPolicyAssignment is updated and the update contains + changes to one of the following fields: - instance_filter - os_policies + 3) OSPolicyAssignment is deleted.' + properties: + disruptionBudget: + description: Required. The maximum number (or percentage) of VMs + per zone to disrupt at any given moment. + properties: + fixed: + description: Specifies a fixed value. + format: int64 + type: integer + percent: + description: Specifies the relative value defined as a percentage, + which will be multiplied by a reference value. + format: int64 + type: integer + type: object + minWaitDuration: + description: Required. This determines the minimum duration of + time to wait after the configuration changes are applied through + the current rollout. A VM continues to count towards the `disruption_budget` + at least until this duration of time has passed after configuration + changes are applied. + type: string + required: + - disruptionBudget + - minWaitDuration + type: object + skipAwaitRollout: + description: Set to true to skip awaiting rollout during resource + creation and update. + type: boolean + required: + - instanceFilter + - location + - osPolicies + - projectRef + - rollout + type: object + status: + properties: + baseline: + description: Output only. Indicates that this revision has been successfully + rolled out in this zone and new VMs will be assigned OS policies + from this revision. For a given OS policy assignment, there is only + one revision with a value of `true` for this field. + type: boolean + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + deleted: + description: Output only. Indicates that this revision deletes the + OS policy assignment. + type: boolean + etag: + description: The etag for this OS policy assignment. If this is provided + on update, it must match the server's etag. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + reconciling: + description: 'Output only. Indicates that reconciliation is in progress + for the revision. This value is `true` when the `rollout_state` + is one of: * IN_PROGRESS * CANCELLING' + type: boolean + revisionCreateTime: + description: Output only. The timestamp that the revision was created. + format: date-time + type: string + revisionId: + description: Output only. The assignment revision ID A new revision + is committed whenever a rollout is triggered for a OS policy assignment + type: string + rolloutState: + description: 'Output only. OS policy assignment rollout state Possible + values: ROLLOUT_STATE_UNSPECIFIED, IN_PROGRESS, CANCELLING, CANCELLED, + SUCCEEDED' + type: string + uid: + description: Output only. Server generated unique id for the OS policy + assignment resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: osconfigpatchdeployments.osconfig.cnrm.cloud.google.com +spec: + group: osconfig.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OSConfigPatchDeployment + plural: osconfigpatchdeployments + shortNames: + - gcposconfigpatchdeployment + - gcposconfigpatchdeployments + singular: osconfigpatchdeployment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. Description of the patch deployment. Length + of the description is limited to 1024 characters. + type: string + duration: + description: |- + Immutable. Duration of the patch. After the duration ends, the patch times out. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + instanceFilter: + description: Immutable. VM instances to patch. + properties: + all: + description: Immutable. Target all VM instances in the project. + If true, no other criteria is permitted. + type: boolean + groupLabels: + description: Immutable. Targets VM instances matching ANY of these + GroupLabels. This allows targeting of disparate groups of VM + instances. + items: + properties: + labels: + additionalProperties: + type: string + description: Immutable. Compute Engine instance labels that + must be present for a VM instance to be targeted by this + filter. + type: object + required: + - labels + type: object + type: array + instanceNamePrefixes: + description: |- + Immutable. Targets VMs whose name starts with one of these prefixes. Similar to labels, this is another way to group + VMs when targeting configs, for example prefix="prod-". + items: + type: string + type: array + instances: + description: |- + Immutable. Targets any of the VM instances specified. Instances are specified by their URI in the 'form zones/{{zone}}/instances/{{instance_name}}', + 'projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}', or + 'https://www.googleapis.com/compute/v1/projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}'. + items: + type: string + type: array + zones: + description: Immutable. Targets VM instances in ANY of these zones. + Leave empty to target VM instances in any zone. + items: + type: string + type: array + type: object + oneTimeSchedule: + description: Immutable. Schedule a one-time execution. + properties: + executeTime: + description: |- + Immutable. The desired patch job execution time. A timestamp in RFC3339 UTC "Zulu" format, + accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + required: + - executeTime + type: object + patchConfig: + description: Immutable. Patch configuration that is applied. + properties: + apt: + description: Immutable. Apt update settings. Use this setting + to override the default apt patch rules. + properties: + excludes: + description: Immutable. List of packages to exclude from update. + These packages will be excluded. + items: + type: string + type: array + exclusivePackages: + description: |- + Immutable. An exclusive list of packages to be updated. These are the only packages that will be updated. + If these packages are not installed, they will be ignored. This field cannot be specified with + any other patch configuration fields. + items: + type: string + type: array + type: + description: 'Immutable. By changing the type to DIST, the + patching is performed using apt-get dist-upgrade instead. + Possible values: ["DIST", "UPGRADE"].' + type: string + type: object + goo: + description: Immutable. goo update settings. Use this setting + to override the default goo patch rules. + properties: + enabled: + description: Immutable. goo update settings. Use this setting + to override the default goo patch rules. + type: boolean + required: + - enabled + type: object + migInstancesAllowed: + description: Immutable. Allows the patch job to run on Managed + instance groups (MIGs). + type: boolean + postStep: + description: Immutable. The ExecStep to run after the patch update. + properties: + linuxExecStepConfig: + description: Immutable. The ExecStepConfig for all Linux VMs + targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + windowsExecStepConfig: + description: Immutable. The ExecStepConfig for all Windows + VMs targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + type: object + preStep: + description: Immutable. The ExecStep to run before the patch update. + properties: + linuxExecStepConfig: + description: Immutable. The ExecStepConfig for all Linux VMs + targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + windowsExecStepConfig: + description: Immutable. The ExecStepConfig for all Windows + VMs targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + type: object + rebootConfig: + description: 'Immutable. Post-patch reboot settings. Possible + values: ["DEFAULT", "ALWAYS", "NEVER"].' + type: string + windowsUpdate: + description: Immutable. Windows update settings. Use this setting + to override the default Windows patch rules. + properties: + classifications: + description: 'Immutable. Only apply updates of these windows + update classifications. If empty, all updates are applied. + Possible values: ["CRITICAL", "SECURITY", "DEFINITION", + "DRIVER", "FEATURE_PACK", "SERVICE_PACK", "TOOL", "UPDATE_ROLLUP", + "UPDATE"].' + items: + type: string + type: array + excludes: + description: Immutable. List of KBs to exclude from update. + items: + type: string + type: array + exclusivePatches: + description: |- + Immutable. An exclusive list of kbs to be updated. These are the only patches that will be updated. + This field must not be used with other patch configurations. + items: + type: string + type: array + type: object + yum: + description: Immutable. Yum update settings. Use this setting + to override the default yum patch rules. + properties: + excludes: + description: Immutable. List of packages to exclude from update. + These packages will be excluded. + items: + type: string + type: array + exclusivePackages: + description: |- + Immutable. An exclusive list of packages to be updated. These are the only packages that will be updated. + If these packages are not installed, they will be ignored. This field cannot be specified with + any other patch configuration fields. + items: + type: string + type: array + minimal: + description: Immutable. Will cause patch to run yum update-minimal + instead. + type: boolean + security: + description: Immutable. Adds the --security flag to yum update. + Not supported on all platforms. + type: boolean + type: object + zypper: + description: Immutable. zypper update settings. Use this setting + to override the default zypper patch rules. + properties: + categories: + description: Immutable. Install only patches with these categories. + Common categories include security, recommended, and feature. + items: + type: string + type: array + excludes: + description: Immutable. List of packages to exclude from update. + items: + type: string + type: array + exclusivePatches: + description: |- + Immutable. An exclusive list of patches to be updated. These are the only patches that will be installed using 'zypper patch patch:' command. + This field must not be used with any other patch configuration fields. + items: + type: string + type: array + severities: + description: Immutable. Install only patches with these severities. + Common severities include critical, important, moderate, + and low. + items: + type: string + type: array + withOptional: + description: Immutable. Adds the --with-optional flag to zypper + patch. + type: boolean + withUpdate: + description: Immutable. Adds the --with-update flag, to zypper + patch. + type: boolean + type: object + type: object + patchDeploymentId: + description: |- + Immutable. A name for the patch deployment in the project. When creating a name the following rules apply: + * Must contain only lowercase letters, numbers, and hyphens. + * Must start with a letter. + * Must be between 1-63 characters. + * Must end with a number or a letter. + * Must be unique within the project. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + recurringSchedule: + description: Immutable. Schedule recurring executions. + properties: + endTime: + description: |- + Immutable. The end time at which a recurring patch deployment schedule is no longer active. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + lastExecuteTime: + description: |- + The time the last patch job ran successfully. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + monthly: + description: Immutable. Schedule with monthly executions. + properties: + monthDay: + description: |- + Immutable. One day of the month. 1-31 indicates the 1st to the 31st day. -1 indicates the last day of the month. + Months without the target day will be skipped. For example, a schedule to run "every month on the 31st" + will not run in February, April, June, etc. + type: integer + weekDayOfMonth: + description: Immutable. Week day in a month. + properties: + dayOfWeek: + description: 'Immutable. A day of the week. Possible values: + ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", + "SATURDAY", "SUNDAY"].' + type: string + weekOrdinal: + description: Immutable. Week number in a month. 1-4 indicates + the 1st to 4th week of the month. -1 indicates the last + week of the month. + type: integer + required: + - dayOfWeek + - weekOrdinal + type: object + type: object + nextExecuteTime: + description: |- + The time the next patch job is scheduled to run. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + startTime: + description: |- + Immutable. The time that the recurring schedule becomes effective. Defaults to createTime of the patch deployment. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + timeOfDay: + description: Immutable. Time of the day to run a recurring deployment. + properties: + hours: + description: |- + Immutable. Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Immutable. Minutes of hour of day. Must be from + 0 to 59. + type: integer + nanos: + description: Immutable. Fractions of seconds in nanoseconds. + Must be from 0 to 999,999,999. + type: integer + seconds: + description: Immutable. Seconds of minutes of the time. Must + normally be from 0 to 59. An API may allow the value 60 + if it allows leap-seconds. + type: integer + type: object + timeZone: + description: |- + Immutable. Defines the time zone that timeOfDay is relative to. The rules for daylight saving time are + determined by the chosen time zone. + properties: + id: + description: Immutable. IANA Time Zone Database time zone, + e.g. "America/New_York". + type: string + version: + description: Immutable. IANA Time Zone Database version number, + e.g. "2019a". + type: string + required: + - id + type: object + weekly: + description: Immutable. Schedule with weekly executions. + properties: + dayOfWeek: + description: 'Immutable. IANA Time Zone Database time zone, + e.g. "America/New_York". Possible values: ["MONDAY", "TUESDAY", + "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"].' + type: string + required: + - dayOfWeek + type: object + required: + - timeOfDay + - timeZone + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + rollout: + description: Immutable. Rollout strategy of the patch job. + properties: + disruptionBudget: + description: |- + Immutable. The maximum number (or percentage) of VMs per zone to disrupt at any given moment. The number of VMs calculated from multiplying the percentage by the total number of VMs in a zone is rounded up. + During patching, a VM is considered disrupted from the time the agent is notified to begin until patching has completed. This disruption time includes the time to complete reboot and any post-patch steps. + A VM contributes to the disruption budget if its patching operation fails either when applying the patches, running pre or post patch steps, or if it fails to respond with a success notification before timing out. VMs that are not running or do not have an active agent do not count toward this disruption budget. + For zone-by-zone rollouts, if the disruption budget in a zone is exceeded, the patch job stops, because continuing to the next zone requires completion of the patch process in the previous zone. + For example, if the disruption budget has a fixed value of 10, and 8 VMs fail to patch in the current zone, the patch job continues to patch 2 VMs at a time until the zone is completed. When that zone is completed successfully, patching begins with 10 VMs at a time in the next zone. If 10 VMs in the next zone fail to patch, the patch job stops. + properties: + fixed: + description: Immutable. Specifies a fixed value. + type: integer + percentage: + description: Immutable. Specifies the relative value defined + as a percentage, which will be multiplied by a reference + value. + type: integer + type: object + mode: + description: 'Immutable. Mode of the patch rollout. Possible values: + ["ZONE_BY_ZONE", "CONCURRENT_ZONES"].' + type: string + required: + - disruptionBudget + - mode + type: object + required: + - instanceFilter + - patchDeploymentId + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Time the patch deployment was created. Timestamp is in RFC3339 text format. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + lastExecuteTime: + description: |- + The last time a patch job was started by this deployment. Timestamp is in RFC3339 text format. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + name: + description: |- + Unique name for the patch deployment resource in a project. + The patch deployment name is in the form: projects/{project_id}/patchDeployments/{patchDeploymentId}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + Time the patch deployment was last updated. Timestamp is in RFC3339 text format. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: osloginsshpublickeys.oslogin.cnrm.cloud.google.com +spec: + group: oslogin.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OSLoginSSHPublicKey + plural: osloginsshpublickeys + shortNames: + - gcposloginsshpublickey + - gcposloginsshpublickeys + singular: osloginsshpublickey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + expirationTimeUsec: + description: An expiration time in microseconds since epoch. + type: string + key: + description: Immutable. Public key text in SSH format, defined by + RFC4253 section 6.6. + type: string + project: + description: Immutable. The project ID of the Google Cloud Platform + project. + type: string + resourceID: + description: Immutable. Optional. The service-generated fingerprint + of the resource. Used for acquisition only. Leave unset to create + a new resource. + type: string + user: + description: Immutable. The user email. + type: string + required: + - key + - user + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + fingerprint: + description: The SHA-256 fingerprint of the SSH public key. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacapools.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACAPool + plural: privatecacapools + shortNames: + - gcpprivatecacapool + - gcpprivatecacapools + singular: privatecacapool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + issuancePolicy: + description: Optional. The IssuancePolicy to control how Certificates + will be issued from this CaPool. + properties: + allowedIssuanceModes: + description: Optional. If specified, then only methods allowed + in the IssuanceModes may be used to issue Certificates. + properties: + allowConfigBasedIssuance: + description: Optional. When true, allows callers to create + Certificates by specifying a CertificateConfig. + type: boolean + allowCsrBasedIssuance: + description: Optional. When true, allows callers to create + Certificates by specifying a CSR. + type: boolean + type: object + allowedKeyTypes: + description: Optional. If any AllowedKeyType is specified, then + the certificate request's public key must match one of the key + types listed here. Otherwise, any key may be used. + items: + properties: + ellipticCurve: + description: Represents an allowed Elliptic Curve key type. + properties: + signatureAlgorithm: + description: 'Optional. A signature algorithm that must + be used. If this is omitted, any EC-based signature + algorithm will be allowed. Possible values: EC_SIGNATURE_ALGORITHM_UNSPECIFIED, + ECDSA_P256, ECDSA_P384, EDDSA_25519' + type: string + type: object + rsa: + description: Represents an allowed RSA key type. + properties: + maxModulusSize: + description: Optional. The maximum allowed RSA modulus + size, in bits. If this is not set, or if set to zero, + the service will not enforce an explicit upper bound + on RSA modulus sizes. + format: int64 + type: integer + minModulusSize: + description: Optional. The minimum allowed RSA modulus + size, in bits. If this is not set, or if set to zero, + the service-level min RSA modulus size will continue + to apply. + format: int64 + type: integer + type: object + type: object + type: array + baselineValues: + description: Optional. A set of X.509 values that will be applied + to all certificates issued through this CaPool. If a certificate + request includes conflicting values for the same properties, + they will be overwritten by the values defined here. If a certificate + request uses a CertificateTemplate that defines conflicting + predefined_values for the same properties, the certificate issuance + request will fail. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does not + know how to handle this extension, the client should + consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Required. The value of this X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. + If this value is missing, the max path length will be + omitted from the CA certificate. + format: int64 + type: integer + zeroMaxIssuerPathLength: + description: Optional. When true, the "path length constraint" + in Basic Constraints extension will be set to 0. if + both max_issuer_path_length and zero_max_issuer_path_length + are unset, the max path length will be omitted from + the CA certificate. + type: boolean + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + identityConstraints: + description: Optional. Describes constraints on identities that + may appear in Certificates issued through this CaPool. If this + is omitted, then this CaPool will not add restrictions on a + certificate's identity. + properties: + allowSubjectAltNamesPassthrough: + description: Required. If this is true, the SubjectAltNames + extension may be copied from a certificate request into + the signed certificate. Otherwise, the requested SubjectAltNames + will be discarded. + type: boolean + allowSubjectPassthrough: + description: Required. If this is true, the Subject field + may be copied from a certificate request into the signed + certificate. Otherwise, the requested Subject will be discarded. + type: boolean + celExpression: + description: Optional. A CEL expression that may be used to + validate the resolved X.509 Subject and/or Subject Alternative + Name before a certificate is signed. To see the full allowed + syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel + properties: + description: + description: Optional. Description of the expression. + This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in + Common Expression Language syntax. + type: string + location: + description: Optional. String indicating the location + of the expression for error reporting, e.g. a file name + and a position in the file. + type: string + title: + description: Optional. Title for the expression, i.e. + a short string describing its purpose. This can be used + e.g. in UIs which allow to enter the expression. + type: string + type: object + required: + - allowSubjectAltNamesPassthrough + - allowSubjectPassthrough + type: object + maximumLifetime: + description: Optional. The maximum lifetime allowed for issued + Certificates. Note that if the issuing CertificateAuthority + expires before a Certificate's requested maximum_lifetime, the + effective lifetime will be explicitly truncated to match it. + type: string + passthroughExtensions: + description: Optional. Describes the set of X.509 extensions that + may appear in a Certificate issued through this CaPool. If a + certificate request sets extensions that don't appear in the + passthrough_extensions, those extensions will be dropped. If + a certificate request uses a CertificateTemplate with predefined_values + that don't appear here, the certificate issuance request will + fail. If this is omitted, then this CaPool will not add restrictions + on a certificate's X.509 extensions. These constraints do not + apply to X.509 extensions set in this CaPool's baseline_values. + properties: + additionalExtensions: + description: Optional. A set of ObjectIds identifying custom + X.509 extensions. Will be combined with known_extensions + to determine the full set of X.509 extensions. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + knownExtensions: + description: Optional. A set of named X.509 extensions. Will + be combined with additional_extensions to determine the + full set of X.509 extensions. + items: + type: string + type: array + type: object + type: object + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + publishingOptions: + description: Optional. The PublishingOptions to follow when issuing + Certificates from any CertificateAuthority in this CaPool. + properties: + publishCaCert: + description: Optional. When true, publishes each CertificateAuthority's + CA certificate and includes its URL in the "Authority Information + Access" X.509 extension in all issued Certificates. If this + is false, the CA certificate will not be published and the corresponding + X.509 extension will not be written in issued certificates. + type: boolean + publishCrl: + description: Optional. When true, publishes each CertificateAuthority's + CRL and includes its URL in the "CRL Distribution Points" X.509 + extension in all issued Certificates. If this is false, CRLs + will not be published and the corresponding X.509 extension + will not be written in issued certificates. CRLs will expire + 7 days from their creation. However, we will rebuild daily. + CRLs are also rebuilt shortly after a certificate is revoked. + type: boolean + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tier: + description: 'Immutable. Required. Immutable. The Tier of this CaPool. + Possible values: TIER_UNSPECIFIED, ENTERPRISE, DEVOPS' + type: string + required: + - location + - projectRef + - tier + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificateauthorities.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificateAuthority + plural: privatecacertificateauthorities + shortNames: + - gcpprivatecacertificateauthority + - gcpprivatecacertificateauthorities + singular: privatecacertificateauthority + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + caPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The caPool for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + config: + description: Immutable. Required. Immutable. The config used to create + a self-signed X.509 certificate or CSR. + properties: + subjectConfig: + description: Immutable. Required. Specifies some of the values + in a certificate that are related to the subject. + properties: + subject: + description: Immutable. Required. Contains distinguished name + fields such as the common name, location and organization. + properties: + commonName: + description: Immutable. The "common name" of the subject. + type: string + countryCode: + description: Immutable. The country code of the subject. + type: string + locality: + description: Immutable. The locality or city of the subject. + type: string + organization: + description: Immutable. The organization of the subject. + type: string + organizationalUnit: + description: Immutable. The organizational_unit of the + subject. + type: string + postalCode: + description: Immutable. The postal code of the subject. + type: string + province: + description: Immutable. The province, territory, or regional + state of the subject. + type: string + streetAddress: + description: Immutable. The street address of the subject. + type: string + type: object + subjectAltName: + description: Immutable. Optional. The subject alternative + name fields. + properties: + customSans: + description: Immutable. Contains additional subject alternative + name values. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the + client does not know how to handle this extension, + the client should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this + X.509 extension. + properties: + objectIdPath: + description: Immutable. Required. The parts + of an OID path. The most significant parts + of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + dnsNames: + description: Immutable. Contains only valid, fully-qualified + host names. + items: + type: string + type: array + emailAddresses: + description: Immutable. Contains only valid RFC 2822 E-mail + addresses. + items: + type: string + type: array + ipAddresses: + description: Immutable. Contains only valid 32-bit IPv4 + addresses or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Immutable. Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + required: + - subject + type: object + x509Config: + description: Immutable. Required. Describes how some of the technical + X.509 fields in a certificate should be populated. + properties: + additionalExtensions: + description: Immutable. Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the client + does not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + caOptions: + description: Immutable. Optional. Describes options in this + X509Parameters that are relevant in a CA certificate. + properties: + isCa: + description: Immutable. Optional. Refers to the "CA" X.509 + extension, which is a boolean value. When this value + is missing, the extension will be omitted from the CA + certificate. + type: boolean + maxIssuerPathLength: + description: Immutable. Optional. Refers to the path length + restriction X.509 extension. For a CA certificate, this + value describes the depth of subordinate CA certificates + that are allowed. If this value is less than 0, the + request will fail. If this value is missing, the max + path length will be omitted from the CA certificate. + format: int64 + type: integer + zeroMaxIssuerPathLength: + description: Immutable. Optional. When true, the "path + length constraint" in Basic Constraints extension will + be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length + are unset, the max path length will be omitted from + the CA certificate. + type: boolean + type: object + keyUsage: + description: Immutable. Optional. Indicates the intended use + for keys that correspond to a certificate. + properties: + baseKeyUsage: + description: Immutable. Describes high-level ways in which + a key may be used. + properties: + certSign: + description: Immutable. The key may be used to sign + certificates. + type: boolean + contentCommitment: + description: Immutable. The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: Immutable. The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: Immutable. The key may be used to encipher + data. + type: boolean + decipherOnly: + description: Immutable. The key may be used to decipher + only. + type: boolean + digitalSignature: + description: Immutable. The key may be used for digital + signatures. + type: boolean + encipherOnly: + description: Immutable. The key may be used to encipher + only. + type: boolean + keyAgreement: + description: Immutable. The key may be used in a key + agreement protocol. + type: boolean + keyEncipherment: + description: Immutable. The key may be used to encipher + other keys. + type: boolean + type: object + extendedKeyUsage: + description: Immutable. Detailed scenarios in which a + key may be used. + properties: + clientAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Immutable. Used to describe extended key + usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Immutable. Optional. Describes the X.509 certificate + policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an OID + path. The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + required: + - subjectConfig + - x509Config + type: object + gcsBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as `gs://`) or suffixes (such as `.googleapis.com`). For example, to use a bucket named `my-bucket`, you would simply specify `my-bucket`. If not specified, a managed bucket will be created. + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + keySpec: + description: Immutable. Required. Immutable. Used when issuing certificates + for this CertificateAuthority. If this CertificateAuthority is a + self-signed CertificateAuthority, this key is also used to sign + the self-signed CA certificate. Otherwise, it is used to sign a + CSR. + properties: + algorithm: + description: 'Immutable. The algorithm to use for creating a managed + Cloud KMS key for a for a simplified experience. All managed + keys will be have their ProtectionLevel as `HSM`. Possible values: + RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, + RSA_PKCS1_2048_SHA256, RSA_PKCS1_3072_SHA256, RSA_PKCS1_4096_SHA256, + EC_P256_SHA256, EC_P384_SHA384' + type: string + cloudKmsKeyVersionRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The resource name for an existing Cloud KMS CryptoKeyVersion + in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. + This option enables full flexibility in the key's capabilities + and properties. + type: string + name: + description: |- + [WARNING] KMSCryptoKeyVersion not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + lifetime: + description: Immutable. Required. The desired lifetime of the CA certificate. + Used to create the "not_before_time" and "not_after_time" fields + inside an X.509 certificate. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. Required. Immutable. The Type of this CertificateAuthority. + Possible values: SELF_SIGNED, SUBORDINATE' + type: string + required: + - caPoolRef + - config + - keySpec + - lifetime + - location + - projectRef + - type + type: object + status: + properties: + accessUrls: + description: Output only. URLs for accessing content published by + this CA, such as the CA certificate and CRLs. + properties: + caCertificateAccessUrl: + description: The URL where this CertificateAuthority's CA certificate + is published. This will only be set for CAs that have been activated. + type: string + crlAccessUrls: + description: The URLs where this CertificateAuthority's CRLs are + published. This will only be set for CAs that have been activated. + items: + type: string + type: array + type: object + caCertificateDescriptions: + description: Output only. A structured description of this CertificateAuthority's + CA certificate and its issuers. Ordered as self-to-root. + items: + properties: + aiaIssuingCertificateUrls: + description: Describes lists of issuer CA certificate URLs that + appear in the "Authority Information Access" extension in + the certificate. + items: + type: string + type: array + authorityKeyId: + description: Identifies the subject_key_id of the parent certificate, + per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit + SHA-1 hash of the public key. + type: string + type: object + certFingerprint: + description: The hash of the x.509 certificate. + properties: + sha256Hash: + description: The SHA 256 hash, encoded in hexadecimal, of + the DER x509 certificate. + type: string + type: object + crlDistributionPoints: + description: Describes a list of locations to obtain CRL information, + i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 + items: + type: string + type: array + publicKey: + description: The public key that corresponds to an issued certificate. + properties: + format: + description: 'Required. The format of the public key. Possible + values: PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + subjectDescription: + description: Describes some of the values in a certificate that + are related to the subject and lifetime. + properties: + hexSerialNumber: + description: The serial number encoded in lowercase hexadecimal. + type: string + lifetime: + description: For convenience, the actual lifetime of an + issued certificate. + type: string + notAfterTime: + description: The time after which the certificate is expired. + Per RFC 5280, the validity period for a certificate is + the period of time from not_before_time through not_after_time, + inclusive. Corresponds to 'not_before_time' + 'lifetime' + - 1 second. + format: date-time + type: string + notBeforeTime: + description: The time at which the certificate becomes valid. + format: date-time + type: string + subject: + description: Contains distinguished name fields such as + the common name, location and organization. + properties: + commonName: + description: The "common name" of the subject. + type: string + countryCode: + description: The country code of the subject. + type: string + locality: + description: The locality or city of the subject. + type: string + organization: + description: The organization of the subject. + type: string + organizationalUnit: + description: The organizational_unit of the subject. + type: string + postalCode: + description: The postal code of the subject. + type: string + province: + description: The province, territory, or regional state + of the subject. + type: string + streetAddress: + description: The street address of the subject. + type: string + type: object + subjectAltName: + description: The subject alternative name fields. + properties: + customSans: + description: Contains additional subject alternative + name values. + items: + properties: + critical: + description: Optional. Indicates whether or not + this extension is critical (i.e., if the client + does not know how to handle this extension, + the client should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Required. The parts of an OID + path. The most significant parts of the + path come first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 + extension. + type: string + type: object + type: array + dnsNames: + description: Contains only valid, fully-qualified host + names. + items: + type: string + type: array + emailAddresses: + description: Contains only valid RFC 2822 E-mail addresses. + items: + type: string + type: array + ipAddresses: + description: Contains only valid 32-bit IPv4 addresses + or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + type: object + subjectKeyId: + description: Provides a means of identifiying certificates that + contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit + SHA-1 hash of the public key. + type: string + type: object + x509Description: + description: Describes some of the technical X.509 fields in + a certificate. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does + not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the + "Authority Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value + describes the depth of subordinate CA certificates + that are allowed. If this value is less than 0, the + request will fail. If this value is missing, the max + path length will be omitted from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + config: + properties: + publicKey: + description: Optional. The public key that corresponds to this + config. This is, for example, used when issuing Certificates, + but not when creating a self-signed CertificateAuthority or + CertificateAuthority CSR. + properties: + format: + description: 'Required. The format of the public key. Possible + values: PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + x509Config: + properties: + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + type: object + type: object + createTime: + description: Output only. The time at which this CertificateAuthority + was created. + format: date-time + type: string + deleteTime: + description: Output only. The time at which this CertificateAuthority + was soft deleted, if it is in the DELETED state. + format: date-time + type: string + expireTime: + description: Output only. The time at which this CertificateAuthority + will be permanently purged, if it is in the DELETED state. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pemCaCertificates: + description: Output only. This CertificateAuthority's certificate + chain, including the current CertificateAuthority's certificate. + Ordered such that the root issuer is the final element (consistent + with RFC 5246). For a self-signed CA, this will only list the current + CertificateAuthority's certificate. + items: + type: string + type: array + state: + description: 'Output only. The State for this CertificateAuthority. + Possible values: ENABLED, DISABLED, STAGED, AWAITING_USER_ACTIVATION, + DELETED' + type: string + subordinateConfig: + description: Optional. If this is a subordinate CertificateAuthority, + this field will be set with the subordinate configuration, which + describes its issuers. This may be updated, but this CertificateAuthority + must continue to validate. + properties: + certificateAuthority: + description: Required. This can refer to a CertificateAuthority + in the same project that was used to create a subordinate CertificateAuthority. + This field is used for information and usability purposes only. + The resource name is in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. + type: string + pemIssuerChain: + description: Required. Contains the PEM certificate chain for + the issuers of this CertificateAuthority, but not pem certificate + for this CA itself. + properties: + pemCertificates: + description: Required. Expected to be in leaf-to-root order + according to RFC 5246. + items: + type: string + type: array + type: object + type: object + tier: + description: 'Output only. The CaPool.Tier of the CaPool that includes + this CertificateAuthority. Possible values: ENTERPRISE, DEVOPS' + type: string + updateTime: + description: Output only. The time at which this CertificateAuthority + was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificates.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificate + plural: privatecacertificates + shortNames: + - gcpprivatecacertificate + - gcpprivatecacertificates + singular: privatecacertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + caPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The ca_pool for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateAuthorityRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The certificate authority for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACertificateAuthority` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}/certificateAuthorities/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateTemplateRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format `projects/*/locations/*/certificateTemplates/*`. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate. + + Allowed value: The `selfLink` field of a `PrivateCACertificateTemplate` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + config: + description: Immutable. Immutable. A description of the certificate + and key that does not require X.509 or ASN.1. + properties: + publicKey: + description: Immutable. Optional. The public key that corresponds + to this config. This is, for example, used when issuing Certificates, + but not when creating a self-signed CertificateAuthority or + CertificateAuthority CSR. + properties: + format: + description: 'Immutable. Required. The format of the public + key. Possible values: KEY_FORMAT_UNSPECIFIED, PEM' + type: string + key: + description: Immutable. Required. A public key. The padding + and encoding must match with the `KeyFormat` value specified + for the `format` field. + type: string + required: + - format + - key + type: object + subjectConfig: + description: Immutable. Required. Specifies some of the values + in a certificate that are related to the subject. + properties: + subject: + description: Immutable. Required. Contains distinguished name + fields such as the common name, location and organization. + properties: + commonName: + description: Immutable. The "common name" of the subject. + type: string + countryCode: + description: Immutable. The country code of the subject. + type: string + locality: + description: Immutable. The locality or city of the subject. + type: string + organization: + description: Immutable. The organization of the subject. + type: string + organizationalUnit: + description: Immutable. The organizational_unit of the + subject. + type: string + postalCode: + description: Immutable. The postal code of the subject. + type: string + province: + description: Immutable. The province, territory, or regional + state of the subject. + type: string + streetAddress: + description: Immutable. The street address of the subject. + type: string + type: object + subjectAltName: + description: Immutable. Optional. The subject alternative + name fields. + properties: + dnsNames: + description: Immutable. Contains only valid, fully-qualified + host names. + items: + type: string + type: array + emailAddresses: + description: Immutable. Contains only valid RFC 2822 E-mail + addresses. + items: + type: string + type: array + ipAddresses: + description: Immutable. Contains only valid 32-bit IPv4 + addresses or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Immutable. Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + required: + - subject + type: object + x509Config: + description: Immutable. Required. Describes how some of the technical + X.509 fields in a certificate should be populated. + properties: + additionalExtensions: + description: Immutable. Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the client + does not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Immutable. Optional. Describes Online Certificate + Status Protocol (OCSP) endpoint addresses that appear in + the "Authority Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Immutable. Optional. Describes options in this + X509Parameters that are relevant in a CA certificate. + properties: + isCa: + description: Immutable. Optional. When true, the "CA" + in Basic Constraints extension will be set to true. + type: boolean + maxIssuerPathLength: + description: Immutable. Optional. Refers to the "path + length constraint" in Basic Constraints extension. For + a CA certificate, this value describes the depth of + subordinate CA certificates that are allowed. If this + value is less than 0, the request will fail. + format: int64 + type: integer + nonCa: + description: Immutable. Optional. When true, the "CA" + in Basic Constraints extension will be set to false. + If both `is_ca` and `non_ca` are unset, the extension + will be omitted from the CA certificate. + type: boolean + zeroMaxIssuerPathLength: + description: Immutable. Optional. When true, the "path + length constraint" in Basic Constraints extension will + be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length + are unset, the max path length will be omitted from + the CA certificate. + type: boolean + type: object + keyUsage: + description: Immutable. Optional. Indicates the intended use + for keys that correspond to a certificate. + properties: + baseKeyUsage: + description: Immutable. Describes high-level ways in which + a key may be used. + properties: + certSign: + description: Immutable. The key may be used to sign + certificates. + type: boolean + contentCommitment: + description: Immutable. The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: Immutable. The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: Immutable. The key may be used to encipher + data. + type: boolean + decipherOnly: + description: Immutable. The key may be used to decipher + only. + type: boolean + digitalSignature: + description: Immutable. The key may be used for digital + signatures. + type: boolean + encipherOnly: + description: Immutable. The key may be used to encipher + only. + type: boolean + keyAgreement: + description: Immutable. The key may be used in a key + agreement protocol. + type: boolean + keyEncipherment: + description: Immutable. The key may be used to encipher + other keys. + type: boolean + type: object + extendedKeyUsage: + description: Immutable. Detailed scenarios in which a + key may be used. + properties: + clientAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Immutable. Used to describe extended key + usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Immutable. Optional. Describes the X.509 certificate + policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an OID + path. The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + required: + - subjectConfig + - x509Config + type: object + lifetime: + description: Immutable. Required. Immutable. The desired lifetime + of a certificate. Used to create the "not_before_time" and "not_after_time" + fields inside an X.509 certificate. Note that the lifetime may be + truncated if it would extend past the life of any certificate authority + in the issuing chain. + type: string + location: + description: Immutable. The location for the resource + type: string + pemCsr: + description: Immutable. Immutable. A pem-encoded X.509 certificate + signing request (CSR). + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subjectMode: + description: 'Immutable. Immutable. Specifies how the Certificate''s + identity fields are to be decided. If this is omitted, the `DEFAULT` + subject mode will be used. Possible values: SUBJECT_REQUEST_MODE_UNSPECIFIED, + DEFAULT, REFLECTED_SPIFFE' + type: string + required: + - caPoolRef + - lifetime + - location + - projectRef + type: object + status: + properties: + certificateDescription: + description: Output only. A structured description of the issued X.509 + certificate. + properties: + aiaIssuingCertificateUrls: + description: Describes lists of issuer CA certificate URLs that + appear in the "Authority Information Access" extension in the + certificate. + items: + type: string + type: array + authorityKeyId: + description: Identifies the subject_key_id of the parent certificate, + per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit SHA-1 + hash of the public key. + type: string + type: object + certFingerprint: + description: The hash of the x.509 certificate. + properties: + sha256Hash: + description: The SHA 256 hash, encoded in hexadecimal, of + the DER x509 certificate. + type: string + type: object + crlDistributionPoints: + description: Describes a list of locations to obtain CRL information, + i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 + items: + type: string + type: array + publicKey: + description: The public key that corresponds to an issued certificate. + properties: + format: + description: 'Required. The format of the public key. Possible + values: KEY_FORMAT_UNSPECIFIED, PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + subjectDescription: + description: Describes some of the values in a certificate that + are related to the subject and lifetime. + properties: + hexSerialNumber: + description: The serial number encoded in lowercase hexadecimal. + type: string + lifetime: + description: For convenience, the actual lifetime of an issued + certificate. + type: string + notAfterTime: + description: The time after which the certificate is expired. + Per RFC 5280, the validity period for a certificate is the + period of time from not_before_time through not_after_time, + inclusive. Corresponds to 'not_before_time' + 'lifetime' + - 1 second. + format: date-time + type: string + notBeforeTime: + description: The time at which the certificate becomes valid. + format: date-time + type: string + subject: + description: Contains distinguished name fields such as the + common name, location and / organization. + properties: + commonName: + description: The "common name" of the subject. + type: string + countryCode: + description: The country code of the subject. + type: string + locality: + description: The locality or city of the subject. + type: string + organization: + description: The organization of the subject. + type: string + organizationalUnit: + description: The organizational_unit of the subject. + type: string + postalCode: + description: The postal code of the subject. + type: string + province: + description: The province, territory, or regional state + of the subject. + type: string + streetAddress: + description: The street address of the subject. + type: string + type: object + subjectAltName: + description: The subject alternative name fields. + properties: + customSans: + description: Contains additional subject alternative name + values. + items: + properties: + critical: + description: Optional. Indicates whether or not + this extension is critical (i.e., if the client + does not know how to handle this extension, the + client should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + dnsNames: + description: Contains only valid, fully-qualified host + names. + items: + type: string + type: array + emailAddresses: + description: Contains only valid RFC 2822 E-mail addresses. + items: + type: string + type: array + ipAddresses: + description: Contains only valid 32-bit IPv4 addresses + or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + type: object + subjectKeyId: + description: Provides a means of identifiying certificates that + contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit SHA-1 + hash of the public key. + type: string + type: object + x509Description: + description: Describes some of the technical X.509 fields in a + certificate. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does not + know how to handle this extension, the client should + consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. + If this value is missing, the max path length will be + omitted from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time at which this Certificate was created. + format: date-time + type: string + issuerCertificateAuthority: + description: Output only. The resource name of the issuing CertificateAuthority + in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pemCertificate: + description: Output only. The pem-encoded, signed X.509 certificate. + type: string + pemCertificateChain: + description: Output only. The chain that may be used to verify the + X.509 certificate. Expected to be in issuer-to-root order according + to RFC 5246. + items: + type: string + type: array + revocationDetails: + description: Output only. Details regarding the revocation of this + Certificate. This Certificate is considered revoked if and only + if this field is present. + properties: + revocationState: + description: 'Indicates why a Certificate was revoked. Possible + values: REVOCATION_REASON_UNSPECIFIED, KEY_COMPROMISE, CERTIFICATE_AUTHORITY_COMPROMISE, + AFFILIATION_CHANGED, SUPERSEDED, CESSATION_OF_OPERATION, CERTIFICATE_HOLD, + PRIVILEGE_WITHDRAWN, ATTRIBUTE_AUTHORITY_COMPROMISE' + type: string + revocationTime: + description: The time at which this Certificate was revoked. + format: date-time + type: string + type: object + updateTime: + description: Output only. The time at which this Certificate was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificatetemplates.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificateTemplate + plural: privatecacertificatetemplates + shortNames: + - gcpprivatecacertificatetemplate + - gcpprivatecacertificatetemplates + singular: privatecacertificatetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A human-readable description of scenarios this + template is intended for. + type: string + identityConstraints: + description: Optional. Describes constraints on identities that may + be appear in Certificates issued using this template. If this is + omitted, then this template will not add restrictions on a certificate's + identity. + properties: + allowSubjectAltNamesPassthrough: + description: Required. If this is true, the SubjectAltNames extension + may be copied from a certificate request into the signed certificate. + Otherwise, the requested SubjectAltNames will be discarded. + type: boolean + allowSubjectPassthrough: + description: Required. If this is true, the Subject field may + be copied from a certificate request into the signed certificate. + Otherwise, the requested Subject will be discarded. + type: boolean + celExpression: + description: Optional. A CEL expression that may be used to validate + the resolved X.509 Subject and/or Subject Alternative Name before + a certificate is signed. To see the full allowed syntax and + some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel + properties: + description: + description: Optional. Description of the expression. This + is a longer text which describes the expression, e.g. when + hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: Optional. String indicating the location of the + expression for error reporting, e.g. a file name and a position + in the file. + type: string + title: + description: Optional. Title for the expression, i.e. a short + string describing its purpose. This can be used e.g. in + UIs which allow to enter the expression. + type: string + type: object + required: + - allowSubjectAltNamesPassthrough + - allowSubjectPassthrough + type: object + location: + description: Immutable. The location for the resource + type: string + passthroughExtensions: + description: Optional. Describes the set of X.509 extensions that + may appear in a Certificate issued using this CertificateTemplate. + If a certificate request sets extensions that don't appear in the + passthrough_extensions, those extensions will be dropped. If the + issuing CaPool's IssuancePolicy defines baseline_values that don't + appear here, the certificate issuance request will fail. If this + is omitted, then this template will not add restrictions on a certificate's + X.509 extensions. These constraints do not apply to X.509 extensions + set in this CertificateTemplate's predefined_values. + properties: + additionalExtensions: + description: Optional. A set of ObjectIds identifying custom X.509 + extensions. Will be combined with known_extensions to determine + the full set of X.509 extensions. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The most + significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + knownExtensions: + description: Optional. A set of named X.509 extensions. Will be + combined with additional_extensions to determine the full set + of X.509 extensions. + items: + type: string + type: array + type: object + predefinedValues: + description: Optional. A set of X.509 values that will be applied + to all issued certificates that use this template. If the certificate + request includes conflicting values for the same properties, they + will be overwritten by the values defined here. If the issuing CaPool's + IssuancePolicy defines conflicting baseline_values for the same + properties, the certificate issuance request will fail. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this extension + is critical (i.e., if the client does not know how to + handle this extension, the client should consider this + to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Required. The value of this X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status Protocol + (OCSP) endpoint addresses that appear in the "Authority Information + Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, the + extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. If + this value is missing, the max path length will be omitted + from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys that + correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key may + be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic commitments. + Note that this may also be referred to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate revocation + lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially + described as "TLS WWW client authentication", though + regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially + described as "Signing of downloadable executable code + client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially + described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially + described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially + described as "TLS WWW server authentication", though + regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially + described as "Binding the hash of an object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that are + not listed in the KeyUsage.ExtendedKeyUsageOptions message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The most + significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time at which this CertificateTemplate + was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The time at which this CertificateTemplate + was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: privilegedaccessmanagerentitlements.privilegedaccessmanager.cnrm.cloud.google.com +spec: + group: privilegedaccessmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivilegedAccessManagerEntitlement + listKind: PrivilegedAccessManagerEntitlementList + plural: privilegedaccessmanagerentitlements + singular: privilegedaccessmanagerentitlement + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: PrivilegedAccessManagerEntitlement is the Schema for the PrivilegedAccessManagerEntitlement + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PrivilegedAccessManagerEntitlementSpec defines the desired + state of PrivilegedAccessManagerEntitlement. + properties: + additionalNotificationTargets: + description: Optional. Additional email addresses to be notified based + on actions taken. + properties: + adminEmailRecipients: + description: Optional. Additional email addresses to be notified + when a principal (requester) is granted access. + items: + type: string + type: array + requesterEmailRecipients: + description: Optional. Additional email address to be notified + about an eligible entitlement. + items: + type: string + type: array + type: object + approvalWorkflow: + description: Optional. The approvals needed before access are granted + to a requester. No approvals are needed if this field is null. + properties: + manualApprovals: + description: An approval workflow where users designated as approvers + review and act on the grants. + properties: + requireApproverJustification: + description: Optional. Whether the approvers need to provide + a justification for their actions. + type: boolean + steps: + description: Optional. List of approval steps in this workflow. + These steps are followed in the specified order sequentially. + Only 1 step is supported. + items: + description: Step represents a logical step in a manual + approval workflow. + properties: + approvalsNeeded: + description: Required. How many users from the above + list need to approve. If there aren't enough distinct + users in the list, then the workflow indefinitely + blocks. Should always be greater than 0. 1 is the + only supported value. + format: int32 + type: integer + approverEmailRecipients: + description: Optional. Additional email addresses to + be notified when a grant is pending approval. + items: + type: string + type: array + approvers: + description: Optional. The potential set of approvers + in this step. This list must contain at most one entry. + items: + description: AccessControlEntry is used to control + who can do some operation. + properties: + principals: + description: 'Optional. Users who are allowed + for the operation. Each entry should be a valid + v1 IAM principal identifier. The format for + these is documented at: https://cloud.google.com/iam/docs/principal-identifiers#v1' + items: + type: string + type: array + required: + - principals + type: object + type: array + required: + - approvalsNeeded + type: object + type: array + type: object + required: + - manualApprovals + type: object + eligibleUsers: + description: Who can create grants using this entitlement. This list + should contain at most one entry. + items: + description: AccessControlEntry is used to control who can do some + operation. + properties: + principals: + description: 'Optional. Users who are allowed for the operation. + Each entry should be a valid v1 IAM principal identifier. + The format for these is documented at: https://cloud.google.com/iam/docs/principal-identifiers#v1' + items: + type: string + type: array + required: + - principals + type: object + type: array + folderRef: + description: Immutable. The Folder that this resource belongs to. + One and only one of 'projectRef', 'folderRef', or 'organizationRef' + must be set. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The 'name' field of a folder, when not managed by + Config Connector. This field must be set when 'name' field is + not set. + type: string + name: + description: The 'name' field of a 'Folder' resource. This field + must be set when 'external' field is not set. + type: string + namespace: + description: The 'namespace' field of a 'Folder' resource. If + unset, the namespace is defaulted to the namespace of the referencer + resource. + type: string + type: object + location: + description: Immutable. Location of the resource. + type: string + maxRequestDuration: + description: Required. The maximum amount of time that access is granted + for a request. A requester can ask for a duration less than this, + but never more. + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. One and only one of 'projectRef', 'folderRef', or 'organizationRef' + must be set. + properties: + external: + description: The 'name' field of an organization, when not managed + by Config Connector. + type: string + required: + - external + type: object + privilegedAccess: + description: The access granted to a requester on successful approval. + properties: + gcpIAMAccess: + description: Access to a Google Cloud resource through IAM. + properties: + roleBindings: + description: Required. Role bindings that are created on successful + grant. + items: + description: RoleBinding represents IAM role bindings that + are created after a successful grant. + properties: + conditionExpression: + description: |- + Optional. The expression field of the IAM condition to be associated + with the role. If specified, a user with an active grant for this + entitlement is able to access the resource only if this condition + evaluates to true for their request. + + This field uses the same CEL format as IAM and supports all attributes + that IAM supports, except tags. More details can be found at + https://cloud.google.com/iam/docs/conditions-overview#attributes. + type: string + role: + description: Required. IAM role to be granted. More + details can be found at https://cloud.google.com/iam/docs/roles-overview. + type: string + required: + - role + type: object + type: array + required: + - roleBindings + type: object + required: + - gcpIAMAccess + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + One and only one of 'projectRef', 'folderRef', or 'organizationRef' + must be set. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + requesterJustificationConfig: + description: Required. The manner in which the requester should provide + a justification for requesting access. + properties: + notMandatory: + description: NotMandatory justification type means the justification + isn't required and can be provided in any of the supported formats. + The user must explicitly opt out using this field if a justification + from the requester isn't mandatory. The only accepted value + is `{}` (empty struct). Either 'notMandatory' or 'unstructured' + field must be set. + type: object + x-kubernetes-preserve-unknown-fields: true + unstructured: + description: Unstructured justification type means the justification + is in the format of a string. If this is set, the server allows + the requester to provide a justification but doesn't validate + it. The only accepted value is `{}` (empty struct). Either 'notMandatory' + or 'unstructured' field must be set. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + resourceID: + description: Immutable. The PrivilegedAccessManagerEntitlement name. + If not given, the 'metadata.name' will be used. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + required: + - eligibleUsers + - location + - maxRequestDuration + - privilegedAccess + - requesterJustificationConfig + type: object + status: + description: PrivilegedAccessManagerEntitlementStatus defines the config + connector machine state of PrivilegedAccessManagerEntitlement. + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the PrivilegedAccessManagerEntitlement + resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to 'metadata.generation', then that means that + the current reported status reflects the most recent desired state + of the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + createTime: + description: Output only. Create time stamp. + type: string + etag: + description: An 'etag' is used for optimistic concurrency control + as a way to prevent simultaneous updates to the same entitlement. + An 'etag' is returned in the response to 'GetEntitlement' and + the caller should put the 'etag' in the request to 'UpdateEntitlement' + so that their change is applied on the same version. If this + field is omitted or if there is a mismatch while updating an + entitlement, then the server rejects the request. + type: string + state: + description: Output only. Current state of this entitlement. + type: string + updateTime: + description: Output only. Update time stamp. + type: string + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: PrivilegedAccessManagerEntitlement is the Schema for the PrivilegedAccessManagerEntitlement + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PrivilegedAccessManagerEntitlementSpec defines the desired + state of PrivilegedAccessManagerEntitlement. + properties: + additionalNotificationTargets: + description: Optional. Additional email addresses to be notified based + on actions taken. + properties: + adminEmailRecipients: + description: Optional. Additional email addresses to be notified + when a principal (requester) is granted access. + items: + type: string + type: array + requesterEmailRecipients: + description: Optional. Additional email address to be notified + about an eligible entitlement. + items: + type: string + type: array + type: object + approvalWorkflow: + description: Optional. The approvals needed before access are granted + to a requester. No approvals are needed if this field is null. + properties: + manualApprovals: + description: An approval workflow where users designated as approvers + review and act on the grants. + properties: + requireApproverJustification: + description: Optional. Whether the approvers need to provide + a justification for their actions. + type: boolean + steps: + description: Optional. List of approval steps in this workflow. + These steps are followed in the specified order sequentially. + Only 1 step is supported. + items: + description: Step represents a logical step in a manual + approval workflow. + properties: + approvalsNeeded: + description: Required. How many users from the above + list need to approve. If there aren't enough distinct + users in the list, then the workflow indefinitely + blocks. Should always be greater than 0. 1 is the + only supported value. + format: int32 + type: integer + approverEmailRecipients: + description: Optional. Additional email addresses to + be notified when a grant is pending approval. + items: + type: string + type: array + approvers: + description: Optional. The potential set of approvers + in this step. This list must contain at most one entry. + items: + description: AccessControlEntry is used to control + who can do some operation. + properties: + principals: + description: 'Optional. Users who are allowed + for the operation. Each entry should be a valid + v1 IAM principal identifier. The format for + these is documented at: https://cloud.google.com/iam/docs/principal-identifiers#v1' + items: + type: string + type: array + required: + - principals + type: object + type: array + required: + - approvalsNeeded + type: object + type: array + type: object + required: + - manualApprovals + type: object + eligibleUsers: + description: Who can create grants using this entitlement. This list + should contain at most one entry. + items: + description: AccessControlEntry is used to control who can do some + operation. + properties: + principals: + description: 'Optional. Users who are allowed for the operation. + Each entry should be a valid v1 IAM principal identifier. + The format for these is documented at: https://cloud.google.com/iam/docs/principal-identifiers#v1' + items: + type: string + type: array + required: + - principals + type: object + type: array + folderRef: + description: Immutable. The Folder that this resource belongs to. + One and only one of 'projectRef', 'folderRef', or 'organizationRef' + must be set. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The 'name' field of a folder, when not managed by + Config Connector. This field must be set when 'name' field is + not set. + type: string + name: + description: The 'name' field of a 'Folder' resource. This field + must be set when 'external' field is not set. + type: string + namespace: + description: The 'namespace' field of a 'Folder' resource. If + unset, the namespace is defaulted to the namespace of the referencer + resource. + type: string + type: object + location: + description: Immutable. Location of the resource. + type: string + maxRequestDuration: + description: Required. The maximum amount of time that access is granted + for a request. A requester can ask for a duration less than this, + but never more. + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. One and only one of 'projectRef', 'folderRef', or 'organizationRef' + must be set. + properties: + external: + description: The 'name' field of an organization, when not managed + by Config Connector. + type: string + required: + - external + type: object + privilegedAccess: + description: The access granted to a requester on successful approval. + properties: + gcpIAMAccess: + description: Access to a Google Cloud resource through IAM. + properties: + roleBindings: + description: Required. Role bindings that are created on successful + grant. + items: + description: RoleBinding represents IAM role bindings that + are created after a successful grant. + properties: + conditionExpression: + description: |- + Optional. The expression field of the IAM condition to be associated + with the role. If specified, a user with an active grant for this + entitlement is able to access the resource only if this condition + evaluates to true for their request. + + This field uses the same CEL format as IAM and supports all attributes + that IAM supports, except tags. More details can be found at + https://cloud.google.com/iam/docs/conditions-overview#attributes. + type: string + role: + description: Required. IAM role to be granted. More + details can be found at https://cloud.google.com/iam/docs/roles-overview. + type: string + required: + - role + type: object + type: array + required: + - roleBindings + type: object + required: + - gcpIAMAccess + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + One and only one of 'projectRef', 'folderRef', or 'organizationRef' + must be set. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + requesterJustificationConfig: + description: Required. The manner in which the requester should provide + a justification for requesting access. + properties: + notMandatory: + description: NotMandatory justification type means the justification + isn't required and can be provided in any of the supported formats. + The user must explicitly opt out using this field if a justification + from the requester isn't mandatory. The only accepted value + is `{}` (empty struct). Either 'notMandatory' or 'unstructured' + field must be set. + type: object + x-kubernetes-preserve-unknown-fields: true + unstructured: + description: Unstructured justification type means the justification + is in the format of a string. If this is set, the server allows + the requester to provide a justification but doesn't validate + it. The only accepted value is `{}` (empty struct). Either 'notMandatory' + or 'unstructured' field must be set. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + resourceID: + description: Immutable. The PrivilegedAccessManagerEntitlement name. + If not given, the 'metadata.name' will be used. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + required: + - eligibleUsers + - location + - maxRequestDuration + - privilegedAccess + - requesterJustificationConfig + type: object + status: + description: PrivilegedAccessManagerEntitlementStatus defines the config + connector machine state of PrivilegedAccessManagerEntitlement. + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the PrivilegedAccessManagerEntitlement + resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to 'metadata.generation', then that means that + the current reported status reflects the most recent desired state + of the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + createTime: + description: Output only. Create time stamp. + type: string + etag: + description: An 'etag' is used for optimistic concurrency control + as a way to prevent simultaneous updates to the same entitlement. + An 'etag' is returned in the response to 'GetEntitlement' and + the caller should put the 'etag' in the request to 'UpdateEntitlement' + so that their change is applied on the same version. If this + field is omitted or if there is a mismatch while updating an + entitlement, then the server rejects the request. + type: string + state: + description: Output only. Current state of this entitlement. + type: string + updateTime: + description: Output only. Update time stamp. + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: projects.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: Project + plural: projects + shortNames: + - gcpproject + - gcpprojects + singular: project + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef + - not: + anyOf: + - required: + - folderRef + - required: + - organizationRef + properties: + billingAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BillingAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + folderRef: + description: |- + The folder that this resource belongs to. Changing this forces the + resource to be migrated to the newly specified folder. Only one of + folderRef or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `folderId` field of a `Folder` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: The display name of the project. + type: string + organizationRef: + description: |- + The organization that this resource belongs to. Changing this + forces the resource to be migrated to the newly specified + organization. Only one of folderRef or organizationRef may be + specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The projectId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - name + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + number: + description: The numeric identifier of the project. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsublitereservations.pubsublite.cnrm.cloud.google.com +spec: + group: pubsublite.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubLiteReservation + plural: pubsublitereservations + shortNames: + - gcppubsublitereservation + - gcppubsublitereservations + singular: pubsublitereservation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: The region of the pubsub lite reservation. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + throughputCapacity: + description: |- + The reserved throughput capacity. Every unit of throughput capacity is + equivalent to 1 MiB/s of published messages or 2 MiB/s of subscribed + messages. + type: integer + required: + - projectRef + - region + - throughputCapacity + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsublitesubscriptions.pubsublite.cnrm.cloud.google.com +spec: + group: pubsublite.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubLiteSubscription + plural: pubsublitesubscriptions + shortNames: + - gcppubsublitesubscription + - gcppubsublitesubscriptions + singular: pubsublitesubscription + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deliveryConfig: + description: The settings for this subscription's message delivery. + properties: + deliveryRequirement: + description: 'When this subscription should send messages to subscribers + relative to messages persistence in storage. Possible values: + ["DELIVER_IMMEDIATELY", "DELIVER_AFTER_STORED", "DELIVERY_REQUIREMENT_UNSPECIFIED"].' + type: string + required: + - deliveryRequirement + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: The region of the pubsub lite topic. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + topic: + description: Immutable. A reference to a Topic resource. + type: string + zone: + description: The zone of the pubsub lite topic. + type: string + required: + - projectRef + - topic + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsublitetopics.pubsublite.cnrm.cloud.google.com +spec: + group: pubsublite.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubLiteTopic + plural: pubsublitetopics + shortNames: + - gcppubsublitetopic + - gcppubsublitetopics + singular: pubsublitetopic + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + partitionConfig: + description: The settings for this topic's partitions. + properties: + capacity: + description: The capacity configuration. + properties: + publishMibPerSec: + description: Subscribe throughput capacity per partition in + MiB/s. Must be >= 4 and <= 16. + type: integer + subscribeMibPerSec: + description: Publish throughput capacity per partition in + MiB/s. Must be >= 4 and <= 16. + type: integer + required: + - publishMibPerSec + - subscribeMibPerSec + type: object + count: + description: The number of partitions in the topic. Must be at + least 1. + type: integer + required: + - count + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: The region of the pubsub lite topic. + type: string + reservationConfig: + description: The settings for this topic's Reservation usage. + properties: + throughputReservation: + description: The Reservation to use for this topic's throughput + capacity. + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retentionConfig: + description: The settings for a topic's message retention. + properties: + perPartitionBytes: + description: |- + The provisioned storage, in bytes, per partition. If the number of bytes stored + in any of the topic's partitions grows beyond this value, older messages will be + dropped to make room for newer ones, regardless of the value of period. + type: string + period: + description: |- + How long a published message is retained. If unset, messages will be retained as + long as the bytes retained for each partition is below perPartitionBytes. A + duration in seconds with up to nine fractional digits, terminated by 's'. + Example: "3.5s". + type: string + required: + - perPartitionBytes + type: object + zone: + description: The zone of the pubsub lite topic. + type: string + required: + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubschemas.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubSchema + plural: pubsubschemas + shortNames: + - gcppubsubschema + - gcppubsubschemas + singular: pubsubschema + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + definition: + description: |- + The definition of the schema. + This should contain a string representing the full definition of the schema + that is a valid schema definition of the type specified in type. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'The type of the schema definition Default value: "TYPE_UNSPECIFIED" + Possible values: ["TYPE_UNSPECIFIED", "PROTOCOL_BUFFER", "AVRO"].' + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubsubscriptions.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubSubscription + plural: pubsubsubscriptions + shortNames: + - gcppubsubsubscription + - gcppubsubsubscriptions + singular: pubsubsubscription + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + ackDeadlineSeconds: + description: |- + This value is the maximum time after a subscriber receives a message + before the subscriber should acknowledge the message. After message + delivery but before the ack deadline expires and before the message is + acknowledged, it is an outstanding message and will not be delivered + again during that time (on a best-effort basis). + + For pull subscriptions, this value is used as the initial value for + the ack deadline. To override this value for a given message, call + subscriptions.modifyAckDeadline with the corresponding ackId if using + pull. The minimum custom deadline you can specify is 10 seconds. The + maximum custom deadline you can specify is 600 seconds (10 minutes). + If this parameter is 0, a default value of 10 seconds is used. + + For push delivery, this value is also used to set the request timeout + for the call to the push endpoint. + + If the subscriber never acknowledges the message, the Pub/Sub system + will eventually redeliver the message. + type: integer + bigqueryConfig: + description: |- + If delivery to BigQuery is used with this subscription, this field is used to configure it. + Either pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined. + If all three are empty, then the subscriber will pull and ack messages using API methods. + properties: + dropUnknownFields: + description: |- + When true and useTopicSchema is true, any fields that are a part of the topic schema that are not part of the BigQuery table schema are dropped when writing to BigQuery. + Otherwise, the schemas must be kept in sync and any messages with extra fields are not written and remain in the subscription's backlog. + type: boolean + tableRef: + description: The name of the table to which to write data. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `{{project}}.{{dataset_id}}.{{value}}`, + where {{value}} is the `name` field of a `BigQueryTable` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + useTopicSchema: + description: When true, use the topic's schema as the columns + to write to in BigQuery, if it exists. + type: boolean + writeMetadata: + description: |- + When true, write the subscription name, messageId, publishTime, attributes, and orderingKey to additional columns in the table. + The subscription name, messageId, and publishTime fields are put in their own columns while all other message properties (other than data) are written to a JSON object in the attributes column. + type: boolean + required: + - tableRef + type: object + cloudStorageConfig: + description: |- + If delivery to Cloud Storage is used with this subscription, this field is used to configure it. + Either pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined. + If all three are empty, then the subscriber will pull and ack messages using API methods. + properties: + avroConfig: + description: If set, message data will be written to Cloud Storage + in Avro format. + properties: + writeMetadata: + description: When true, write the subscription name, messageId, + publishTime, attributes, and orderingKey as additional fields + in the output. + type: boolean + type: object + bucketRef: + description: User-provided name for the Cloud Storage bucket. + The bucket must be created by the user. The bucket name must + be without any prefix like "gs://". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + filenamePrefix: + description: User-provided prefix for Cloud Storage filename. + type: string + filenameSuffix: + description: User-provided suffix for Cloud Storage filename. + Must not end in "/". + type: string + maxBytes: + description: |- + The maximum bytes that can be written to a Cloud Storage file before a new file is created. Min 1 KB, max 10 GiB. + The maxBytes limit may be exceeded in cases where messages are larger than the limit. + type: integer + maxDuration: + description: |- + The maximum duration that can elapse before a new Cloud Storage file is created. Min 1 minute, max 10 minutes, default 5 minutes. + May not exceed the subscription's acknowledgement deadline. + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + type: string + state: + description: An output-only field that indicates whether or not + the subscription can receive messages. + type: string + required: + - bucketRef + type: object + deadLetterPolicy: + description: |- + A policy that specifies the conditions for dead lettering messages in + this subscription. If dead_letter_policy is not set, dead lettering + is disabled. + + The Cloud Pub/Sub service account associated with this subscription's + parent project (i.e., + service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have + permission to Acknowledge() messages on this subscription. + properties: + deadLetterTopicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + maxDeliveryAttempts: + description: |- + The maximum number of delivery attempts for any message. The value must be + between 5 and 100. + + The number of delivery attempts is defined as 1 + (the sum of number of + NACKs and number of times the acknowledgement deadline has been exceeded for the message). + + A NACK is any call to ModifyAckDeadline with a 0 deadline. Note that + client libraries may automatically extend ack_deadlines. + + This field will be honored on a best effort basis. + + If this parameter is 0, a default value of 5 is used. + type: integer + type: object + enableExactlyOnceDelivery: + description: |- + If 'true', Pub/Sub provides the following guarantees for the delivery + of a message with a given value of messageId on this Subscriptions': + + - The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires. + + - An acknowledged message will not be resent to a subscriber. + + Note that subscribers may still receive multiple copies of a message when 'enable_exactly_once_delivery' + is true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values. + type: boolean + enableMessageOrdering: + description: |- + Immutable. If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to + the subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they + may be delivered in any order. + type: boolean + expirationPolicy: + description: |- + A policy that specifies the conditions for this subscription's expiration. + A subscription is considered active as long as any connected subscriber + is successfully consuming messages from the subscription or is issuing + operations on the subscription. If expirationPolicy is not set, a default + policy with ttl of 31 days will be used. If it is set but ttl is "", the + resource never expires. The minimum allowed value for expirationPolicy.ttl + is 1 day. + properties: + ttl: + description: |- + Specifies the "time-to-live" duration for an associated resource. The + resource expires if it is not active for a period of ttl. + If ttl is set to "", the associated resource never expires. + A duration in seconds with up to nine fractional digits, terminated by 's'. + Example - "3.5s". + type: string + required: + - ttl + type: object + filter: + description: |- + Immutable. The subscription only delivers the messages that match the filter. + Pub/Sub automatically acknowledges the messages that don't match the filter. You can filter messages + by their attributes. The maximum length of a filter is 256 bytes. After creating the subscription, + you can't modify the filter. + type: string + messageRetentionDuration: + description: |- + How long to retain unacknowledged messages in the subscription's + backlog, from the moment a message is published. If + retain_acked_messages is true, then this also configures the retention + of acknowledged messages, and thus configures how far back in time a + subscriptions.seek can be done. Defaults to 7 days. Cannot be more + than 7 days ('"604800s"') or less than 10 minutes ('"600s"'). + + A duration in seconds with up to nine fractional digits, terminated + by 's'. Example: '"600.5s"'. + type: string + pushConfig: + description: |- + If push delivery is used with this subscription, this field is used to + configure it. An empty pushConfig signifies that the subscriber will + pull and ack messages using API methods. + properties: + attributes: + additionalProperties: + type: string + description: |- + Endpoint configuration attributes. + + Every endpoint has a set of API supported attributes that can + be used to control different aspects of the message delivery. + + The currently supported attribute is x-goog-version, which you + can use to change the format of the pushed message. This + attribute indicates the version of the data expected by + the endpoint. This controls the shape of the pushed message + (i.e., its fields and metadata). The endpoint version is + based on the version of the Pub/Sub API. + + If not present during the subscriptions.create call, + it will default to the version of the API used to make + such call. If not present during a subscriptions.modifyPushConfig + call, its value will not be changed. subscriptions.get + calls will always return a valid version, even if the + subscription was created without this attribute. + + The possible values for this attribute are: + + - v1beta1: uses the push format defined in the v1beta1 Pub/Sub API. + - v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API. + type: object + noWrapper: + description: |- + When set, the payload to the push endpoint is not wrapped.Sets the + 'data' field as the HTTP body for delivery. + properties: + writeMetadata: + description: |- + When true, writes the Pub/Sub message metadata to + 'x-goog-pubsub-:' headers of the HTTP request. Writes the + Pub/Sub message attributes to ':' headers of the HTTP request. + type: boolean + required: + - writeMetadata + type: object + oidcToken: + description: |- + If specified, Pub/Sub will generate and attach an OIDC JWT token as + an Authorization header in the HTTP request for every pushed message. + properties: + audience: + description: |- + Audience to be used when generating OIDC token. The audience claim + identifies the recipients that the JWT is intended for. The audience + value is a single case-sensitive string. Having multiple values (array) + for the audience field is not supported. More info about the OIDC JWT + token audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3 + Note: if not specified, the Push endpoint URL will be used. + type: string + serviceAccountEmail: + description: |- + Service account email to be used for generating the OIDC token. + The caller (for subscriptions.create, subscriptions.patch, and + subscriptions.modifyPushConfig RPCs) must have the + iam.serviceAccounts.actAs permission for the service account. + type: string + required: + - serviceAccountEmail + type: object + pushEndpoint: + description: |- + A URL locating the endpoint to which messages should be pushed. + For example, a Webhook endpoint might use + "https://example.com/push". + type: string + required: + - pushEndpoint + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retainAckedMessages: + description: |- + Indicates whether to retain acknowledged messages. If 'true', then + messages are not expunged from the subscription's backlog, even if + they are acknowledged, until they fall out of the + messageRetentionDuration window. + type: boolean + retryPolicy: + description: |- + A policy that specifies how Pub/Sub retries message delivery for this subscription. + + If not set, the default retry policy is applied. This generally implies that messages will be retried as soon as possible for healthy subscribers. + RetryPolicy will be triggered on NACKs or acknowledgement deadline exceeded events for a given message. + properties: + maximumBackoff: + description: |- + The maximum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 600 seconds. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + minimumBackoff: + description: |- + The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + type: object + topicRef: + description: Reference to a PubSubTopic. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubtopics.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubTopic + plural: pubsubtopics + shortNames: + - gcppubsubtopic + - gcppubsubtopics + singular: pubsubtopic + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + kmsKeyRef: + description: |- + The KMSCryptoKey to be used to protect access to messages published + on this topic. Your project's Pub/Sub service account + ('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + messageRetentionDuration: + description: |- + Indicates the minimum duration to retain a message after it is published + to the topic. If this field is set, messages published to the topic in + the last messageRetentionDuration are always available to subscribers. + For instance, it allows any attached subscription to seek to a timestamp + that is up to messageRetentionDuration in the past. If this field is not + set, message retention is controlled by settings on individual subscriptions. + Cannot be more than 31 days or less than 10 minutes. + type: string + messageStoragePolicy: + description: |- + Policy constraining the set of Google Cloud Platform regions where + messages published to the topic may be stored. If not present, then no + constraints are in effect. + properties: + allowedPersistenceRegions: + description: |- + A list of IDs of GCP regions where messages that are published to + the topic may be persisted in storage. Messages published by + publishers running in non-allowed GCP regions (or running outside + of GCP altogether) will be routed for storage in one of the + allowed regions. An empty list means that no regions are allowed, + and is not a valid configuration. + items: + type: string + type: array + required: + - allowedPersistenceRegions + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + schemaSettings: + description: Settings for validating messages published against a + schema. + properties: + encoding: + description: 'The encoding of messages validated against schema. + Default value: "ENCODING_UNSPECIFIED" Possible values: ["ENCODING_UNSPECIFIED", + "JSON", "BINARY"].' + type: string + schemaRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/schemas/{{value}}`, + where {{value}} is the `name` field of a `PubSubSchema` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - schemaRef + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: recaptchaenterprisekeys.recaptchaenterprise.cnrm.cloud.google.com +spec: + group: recaptchaenterprise.cnrm.cloud.google.com + names: + categories: + - gcp + kind: RecaptchaEnterpriseKey + plural: recaptchaenterprisekeys + shortNames: + - gcprecaptchaenterprisekey + - gcprecaptchaenterprisekeys + singular: recaptchaenterprisekey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + androidSettings: + description: Settings for keys that can be used by Android apps. + properties: + allowAllPackageNames: + description: If set to true, it means allowed_package_names will + not be enforced. + type: boolean + allowedPackageNames: + description: 'Android package names of apps allowed to use the + key. Example: ''com.companyname.appname''' + items: + type: string + type: array + type: object + displayName: + description: Human-readable display name of this key. Modifiable by + user. + type: string + iosSettings: + description: Settings for keys that can be used by iOS apps. + properties: + allowAllBundleIds: + description: If set to true, it means allowed_bundle_ids will + not be enforced. + type: boolean + allowedBundleIds: + description: 'iOS bundle ids of apps allowed to use the key. Example: + ''com.companyname.productname.appname''' + items: + type: string + type: array + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + testingOptions: + description: Immutable. Options for user acceptance testing. + properties: + testingChallenge: + description: 'Immutable. For challenge-based keys only (CHECKBOX, + INVISIBLE), all challenge requests for this site will return + nocaptcha if NOCAPTCHA, or an unsolvable challenge if UNSOLVABLE_CHALLENGE. + Possible values: TESTING_CHALLENGE_UNSPECIFIED, NOCAPTCHA, UNSOLVABLE_CHALLENGE' + type: string + testingScore: + description: Immutable. All assessments for this Key will return + this score. Must be between 0 (likely not legitimate) and 1 + (likely legitimate) inclusive. + format: double + type: number + type: object + wafSettings: + description: Immutable. Settings specific to keys that can be used + for WAF (Web Application Firewall). + properties: + wafFeature: + description: 'Immutable. Supported WAF features. For more information, + see https://cloud.google.com/recaptcha-enterprise/docs/usecase#comparison_of_features. + Possible values: CHALLENGE_PAGE, SESSION_TOKEN, ACTION_TOKEN, + EXPRESS' + type: string + wafService: + description: 'Immutable. The WAF service that uses this key. Possible + values: CA, FASTLY' + type: string + required: + - wafFeature + - wafService + type: object + webSettings: + description: Settings for keys that can be used by websites. + properties: + allowAllDomains: + description: If set to true, it means allowed_domains will not + be enforced. + type: boolean + allowAmpTraffic: + description: If set to true, the key can be used on AMP (Accelerated + Mobile Pages) websites. This is supported only for the SCORE + integration type. + type: boolean + allowedDomains: + description: 'Domains or subdomains of websites allowed to use + the key. All subdomains of an allowed domain are automatically + allowed. A valid domain requires a host and must not include + any path, port, query or fragment. Examples: ''example.com'' + or ''subdomain.example.com''' + items: + type: string + type: array + challengeSecurityPreference: + description: 'Settings for the frequency and difficulty at which + this key triggers captcha challenges. This should only be specified + for IntegrationTypes CHECKBOX and INVISIBLE. Possible values: + CHALLENGE_SECURITY_PREFERENCE_UNSPECIFIED, USABILITY, BALANCE, + SECURITY' + type: string + integrationType: + description: 'Immutable. Required. Describes how this key is integrated + with the website. Possible values: SCORE, CHECKBOX, INVISIBLE' + type: string + required: + - integrationType + type: object + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp corresponding to the creation of this Key. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: beta + cnrm.cloud.google.com/system: "true" + name: redisclusters.redis.cnrm.cloud.google.com +spec: + group: redis.cnrm.cloud.google.com + names: + categories: + - gcp + kind: RedisCluster + listKind: RedisClusterList + plural: redisclusters + singular: rediscluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: RedisCluster is the Schema for the RedisCluster API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RedisClusterSpec defines the desired state of RedisCluster + properties: + authorizationMode: + description: Optional. The authorization mode of the Redis cluster. + If not provided, auth feature is disabled for the cluster. + type: string + deletionProtectionEnabled: + description: Optional. The delete operation will fail when the value + is set to true. + type: boolean + location: + description: Immutable. Location of the resource. + type: string + nodeType: + description: Optional. The type of a redis node in the cluster. NodeType + determines the underlying machine-type of a redis node. + type: string + persistenceConfig: + description: Optional. Persistence config (RDB, AOF) for the cluster. + properties: + aofConfig: + description: Optional. AOF configuration. This field will be ignored + if mode is not AOF. + properties: + appendFsync: + description: Optional. fsync configuration. + type: string + type: object + mode: + description: Optional. The mode of persistence. + type: string + rdbConfig: + description: Optional. RDB configuration. This field will be ignored + if mode is not RDB. + properties: + rdbSnapshotPeriod: + description: Optional. Period between RDB snapshots. + type: string + rdbSnapshotStartTime: + description: Optional. The time that the first snapshot was/will + be attempted, and to which future snapshots will be aligned. + If not provided, the current time will be used. + type: string + type: object + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + pscConfigs: + description: Required. Each PscConfig configures the consumer network + where IPs will be designated to the cluster for client access through + Private Service Connect Automation. Currently, only one PscConfig + is supported. + items: + properties: + networkRef: + description: Required. The network where the IP address of the + discovery endpoint will be reserved, in the form of projects/{network_project}/global/networks/{network_id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed Compute + Network resource. Should be in the format `projects//global/networks/`. + type: string + name: + description: The `name` field of a `ComputeNetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeNetwork` + resource. + type: string + type: object + required: + - networkRef + type: object + type: array + redisConfigs: + additionalProperties: + type: string + description: Optional. Key/Value pairs of customer overrides for mutable + Redis Configs + type: object + replicaCount: + description: Optional. The number of replica nodes per shard. + format: int32 + type: integer + resourceID: + description: The RedisCluster name. If not given, the metadata.name + will be used. + type: string + shardCount: + description: Required. Number of shards for the Redis cluster. + format: int32 + type: integer + transitEncryptionMode: + description: Optional. The in-transit encryption for the Redis cluster. + If not provided, encryption is disabled for the cluster. + type: string + zoneDistributionConfig: + description: Optional. This config will be used to determine how the + customer wants us to distribute cluster resources within the region. + properties: + mode: + description: Optional. The mode of zone distribution. Defaults + to MULTI_ZONE, when not specified. + type: string + zone: + description: Optional. When SINGLE ZONE distribution is selected, + zone field would be used to allocate all resources in that zone. + This is not applicable to MULTI_ZONE, and would be ignored for + MULTI_ZONE clusters. + type: string + type: object + required: + - location + - projectRef + type: object + status: + description: RedisClusterStatus defines the config connector machine state + of RedisCluster + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the RedisCluster resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + createTime: + description: Output only. The timestamp associated with the cluster + creation request. + type: string + discoveryEndpoints: + description: Output only. Endpoints created on each given network, + for Redis clients to connect to the cluster. Currently only + one discovery endpoint is supported. + items: + properties: + address: + description: Output only. Address of the exposed Redis endpoint + used by clients to connect to the service. The address + could be either IP or hostname. + type: string + port: + description: Output only. The port number of the exposed + Redis endpoint. + format: int32 + type: integer + pscConfig: + description: Output only. Customer configuration for where + the endpoint is created and accessed from. + properties: + network: + description: Required. The network where the IP address + of the discovery endpoint will be reserved, in the + form of projects/{network_project}/global/networks/{network_id}. + type: string + type: object + type: object + type: array + preciseSizeGb: + description: Output only. Precise value of redis memory size in + GB for the entire cluster. + type: number + pscConnections: + description: Output only. PSC connections for discovery of the + cluster topology and accessing the cluster. + items: + properties: + address: + description: Output only. The IP allocated on the consumer + network for the PSC forwarding rule. + type: string + forwardingRule: + description: 'Output only. The URI of the consumer side + forwarding rule. Example: projects/{projectNumOrId}/regions/us-east1/forwardingRules/{resourceId}.' + type: string + network: + description: The consumer network where the IP address resides, + in the form of projects/{project_id}/global/networks/{network_id}. + type: string + projectID: + description: Output only. The consumer project_id where + the forwarding rule is created from. + type: string + pscConnectionID: + description: Output only. The PSC connection id of the forwarding + rule connected to the service attachment. + type: string + type: object + type: array + sizeGb: + description: Output only. Redis memory size in GB for the entire + cluster rounded up to the next integer. + format: int32 + type: integer + state: + description: Output only. The current state of this cluster. Can + be CREATING, READY, UPDATING, DELETING and SUSPENDED + type: string + stateInfo: + description: Output only. Additional information about the current + state of the cluster. + properties: + updateInfo: + description: Describes ongoing update on the cluster when + cluster state is UPDATING. + properties: + targetReplicaCount: + description: Target number of replica nodes per shard. + format: int32 + type: integer + targetShardCount: + description: Target number of shards for redis cluster + format: int32 + type: integer + type: object + type: object + uid: + description: Output only. System assigned, unique identifier for + the cluster. + type: string + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: RedisCluster is the Schema for the RedisCluster API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RedisClusterSpec defines the desired state of RedisCluster + properties: + authorizationMode: + description: Optional. The authorization mode of the Redis cluster. + If not provided, auth feature is disabled for the cluster. + type: string + deletionProtectionEnabled: + description: Optional. The delete operation will fail when the value + is set to true. + type: boolean + location: + description: Immutable. Location of the resource. + type: string + nodeType: + description: Optional. The type of a redis node in the cluster. NodeType + determines the underlying machine-type of a redis node. + type: string + persistenceConfig: + description: Optional. Persistence config (RDB, AOF) for the cluster. + properties: + aofConfig: + description: Optional. AOF configuration. This field will be ignored + if mode is not AOF. + properties: + appendFsync: + description: Optional. fsync configuration. + type: string + type: object + mode: + description: Optional. The mode of persistence. + type: string + rdbConfig: + description: Optional. RDB configuration. This field will be ignored + if mode is not RDB. + properties: + rdbSnapshotPeriod: + description: Optional. Period between RDB snapshots. + type: string + rdbSnapshotStartTime: + description: Optional. The time that the first snapshot was/will + be attempted, and to which future snapshots will be aligned. + If not provided, the current time will be used. + type: string + type: object + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + pscConfigs: + description: Required. Each PscConfig configures the consumer network + where IPs will be designated to the cluster for client access through + Private Service Connect Automation. Currently, only one PscConfig + is supported. + items: + properties: + networkRef: + description: Required. The network where the IP address of the + discovery endpoint will be reserved, in the form of projects/{network_project}/global/networks/{network_id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed Compute + Network resource. Should be in the format `projects//global/networks/`. + type: string + name: + description: The `name` field of a `ComputeNetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeNetwork` + resource. + type: string + type: object + required: + - networkRef + type: object + type: array + redisConfigs: + additionalProperties: + type: string + description: Optional. Key/Value pairs of customer overrides for mutable + Redis Configs + type: object + replicaCount: + description: Optional. The number of replica nodes per shard. + format: int32 + type: integer + resourceID: + description: The RedisCluster name. If not given, the metadata.name + will be used. + type: string + shardCount: + description: Required. Number of shards for the Redis cluster. + format: int32 + type: integer + transitEncryptionMode: + description: Optional. The in-transit encryption for the Redis cluster. + If not provided, encryption is disabled for the cluster. + type: string + zoneDistributionConfig: + description: Optional. This config will be used to determine how the + customer wants us to distribute cluster resources within the region. + properties: + mode: + description: Optional. The mode of zone distribution. Defaults + to MULTI_ZONE, when not specified. + type: string + zone: + description: Optional. When SINGLE ZONE distribution is selected, + zone field would be used to allocate all resources in that zone. + This is not applicable to MULTI_ZONE, and would be ignored for + MULTI_ZONE clusters. + type: string + type: object + required: + - location + - projectRef + type: object + status: + description: RedisClusterStatus defines the config connector machine state + of RedisCluster + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the RedisCluster resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + createTime: + description: Output only. The timestamp associated with the cluster + creation request. + type: string + discoveryEndpoints: + description: Output only. Endpoints created on each given network, + for Redis clients to connect to the cluster. Currently only + one discovery endpoint is supported. + items: + properties: + address: + description: Output only. Address of the exposed Redis endpoint + used by clients to connect to the service. The address + could be either IP or hostname. + type: string + port: + description: Output only. The port number of the exposed + Redis endpoint. + format: int32 + type: integer + pscConfig: + description: Output only. Customer configuration for where + the endpoint is created and accessed from. + properties: + network: + description: Required. The network where the IP address + of the discovery endpoint will be reserved, in the + form of projects/{network_project}/global/networks/{network_id}. + type: string + type: object + type: object + type: array + preciseSizeGb: + description: Output only. Precise value of redis memory size in + GB for the entire cluster. + type: number + pscConnections: + description: Output only. PSC connections for discovery of the + cluster topology and accessing the cluster. + items: + properties: + address: + description: Output only. The IP allocated on the consumer + network for the PSC forwarding rule. + type: string + forwardingRule: + description: 'Output only. The URI of the consumer side + forwarding rule. Example: projects/{projectNumOrId}/regions/us-east1/forwardingRules/{resourceId}.' + type: string + network: + description: The consumer network where the IP address resides, + in the form of projects/{project_id}/global/networks/{network_id}. + type: string + projectID: + description: Output only. The consumer project_id where + the forwarding rule is created from. + type: string + pscConnectionID: + description: Output only. The PSC connection id of the forwarding + rule connected to the service attachment. + type: string + type: object + type: array + sizeGb: + description: Output only. Redis memory size in GB for the entire + cluster rounded up to the next integer. + format: int32 + type: integer + state: + description: Output only. The current state of this cluster. Can + be CREATING, READY, UPDATING, DELETING and SUSPENDED + type: string + stateInfo: + description: Output only. Additional information about the current + state of the cluster. + properties: + updateInfo: + description: Describes ongoing update on the cluster when + cluster state is UPDATING. + properties: + targetReplicaCount: + description: Target number of replica nodes per shard. + format: int32 + type: integer + targetShardCount: + description: Target number of shards for redis cluster + format: int32 + type: integer + type: object + type: object + uid: + description: Output only. System assigned, unique identifier for + the cluster. + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: redisinstances.redis.cnrm.cloud.google.com +spec: + group: redis.cnrm.cloud.google.com + names: + categories: + - gcp + kind: RedisInstance + plural: redisinstances + shortNames: + - gcpredisinstance + - gcpredisinstances + singular: redisinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + alternativeLocationId: + description: |- + Immutable. Only applicable to STANDARD_HA tier which protects the instance + against zonal failures by provisioning it across two zones. + If provided, it must be a different zone from the one provided in + [locationId]. + type: string + authEnabled: + description: |- + Optional. Indicates whether OSS Redis AUTH is enabled for the + instance. If set to "true" AUTH is enabled on the instance. + Default value is "false" meaning AUTH is disabled. + type: boolean + authString: + description: Output only. AUTH String set on the instance. This field + will only be populated if auth_enabled is true. + type: string + authorizedNetworkRef: + description: |- + The network to which the instance is connected. If left + unspecified, the default network will be used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + connectMode: + description: 'Immutable. The connection mode of the Redis instance. + Default value: "DIRECT_PEERING" Possible values: ["DIRECT_PEERING", + "PRIVATE_SERVICE_ACCESS"].' + type: string + customerManagedKeyRef: + description: |- + Immutable. Optional. The KMS key reference that you want to use to + encrypt the data at rest for this Redis instance. If this is + provided, CMEK is enabled. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + displayName: + description: An arbitrary and optional user-provided name for the + instance. + type: string + locationId: + description: |- + Immutable. The zone where the instance will be provisioned. If not provided, + the service will choose a zone for the instance. For STANDARD_HA tier, + instances will be created across two zones for protection against + zonal failures. If [alternativeLocationId] is also provided, it must + be different from [locationId]. + type: string + maintenancePolicy: + description: Maintenance policy for an instance. + properties: + createTime: + description: |- + Output only. The time when the policy was created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + description: + description: |- + Optional. Description of what this policy is for. + Create/Update methods return INVALID_ARGUMENT if the + length is greater than 512. + type: string + updateTime: + description: |- + Output only. The time when the policy was last updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + weeklyMaintenanceWindow: + description: |- + Optional. Maintenance window that is applied to resources covered by this policy. + Minimum 1. For the current version, the maximum number + of weekly_window is expected to be one. + items: + properties: + day: + description: |- + Required. The day of week that maintenance updates occur. + + - DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified. + - MONDAY: Monday + - TUESDAY: Tuesday + - WEDNESDAY: Wednesday + - THURSDAY: Thursday + - FRIDAY: Friday + - SATURDAY: Saturday + - SUNDAY: Sunday Possible values: ["DAY_OF_WEEK_UNSPECIFIED", "MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"]. + type: string + duration: + description: |- + Output only. Duration of the maintenance window. + The current window is fixed at 1 hour. + A duration in seconds with up to nine fractional digits, + terminated by 's'. Example: "3.5s". + type: string + startTime: + description: Required. Start time of the window in UTC time. + properties: + hours: + description: |- + Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 + to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must + be from 0 to 999,999,999. + type: integer + seconds: + description: |- + Seconds of minutes of the time. Must normally be from 0 to 59. + An API may allow the value 60 if it allows leap-seconds. + type: integer + type: object + required: + - day + - startTime + type: object + type: array + type: object + maintenanceSchedule: + description: Upcoming maintenance schedule. + items: + properties: + endTime: + description: |- + Output only. The end time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + scheduleDeadlineTime: + description: |- + Output only. The deadline that the maintenance schedule start time + can not go beyond, including reschedule. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + startTime: + description: |- + Output only. The start time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + type: object + type: array + memorySizeGb: + description: Redis memory size in GiB. + type: integer + persistenceConfig: + description: Persistence configuration for an instance. + properties: + persistenceMode: + description: "Optional. Controls whether Persistence features + are enabled. If not provided, the existing value will be used.\n\n- + DISABLED: \tPersistence is disabled for the instance, and any + existing snapshots are deleted.\n- RDB: RDB based Persistence + is enabled. Possible values: [\"DISABLED\", \"RDB\"]." + type: string + rdbNextSnapshotTime: + description: |- + Output only. The next time that a snapshot attempt is scheduled to occur. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + rdbSnapshotPeriod: + description: "Optional. Available snapshot periods for scheduling.\n\n- + ONE_HOUR:\tSnapshot every 1 hour.\n- SIX_HOURS:\tSnapshot every + 6 hours.\n- TWELVE_HOURS:\tSnapshot every 12 hours.\n- TWENTY_FOUR_HOURS:\tSnapshot + every 24 hours. Possible values: [\"ONE_HOUR\", \"SIX_HOURS\", + \"TWELVE_HOURS\", \"TWENTY_FOUR_HOURS\"]." + type: string + rdbSnapshotStartTime: + description: |- + Optional. Date and time that the first snapshot was/will be attempted, + and to which future snapshots will be aligned. If not provided, + the current time will be used. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + readReplicasMode: + description: |- + Optional. Read replica mode. Can only be specified when trying to create the instance. + If not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED. + - READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the + instance cannot scale up or down the number of replicas. + - READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance + can scale up and down the number of replicas. Possible values: ["READ_REPLICAS_DISABLED", "READ_REPLICAS_ENABLED"]. + type: string + redisConfigs: + additionalProperties: + type: string + description: |- + Redis configuration parameters, according to http://redis.io/topics/config. + Please check Memorystore documentation for the list of supported parameters: + https://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs. + type: object + redisVersion: + description: |- + The version of Redis software. If not provided, latest supported + version will be used. Please check the API documentation linked + at the top for the latest valid values. + type: string + region: + description: Immutable. The name of the Redis region of the instance. + type: string + replicaCount: + description: |- + Optional. The number of replica nodes. The valid range for the Standard Tier with + read replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled + for a Standard Tier instance, the only valid value is 1 and the default is 1. + The valid value for basic tier is 0 and the default is also 0. + type: integer + reservedIpRange: + description: |- + Immutable. The CIDR range of internal addresses that are reserved for this + instance. If not provided, the service will choose an unused /29 + block, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be + unique and non-overlapping with existing subnets in an authorized + network. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + secondaryIpRange: + description: |- + Optional. Additional IP range for node placement. Required when enabling read replicas on + an existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or + "auto". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address + range associated with the private service access connection, or "auto". + type: string + tier: + description: |- + Immutable. The service tier of the instance. Must be one of these values: + + - BASIC: standalone instance + - STANDARD_HA: highly available primary/replica instances Default value: "BASIC" Possible values: ["BASIC", "STANDARD_HA"]. + type: string + transitEncryptionMode: + description: |- + Immutable. The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance. + + - SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication Default value: "DISABLED" Possible values: ["SERVER_AUTHENTICATION", "DISABLED"]. + type: string + required: + - memorySizeGb + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + The time the instance was created in RFC3339 UTC "Zulu" format, + accurate to nanoseconds. + type: string + currentLocationId: + description: |- + The current zone where the Redis endpoint is placed. + For Basic Tier instances, this will always be the same as the + [locationId] provided by the user at creation time. For Standard Tier + instances, this can be either [locationId] or [alternativeLocationId] + and can change after a failover event. + type: string + host: + description: |- + Hostname or IP address of the exposed Redis endpoint used by clients + to connect to the service. + type: string + maintenanceSchedule: + description: Upcoming maintenance schedule. + items: + properties: + endTime: + description: |- + Output only. The end time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + scheduleDeadlineTime: + description: |- + Output only. The deadline that the maintenance schedule start time + can not go beyond, including reschedule. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + startTime: + description: |- + Output only. The start time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + type: object + type: array + nodes: + description: Output only. Info per node. + items: + properties: + id: + description: Node identifying string. e.g. 'node-0', 'node-1'. + type: string + zone: + description: Location of the node. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + authString: + description: Output only. AUTH String set on the instance. This + field will only be populated if auth_enabled is true. + type: string + type: object + persistenceIamIdentity: + description: |- + Output only. Cloud IAM identity used by import / export operations + to transfer data to/from Cloud Storage. Format is "serviceAccount:". + The value may change over time for a given instance so should be + checked before each import/export operation. + type: string + port: + description: The port number of the exposed Redis endpoint. + type: integer + readEndpoint: + description: |- + Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only. + Targets all healthy replica nodes in instance. Replication is asynchronous and replica nodes + will exhibit some lag behind the primary. Write requests must target 'host'. + type: string + readEndpointPort: + description: |- + Output only. The port number of the exposed readonly redis endpoint. Standard tier only. + Write requests should target 'port'. + type: integer + serverCaCerts: + description: List of server CA certificates for the instance. + items: + properties: + cert: + description: The certificate data in PEM format. + type: string + createTime: + description: The time when the certificate was created. + type: string + expireTime: + description: The time when the certificate expires. + type: string + serialNumber: + description: Serial number, as extracted from the certificate. + type: string + sha1Fingerprint: + description: Sha1 Fingerprint of the certificate. + type: string + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: resourcemanagerliens.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ResourceManagerLien + plural: resourcemanagerliens + shortNames: + - gcpresourcemanagerlien + - gcpresourcemanagerliens + singular: resourcemanagerlien + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + origin: + description: |- + Immutable. A stable, user-visible/meaningful string identifying the origin + of the Lien, intended to be inspected programmatically. Maximum length of + 200 characters. + type: string + parent: + properties: + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{value}}`, + where {{value}} is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + reason: + description: |- + Immutable. Concise user-visible strings indicating why an action cannot be performed + on a resource. Maximum length of 200 characters. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + restrictions: + description: |- + Immutable. The types of operations which should be blocked as a result of this Lien. + Each value should correspond to an IAM permission. The server will validate + the permissions against those for which Liens are supported. An empty + list is meaningless and will be rejected. + e.g. ['resourcemanager.projects.delete']. + items: + type: string + type: array + required: + - origin + - parent + - reason + - restrictions + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time of creation. + type: string + name: + description: A system-generated unique identifier for this Lien. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: resourcemanagerpolicies.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ResourceManagerPolicy + plural: resourcemanagerpolicies + shortNames: + - gcpresourcemanagerpolicy + - gcpresourcemanagerpolicies + singular: resourcemanagerpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + booleanPolicy: + description: A boolean policy is a constraint that is either enforced + or not. + properties: + enforced: + description: If true, then the Policy is enforced. If false, then + any configuration is acceptable. + type: boolean + required: + - enforced + type: object + constraint: + description: Immutable. The name of the Constraint the Policy is configuring, + for example, serviceuser.services. + type: string + folderRef: + description: |- + The folder on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Folder` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + listPolicy: + description: A policy that can define specific values that are allowed + or denied for the given constraint. It can also be used to allow + or deny all values. . + properties: + allow: + description: One or the other must be set. + properties: + all: + description: The policy allows or denies all values. + type: boolean + values: + description: The policy can define specific values that are + allowed or denied. + items: + type: string + type: array + type: object + deny: + description: One or the other must be set. + properties: + all: + description: The policy allows or denies all values. + type: boolean + values: + description: The policy can define specific values that are + allowed or denied. + items: + type: string + type: array + type: object + inheritFromParent: + description: If set to true, the values from the effective Policy + of the parent resource are inherited, meaning the values set + in this Policy are added to the values inherited up the hierarchy. + type: boolean + suggestedValue: + description: The Google Cloud Console will try to default to a + configuration that matches the value specified in this field. + type: string + type: object + organizationRef: + description: |- + The organization on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: |- + The project on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + restorePolicy: + description: A restore policy is a constraint to restore the default + policy. + properties: + default: + description: May only be set to true. If set, then the default + Policy is restored. + type: boolean + required: + - default + type: object + version: + description: Version of the Policy. Default version is 0. + type: integer + required: + - constraint + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: The etag of the organization policy. etag is used for + optimistic concurrency control as a way to help prevent simultaneous + updates of a policy from overwriting each other. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: 'The timestamp in RFC3339 UTC "Zulu" format, accurate + to nanoseconds, representing when the variable was last updated. + Example: "2016-10-09T12:33:37.578138407Z".' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: runjobs.run.cnrm.cloud.google.com +spec: + group: run.cnrm.cloud.google.com + names: + categories: + - gcp + kind: RunJob + plural: runjobs + shortNames: + - gcprunjob + - gcprunjobs + singular: runjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + annotations: + additionalProperties: + type: string + description: |- + Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. + + Cloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected on new resources. + All system annotations in v1 now have a corresponding field in v2 Job. + + This field follows Kubernetes annotations' namespacing, limits, and rules. + type: object + binaryAuthorization: + description: Settings for the Binary Authorization feature. + properties: + breakglassJustification: + description: If present, indicates to use Breakglass using this + justification. If useDefault is False, then it must be empty. + For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass. + type: string + useDefault: + description: If True, indicates to use the default project's binary + authorization policy. If False, binary authorization will be + disabled. + type: boolean + type: object + client: + description: Arbitrary identifier for the API client. + type: string + clientVersion: + description: Arbitrary version identifier for the API client. + type: string + launchStage: + description: |- + The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA. + If no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features. + + For example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. Possible values: ["UNIMPLEMENTED", "PRELAUNCH", "EARLY_ACCESS", "ALPHA", "BETA", "GA", "DEPRECATED"]. + type: string + location: + description: Immutable. The location of the cloud run job. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + template: + description: The template used to create executions for this Job. + properties: + annotations: + additionalProperties: + type: string + description: |- + Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. + + Cloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected. + All system annotations in v1 now have a corresponding field in v2 ExecutionTemplate. + + This field follows Kubernetes annotations' namespacing, limits, and rules. + type: object + parallelism: + description: Specifies the maximum desired number of tasks the + execution should run at given time. Must be <= taskCount. When + the job is run, if this field is 0 or unset, the maximum possible + value will be used for that execution. The actual number of + tasks running in steady state will be less than this number + when there are fewer tasks waiting to be completed remaining, + i.e. when the work left to do is less than max parallelism. + type: integer + taskCount: + description: 'Specifies the desired number of tasks the execution + should run. Setting to 1 means that parallelism is limited to + 1 and the success of that task signals the success of the execution. + More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/.' + type: integer + template: + description: Describes the task(s) that will be created when executing + an execution. + properties: + containers: + description: Holds the single container that defines the unit + of execution for this task. + items: + properties: + args: + description: 'Arguments to the entrypoint. The docker + image''s CMD is used if this is not provided. Variable + references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the + reference in the input string will be unchanged. The + $(VAR_NAME) syntax can be escaped with a double $$, + ie: $$(VAR_NAME). Escaped references will never be + expanded, regardless of whether the variable exists + or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell.' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within + a shell. The docker image''s ENTRYPOINT is used if + this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If + a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell.' + items: + type: string + type: array + env: + description: List of environment variables to set in + the container. + items: + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER, and mnay not exceed + 32768 characters. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previous defined environment + variables in the container and any route environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether + the variable exists or not. Defaults to "", + and the maximum length is 32768 bytes.' + type: string + valueSource: + description: Source for the environment variable's + value. + properties: + secretKeyRef: + description: Selects a secret and a specific + version from Cloud Secret Manager. + properties: + secretRef: + description: 'The name of the secret in + Cloud Secret Manager. Format: {secretName} + if the secret is in the same project. + projects/{project}/secrets/{secretName} + if the secret is in a different project.' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` + field of a `SecretManagerSecret` + resource.' + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + versionRef: + description: The Cloud Secret Manager + secret version. Can be 'latest' for + the latest value or an integer for a + specific version. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `version` + field of a `SecretManagerSecretVersion` + resource.' + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - secretRef + - versionRef + type: object + type: object + required: + - name + type: object + type: array + image: + description: 'URL of the Container image in Google Container + Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images.' + type: string + livenessProbe: + description: |- + DEPRECATED. `liveness_probe` is deprecated. This field is not supported by the Cloud Run API. Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + This field is not supported in Cloud Run Job currently. + properties: + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. Exactly one of HTTPGet or TCPSocket + must be specified. + properties: + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + properties: + name: + description: The header field name. + type: string + value: + description: The header field value. + type: string + required: + - name + type: object + type: array + path: + description: Path to access on the HTTP server. + Defaults to '/'. + type: string + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before the probe is initiated. Defaults + to 0 seconds. Minimum value is 0. Maximum value + for liveness probe is 3600. Maximum value for + startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.' + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. Maximum value for liveness probe is 3600. Maximum + value for startup probe is 240. Must be greater + or equal than timeoutSeconds. + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. Exactly one of HTTPGet or TCPSocket + must be specified. + properties: + port: + description: Port number to access on the container. + Must be in the range 1 to 65535. If not specified, + defaults to 8080. + type: integer + type: object + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. Maximum value is 3600. Must be smaller + than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.' + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + type: string + ports: + description: |- + List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. + + If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on. + items: + properties: + containerPort: + description: Port number the container listens + on. This must be a valid TCP port number, 0 + < containerPort < 65536. + type: integer + name: + description: If specified, used to specify which + protocol to use. Allowed values are "http1" + and "h2c". + type: string + type: object + type: array + resources: + description: 'Compute Resource requirements by this + container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources.' + properties: + limits: + additionalProperties: + type: string + description: 'Only memory and CPU are supported. + Note: The only supported values for CPU are ''1'', + ''2'', ''4'', and ''8''. Setting 4 CPU requires + at least 2Gi of memory. The values of the map + is string form of the ''quantity'' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go.' + type: object + type: object + startupProbe: + description: |- + DEPRECATED. `startup_probe` is deprecated. This field is not supported by the Cloud Run API. Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + This field is not supported in Cloud Run Job currently. + properties: + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. Exactly one of HTTPGet or TCPSocket + must be specified. + properties: + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + properties: + name: + description: The header field name. + type: string + value: + description: The header field value. + type: string + required: + - name + type: object + type: array + path: + description: Path to access on the HTTP server. + Defaults to '/'. + type: string + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before the probe is initiated. Defaults + to 0 seconds. Minimum value is 0. Maximum value + for liveness probe is 3600. Maximum value for + startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.' + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. Maximum value for liveness probe is 3600. Maximum + value for startup probe is 240. Must be greater + or equal than timeoutSeconds. + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. Exactly one of HTTPGet or TCPSocket + must be specified. + properties: + port: + description: Port number to access on the container. + Must be in the range 1 to 65535. If not specified, + defaults to 8080. + type: integer + type: object + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. Maximum value is 3600. Must be smaller + than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.' + type: integer + type: object + volumeMounts: + description: Volume to mount into the container's filesystem. + items: + properties: + mountPath: + description: Path within the container at which + the volume should be mounted. Must not contain + ':'. For Cloud SQL volumes, it can be left empty, + or must otherwise be /cloudsql. All instances + defined in the Volume will be available as /cloudsql/[instance]. + For more information on Cloud SQL volumes, visit + https://cloud.google.com/sql/docs/mysql/connect-run. + type: string + name: + description: This must match the Name of a Volume. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which + might be configured in the container image. + type: string + required: + - image + type: object + type: array + encryptionKeyRef: + description: A reference to a customer managed encryption + key (CMEK) to use to encrypt this container image. For more + information, go to https://cloud.google.com/run/docs/securing/using-cmek + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + executionEnvironment: + description: 'The execution environment being used to host + this Task. Possible values: ["EXECUTION_ENVIRONMENT_GEN1", + "EXECUTION_ENVIRONMENT_GEN2"].' + type: string + maxRetries: + description: Number of retries allowed per Task, before marking + this Task failed. + type: integer + serviceAccountRef: + description: Email address of the IAM service account associated + with the revision of the service. The service account represents + the identity of the running revision, and determines what + permissions the revision has. If not provided, the revision + will use the project's default service account. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + timeout: + description: |- + Max allowed time duration the Task may be active before the system will actively try to mark it failed and kill associated containers. This applies per attempt of a task, meaning each retry can run for the full timeout. + + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + type: string + volumes: + description: A list of Volumes to make available to containers. + items: + properties: + cloudSqlInstance: + description: For Cloud SQL volumes, contains the specific + instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run + for more information on how to connect Cloud SQL and + Cloud Run. + properties: + instanceRefs: + items: + description: 'The Cloud SQL instance connection + names, as can be found in https://console.cloud.google.com/sql/instances. + Visit https://cloud.google.com/sql/docs/mysql/connect-run + for more information on how to connect Cloud + SQL and Cloud Run. Format: {project}:{location}:{instance}' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `connectionName` + field of a `SQLInstance` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + emptyDir: + description: Ephemeral storage used as a shared volume. + properties: + medium: + description: 'The different types of medium supported + for EmptyDir. Default value: "MEMORY" Possible + values: ["MEMORY"].' + type: string + sizeLimit: + description: 'Limit on the storage usable by this + EmptyDir volume. The size limit is also applicable + for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory + limits of all containers in a pod. This field''s + values are of the ''Quantity'' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. + The default is nil which means that the limit + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir.' + type: string + type: object + name: + description: Volume's name. + type: string + secret: + description: 'Secret represents a secret that should + populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret.' + properties: + defaultMode: + description: Integer representation of mode bits + to use on created files by default. Must be a + value between 0000 and 0777 (octal), defaulting + to 0444. Directories within the path are not affected + by this setting. + type: integer + items: + description: If unspecified, the volume will expose + a file whose name is the secret, relative to VolumeMount.mount_path. + If specified, the key will be used as the version + to fetch from Cloud Secret Manager and the path + will be the name of the file exposed in the volume. + When items are defined, they must specify a path + and a version. + items: + properties: + mode: + description: Integer octal mode bits to use + on this file, must be a value between 01 + and 0777 (octal). If 0 or not set, the Volume's + default mode will be used. + type: integer + path: + description: The relative path of the secret + in the container. + type: string + versionRef: + description: The Cloud Secret Manager secret + version. Can be 'latest' for the latest + value or an integer for a specific version + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `version` + field of a `SecretManagerSecretVersion` + resource.' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - path + - versionRef + type: object + type: array + secretRef: + description: 'The name of the secret in Cloud Secret + Manager. Format: {secret} if the secret is in + the same project. projects/{project}/secrets/{secret} + if the secret is in a different project.' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field + of a `SecretManagerSecret` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - secretRef + type: object + required: + - name + type: object + type: array + vpcAccess: + description: VPC Access configuration to use for this Task. + For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. + properties: + connectorRef: + description: 'VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, + where {project} can be project id or number.' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `VPCAccessConnector` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + egress: + description: 'Traffic VPC egress settings. Possible values: + ["ALL_TRAFFIC", "PRIVATE_RANGES_ONLY"].' + type: string + networkInterfaces: + description: Direct VPC egress settings. Currently only + single network interface is supported. + items: + properties: + networkRef: + description: |- + The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both + network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be + looked up from the subnetwork. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subnetworkRef: + description: |- + The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both + network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the + subnetwork with the same name with the network will be used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeSubnetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tags: + description: Network tags applied to this Cloud + Run job. + items: + type: string + type: array + type: object + type: array + type: object + type: object + required: + - template + type: object + required: + - location + - projectRef + - template + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The creation time. + type: string + creator: + description: Email address of the authenticated creator. + type: string + deleteTime: + description: The deletion time. + type: string + etag: + description: A system-generated fingerprint for this version of the + resource. May be used to detect modification conflict during updates. + type: string + executionCount: + description: Number of executions created for this job. + type: integer + expireTime: + description: For a deleted resource, the time after which it will + be permamently deleted. + type: string + lastModifier: + description: Email address of the last authenticated modifier. + type: string + latestCreatedExecution: + description: Name of the last created execution. + items: + properties: + completionTime: + description: |- + Completion timestamp of the execution. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + createTime: + description: |- + Creation timestamp of the execution. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + name: + description: Name of the execution. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + reconciling: + description: |- + Returns true if the Job is currently being acted upon by the system to bring it into the desired state. + + When a new Job is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Job to the desired state. This process is called reconciliation. While reconciliation is in process, observedGeneration and latest_succeeded_execution, will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the state matches the Job, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state. + + If reconciliation succeeded, the following fields will match: observedGeneration and generation, latest_succeeded_execution and latestCreatedExecution. + + If reconciliation failed, observedGeneration and latest_succeeded_execution will have the state of the last succeeded execution or empty for newly created Job. Additional information on the failure can be found in terminalCondition and conditions. + type: boolean + terminalCondition: + description: The Condition of this Job, containing its readiness status, + and detailed error information in case it did not reach the desired + state. + items: + properties: + executionReason: + description: A reason for the execution condition. + type: string + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + message: + description: Human readable message indicating details about + the current status. + type: string + reason: + description: A common (service-level) reason for this condition. + type: string + revisionReason: + description: A reason for the revision condition. + type: string + severity: + description: How to interpret failures of this condition, one + of Error, Warning, Info. + type: string + state: + description: State of the condition. + type: string + type: + description: 'type is used to communicate the status of the + reconciliation process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting + Types common to all resources include: * "Ready": True when + the Resource is ready.' + type: string + type: object + type: array + uid: + description: Server assigned unique identifier for the Execution. + The value is a UUID4 string and guaranteed to remain unchanged until + the resource is deleted. + type: string + updateTime: + description: The last-modified time. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: runservices.run.cnrm.cloud.google.com +spec: + group: run.cnrm.cloud.google.com + names: + categories: + - gcp + kind: RunService + plural: runservices + shortNames: + - gcprunservice + - gcprunservices + singular: runservice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + annotations: + additionalProperties: + type: string + description: |- + Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. + + Cloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected in new resources. + All system annotations in v1 now have a corresponding field in v2 Service. + + This field follows Kubernetes annotations' namespacing, limits, and rules. + type: object + binaryAuthorization: + description: Settings for the Binary Authorization feature. + properties: + breakglassJustification: + description: If present, indicates to use Breakglass using this + justification. If useDefault is False, then it must be empty. + For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass. + type: string + useDefault: + description: If True, indicates to use the default project's binary + authorization policy. If False, binary authorization will be + disabled. + type: boolean + type: object + client: + description: Arbitrary identifier for the API client. + type: string + clientVersion: + description: Arbitrary version identifier for the API client. + type: string + customAudiences: + description: |- + One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. The custom audiences are encoded in the token and used to authenticate requests. + For more information, see https://cloud.google.com/run/docs/configuring/custom-audiences. + items: + type: string + type: array + description: + description: User-provided description of the Service. This field + currently has a 512-character limit. + type: string + ingress: + description: 'Provides the ingress settings for this Service. On output, + returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED + if no revision is active. Possible values: ["INGRESS_TRAFFIC_ALL", + "INGRESS_TRAFFIC_INTERNAL_ONLY", "INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER"].' + type: string + launchStage: + description: |- + The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA. + If no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features. + + For example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. Possible values: ["UNIMPLEMENTED", "PRELAUNCH", "EARLY_ACCESS", "ALPHA", "BETA", "GA", "DEPRECATED"]. + type: string + location: + description: Immutable. The location of the cloud run service. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + template: + description: The template used to create revisions for this Service. + properties: + annotations: + additionalProperties: + type: string + description: |- + Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. + + Cloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected. + All system annotations in v1 now have a corresponding field in v2 RevisionTemplate. + + This field follows Kubernetes annotations' namespacing, limits, and rules. + type: object + containers: + description: Holds the containers that define the unit of execution + for this Service. + items: + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s environment. + If a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped + references will never be expanded, regardless of whether + the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell.' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The docker image''s ENTRYPOINT is used if this is not + provided. Variable references $(VAR_NAME) are expanded + using the container''s environment. If a variable cannot + be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell.' + items: + type: string + type: array + dependsOn: + description: Containers which should be started before this + container. If specified the container will wait to start + until all containers with the listed names are healthy. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER, and mnay not exceed 32768 characters. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previous defined environment + variables in the container and any route environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "", and the maximum length + is 32768 bytes.' + type: string + valueSource: + description: Source for the environment variable's + value. + properties: + secretKeyRef: + description: Selects a secret and a specific version + from Cloud Secret Manager. + properties: + secretRef: + description: 'The name of the secret in Cloud + Secret Manager. Format: {secretName} if + the secret is in the same project. projects/{project}/secrets/{secretName} + if the secret is in a different project.' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` + field of a `SecretManagerSecret` resource.' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + versionRef: + description: The Cloud Secret Manager secret + version. Can be 'latest' for the latest + value or an integer for a specific version. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `version` + field of a `SecretManagerSecretVersion` + resource.' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - secretRef + type: object + type: object + required: + - name + type: object + type: array + image: + description: 'URL of the Container image in Google Container + Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images.' + type: string + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.' + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: |- + Port number to access on the container. Number must be in the range 1 to 65535. + If not specified, defaults to the same value as container.ports[0].containerPort. + type: integer + service: + description: |- + The name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + If this is not specified, the default behavior is defined by gRPC. + type: string + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + properties: + name: + description: The header field name. + type: string + value: + description: The header field value. + type: string + required: + - name + type: object + type: array + path: + description: Path to access on the HTTP server. + Defaults to '/'. + type: string + port: + description: |- + Port number to access on the container. Number must be in the range 1 to 65535. + If not specified, defaults to the same value as container.ports[0].containerPort. + type: integer + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before the probe is initiated. Defaults + to 0 seconds. Minimum value is 0. Maximum value for + liveness probe is 3600. Maximum value for startup + probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.' + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. Maximum + value for liveness probe is 3600. Maximum value for + startup probe is 240. Must be greater or equal than + timeoutSeconds. + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. Maximum value is 3600. Must be smaller than periodSeconds. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.' + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + type: string + ports: + description: |- + List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. + + If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on. + items: + properties: + containerPort: + description: Port number the container listens on. + This must be a valid TCP port number, 0 < containerPort + < 65536. + type: integer + name: + description: If specified, used to specify which protocol + to use. Allowed values are "http1" and "h2c". + type: string + type: object + type: array + resources: + description: 'Compute Resource requirements by this container. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources.' + properties: + cpuIdle: + description: Determines whether CPU should be throttled + or not outside of requests. + type: boolean + limits: + additionalProperties: + type: string + description: 'Only memory and CPU are supported. Note: + The only supported values for CPU are ''1'', ''2'', + ''4'', and ''8''. Setting 4 CPU requires at least + 2Gi of memory. The values of the map is string form + of the ''quantity'' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go.' + type: object + startupCpuBoost: + description: Determines whether CPU should be boosted + on startup of a new container instance above the requested + CPU threshold, this can help reduce cold-start latency. + type: boolean + type: object + startupProbe: + description: 'Startup probe of application within the container. + All other probes are disabled if a startup probe is provided, + until it succeeds. Container will not be added to service + endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.' + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + type: integer + grpc: + description: GRPC specifies an action involving a GRPC + port. + properties: + port: + description: |- + Port number to access on the container. Number must be in the range 1 to 65535. + If not specified, defaults to the same value as container.ports[0].containerPort. + type: integer + service: + description: |- + The name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + If this is not specified, the default behavior is defined by gRPC. + type: string + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + Exactly one of HTTPGet or TCPSocket must be specified. + properties: + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + properties: + name: + description: The header field name. + type: string + value: + description: The header field value. + type: string + required: + - name + type: object + type: array + path: + description: Path to access on the HTTP server. + Defaults to '/'. + type: string + port: + description: |- + Port number to access on the container. Must be in the range 1 to 65535. + If not specified, defaults to the same value as container.ports[0].containerPort. + type: integer + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before the probe is initiated. Defaults + to 0 seconds. Minimum value is 0. Maximum value for + liveness probe is 3600. Maximum value for startup + probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.' + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. Maximum + value for liveness probe is 3600. Maximum value for + startup probe is 240. Must be greater or equal than + timeoutSeconds. + type: integer + tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. Exactly one of HTTPGet or TCPSocket must + be specified. + properties: + port: + description: |- + Port number to access on the container. Must be in the range 1 to 65535. + If not specified, defaults to the same value as container.ports[0].containerPort. + type: integer + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. Maximum value is 3600. Must be smaller than periodSeconds. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.' + type: integer + type: object + volumeMounts: + description: Volume to mount into the container's filesystem. + items: + properties: + mountPath: + description: Path within the container at which the + volume should be mounted. Must not contain ':'. + For Cloud SQL volumes, it can be left empty, or + must otherwise be /cloudsql. All instances defined + in the Volume will be available as /cloudsql/[instance]. + For more information on Cloud SQL volumes, visit + https://cloud.google.com/sql/docs/mysql/connect-run. + type: string + name: + description: This must match the Name of a Volume. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. + type: string + required: + - image + type: object + type: array + encryptionKeyRef: + description: A reference to a customer managed encryption key + (CMEK) to use to encrypt this container image. For more information, + go to https://cloud.google.com/run/docs/securing/using-cmek + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + executionEnvironment: + description: 'The sandbox environment to host this Revision. Possible + values: ["EXECUTION_ENVIRONMENT_GEN1", "EXECUTION_ENVIRONMENT_GEN2"].' + type: string + labels: + additionalProperties: + type: string + description: |- + Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. + For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. + + Cloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected. + All system labels in v1 now have a corresponding field in v2 RevisionTemplate. + type: object + maxInstanceRequestConcurrency: + description: Sets the maximum number of requests that each serving + instance can receive. + type: integer + revision: + description: The unique name for the revision. If this field is + omitted, it will be automatically generated based on the Service + name. + type: string + scaling: + description: Scaling settings for this Revision. + properties: + maxInstanceCount: + description: Maximum number of serving instances that this + resource should have. + type: integer + minInstanceCount: + description: Minimum number of serving instances that this + resource should have. + type: integer + type: object + serviceAccountRef: + description: Email address of the IAM service account associated + with the revision of the service. The service account represents + the identity of the running revision, and determines what permissions + the revision has. If not provided, the revision will use the + project's default service account. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sessionAffinity: + description: Enables session affinity. For more information, go + to https://cloud.google.com/run/docs/configuring/session-affinity. + type: boolean + timeout: + description: |- + Max allowed time for an instance to respond to a request. + + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + type: string + volumes: + description: A list of Volumes to make available to containers. + items: + properties: + cloudSqlInstance: + description: For Cloud SQL volumes, contains the specific + instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run + for more information on how to connect Cloud SQL and Cloud + Run. + properties: + instances: + items: + description: 'The Cloud SQL instance connection names, + as can be found in https://console.cloud.google.com/sql/instances. + Visit https://cloud.google.com/sql/docs/mysql/connect-run + for more information on how to connect Cloud SQL + and Cloud Run. Format: {project}:{location}:{instance}' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `connectionName` + field of a `SQLInstance` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + emptyDir: + description: Ephemeral storage used as a shared volume. + properties: + medium: + description: 'The different types of medium supported + for EmptyDir. Default value: "MEMORY" Possible values: + ["MEMORY"].' + type: string + sizeLimit: + description: 'Limit on the storage usable by this EmptyDir + volume. The size limit is also applicable for memory + medium. The maximum usage on memory medium EmptyDir + would be the minimum value between the SizeLimit specified + here and the sum of memory limits of all containers + in a pod. This field''s values are of the ''Quantity'' + k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir.' + type: string + type: object + name: + description: Volume's name. + type: string + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret.' + properties: + defaultMode: + description: Integer representation of mode bits to + use on created files by default. Must be a value between + 0000 and 0777 (octal), defaulting to 0444. Directories + within the path are not affected by this setting. + type: integer + items: + description: If unspecified, the volume will expose + a file whose name is the secret, relative to VolumeMount.mount_path. + If specified, the key will be used as the version + to fetch from Cloud Secret Manager and the path will + be the name of the file exposed in the volume. When + items are defined, they must specify a path and a + version. + items: + properties: + mode: + description: Integer octal mode bits to use on + this file, must be a value between 01 and 0777 + (octal). If 0 or not set, the Volume's default + mode will be used. + type: integer + path: + description: The relative path of the secret in + the container. + type: string + versionRef: + description: The Cloud Secret Manager secret version. + Can be 'latest' for the latest value or an integer + for a specific version + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `version` + field of a `SecretManagerSecretVersion` + resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - path + type: object + type: array + secretRef: + description: 'The name of the secret in Cloud Secret + Manager. Format: {secret} if the secret is in the + same project. projects/{project}/secrets/{secret} + if the secret is in a different project.' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of + a `SecretManagerSecret` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - secretRef + type: object + required: + - name + type: object + type: array + vpcAccess: + description: VPC Access configuration to use for this Task. For + more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. + properties: + connectorRef: + description: 'VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, + where {project} can be project id or number.' + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `VPCAccessConnector` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + egress: + description: 'Traffic VPC egress settings. Possible values: + ["ALL_TRAFFIC", "PRIVATE_RANGES_ONLY"].' + type: string + networkInterfaces: + description: Direct VPC egress settings. Currently only single + network interface is supported. + items: + properties: + networkRef: + description: |- + The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both + network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be + looked up from the subnetwork. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subnetworkRef: + description: |- + The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both + network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the + subnetwork with the same name with the network will be used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeSubnetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tags: + description: Network tags applied to this Cloud Run + service. + items: + type: string + type: array + type: object + type: array + type: object + type: object + traffic: + description: Specifies how to distribute traffic over a collection + of Revisions belonging to the Service. If traffic is empty or not + provided, defaults to 100% traffic to the latest Ready Revision. + items: + properties: + percent: + description: Specifies percent of the traffic to this Revision. + This defaults to zero if unspecified. + type: integer + revision: + description: Revision to which to send this portion of traffic, + if traffic allocation is by revision. + type: string + tag: + description: Indicates a string to be part of the URI to exclusively + reference this target. + type: string + type: + description: 'The allocation type for this traffic target. Possible + values: ["TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST", "TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION"].' + type: string + type: object + type: array + required: + - location + - projectRef + - template + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The creation time. + type: string + creator: + description: Email address of the authenticated creator. + type: string + deleteTime: + description: The deletion time. + type: string + etag: + description: A system-generated fingerprint for this version of the + resource. May be used to detect modification conflict during updates. + type: string + expireTime: + description: For a deleted resource, the time after which it will + be permamently deleted. + type: string + lastModifier: + description: Email address of the last authenticated modifier. + type: string + latestCreatedRevision: + description: Name of the last created revision. See comments in reconciling + for additional information on reconciliation process in Cloud Run. + type: string + latestReadyRevision: + description: Name of the latest revision that is serving traffic. + See comments in reconciling for additional information on reconciliation + process in Cloud Run. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + reconciling: + description: |- + Returns true if the Service is currently being acted upon by the system to bring it into the desired state. + + When a new Service is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Service to the desired serving state. This process is called reconciliation. While reconciliation is in process, observedGeneration, latest_ready_revison, trafficStatuses, and uri will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the serving state matches the Service, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state. + + If reconciliation succeeded, the following fields will match: traffic and trafficStatuses, observedGeneration and generation, latestReadyRevision and latestCreatedRevision. + + If reconciliation failed, trafficStatuses, observedGeneration, and latestReadyRevision will have the state of the last serving revision, or empty for newly created Services. Additional information on the failure can be found in terminalCondition and conditions. + type: boolean + terminalCondition: + description: The Condition of this Service, containing its readiness + status, and detailed error information in case it did not reach + a serving state. See comments in reconciling for additional information + on reconciliation process in Cloud Run. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human readable message indicating details about the + current status. + type: string + reason: + description: A common (service-level) reason for this condition. + type: string + revisionReason: + description: A reason for the revision condition. + type: string + severity: + description: How to interpret failures of this condition, one + of Error, Warning, Info. + type: string + state: + description: State of the condition. + type: string + type: + description: 'type is used to communicate the status of the reconciliation + process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting + Types common to all resources include: * "Ready": True when + the Resource is ready.' + type: string + type: object + trafficStatuses: + description: Detailed status information for corresponding traffic + targets. See comments in reconciling for additional information + on reconciliation process in Cloud Run. + items: + properties: + percent: + description: Specifies percent of the traffic to this Revision. + type: integer + revision: + description: Revision to which this traffic is sent. + type: string + tag: + description: Indicates the string used in the URI to exclusively + reference this target. + type: string + type: + description: The allocation type for this traffic target. + type: string + uri: + description: Displays the target URI. + type: string + type: object + type: array + uid: + description: Server assigned unique identifier for the trigger. The + value is a UUID4 string and guaranteed to remain unchanged until + the resource is deleted. + type: string + updateTime: + description: The last-modified time. + type: string + uri: + description: The main URI in which this Service is serving traffic. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: secretmanagersecrets.secretmanager.cnrm.cloud.google.com +spec: + group: secretmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SecretManagerSecret + listKind: SecretManagerSecretList + plural: secretmanagersecrets + shortNames: + - gcpsecretmanagersecret + - gcpsecretmanagersecrets + singular: secretmanagersecret + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: SecretManagerSecret is the Schema for the SecretManagerSecret + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SecretManagerSecretSpec defines the desired state of SecretManagerSecret + properties: + annotations: + additionalProperties: + type: string + description: |- + Optional. Custom metadata about the secret. + + Annotations are distinct from various forms of labels. + Annotations exist to allow client tools to store their own state + information without requiring a database. + + Annotation keys must be between 1 and 63 characters long, have a UTF-8 + encoding of maximum 128 bytes, begin and end with an alphanumeric character + ([a-z0-9A-Z]), and may have dashes (-), underscores (_), dots (.), and + alphanumerics in between these symbols. + + The total size of annotation keys and values must be less than 16KiB. + type: object + expireTime: + description: Optional. Timestamp in UTC when the [Secret][google.cloud.secretmanager.v1.Secret] + is scheduled to expire. This is always provided on output, regardless + of what was sent on input. + type: string + replication: + description: |- + Optional. Immutable. The replication policy of the secret data attached to + the [Secret][google.cloud.secretmanager.v1.Secret]. + + The replication policy cannot be changed after the Secret has been created. + properties: + auto: + description: The [Secret][google.cloud.secretmanager.v1.Secret] + will automatically be replicated without any restrictions. + properties: + customerManagedEncryption: + description: |- + Optional. The customer-managed encryption configuration of the + [Secret][google.cloud.secretmanager.v1.Secret]. If no configuration is + provided, Google-managed default encryption is used. + + Updates to the [Secret][google.cloud.secretmanager.v1.Secret] encryption + configuration only apply to + [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] added + afterwards. They do not apply retroactively to existing + [SecretVersions][google.cloud.secretmanager.v1.SecretVersion]. + properties: + kmsKeyRef: + description: |- + Required. The resource name of the Cloud KMS CryptoKey used to encrypt + secret payloads. + + For secrets using the + [UserManaged][google.cloud.secretmanager.v1.Replication.UserManaged] + replication policy type, Cloud KMS CryptoKeys must reside in the same + location as the [replica location][Secret.UserManaged.Replica.location]. + + For secrets using the + [Automatic][google.cloud.secretmanager.v1.Replication.Automatic] + replication policy type, Cloud KMS CryptoKeys must reside in `global`. + + The expected format is `projects/*/locations/*/keyRings/*/cryptoKeys/*`. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed + KMSCryptoKey. Should be in the format `projects/[kms_project_id]/locations/[region]/keyRings/[key_ring_id]/cryptoKeys/[key]`. + type: string + name: + description: The `name` of a `KMSCryptoKey` resource. + type: string + namespace: + description: The `namespace` of a `KMSCryptoKey` resource. + type: string + type: object + required: + - kmsKeyRef + type: object + type: object + automatic: + description: The Secret will automatically be replicated without + any restrictions. + type: boolean + userManaged: + description: The [Secret][google.cloud.secretmanager.v1.Secret] + will only be replicated into the locations specified. + properties: + replicas: + description: |- + Required. The list of Replicas for this + [Secret][google.cloud.secretmanager.v1.Secret]. + + Cannot be empty. + items: + properties: + customerManagedEncryption: + description: |- + Optional. The customer-managed encryption configuration of the + [User-Managed Replica][Replication.UserManaged.Replica]. If no + configuration is provided, Google-managed default encryption is used. + + Updates to the [Secret][google.cloud.secretmanager.v1.Secret] + encryption configuration only apply to + [SecretVersions][google.cloud.secretmanager.v1.SecretVersion] added + afterwards. They do not apply retroactively to existing + [SecretVersions][google.cloud.secretmanager.v1.SecretVersion]. + properties: + kmsKeyRef: + description: |- + Required. The resource name of the Cloud KMS CryptoKey used to encrypt + secret payloads. + + For secrets using the + [UserManaged][google.cloud.secretmanager.v1.Replication.UserManaged] + replication policy type, Cloud KMS CryptoKeys must reside in the same + location as the [replica location][Secret.UserManaged.Replica.location]. + + For secrets using the + [Automatic][google.cloud.secretmanager.v1.Replication.Automatic] + replication policy type, Cloud KMS CryptoKeys must reside in `global`. + + The expected format is `projects/*/locations/*/keyRings/*/cryptoKeys/*`. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed + KMSCryptoKey. Should be in the format `projects/[kms_project_id]/locations/[region]/keyRings/[key_ring_id]/cryptoKeys/[key]`. + type: string + name: + description: The `name` of a `KMSCryptoKey` + resource. + type: string + namespace: + description: The `namespace` of a `KMSCryptoKey` + resource. + type: string + type: object + required: + - kmsKeyRef + type: object + location: + description: 'The canonical IDs of the location to replicate + data. For example: `"us-east1"`.' + type: string + required: + - location + type: object + type: array + required: + - replicas + type: object + type: object + resourceID: + description: Immutable. The SecretManagerSecret name. If not given, + the metadata.name will be used. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + rotation: + description: Optional. Rotation policy attached to the [Secret][google.cloud.secretmanager.v1.Secret]. + May be excluded if there is no rotation policy. + properties: + nextRotationTime: + description: |- + Optional. Timestamp in UTC at which the + [Secret][google.cloud.secretmanager.v1.Secret] is scheduled to rotate. + Cannot be set to less than 300s (5 min) in the future and at most + 3153600000s (100 years). + + [next_rotation_time][google.cloud.secretmanager.v1.Rotation.next_rotation_time] + MUST be set if + [rotation_period][google.cloud.secretmanager.v1.Rotation.rotation_period] + is set. + type: string + rotationPeriod: + description: |- + Input only. The Duration between rotation notifications. Must be in seconds + and at least 3600s (1h) and at most 3153600000s (100 years). + + If + [rotation_period][google.cloud.secretmanager.v1.Rotation.rotation_period] + is set, + [next_rotation_time][google.cloud.secretmanager.v1.Rotation.next_rotation_time] + must be set. + [next_rotation_time][google.cloud.secretmanager.v1.Rotation.next_rotation_time] + will be advanced by this period when the service automatically sends + rotation notifications. + type: string + type: object + topics: + description: Optional. A list of up to 10 Pub/Sub topics to which + messages are published when control plane operations are called + on the secret or its versions. + items: + properties: + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: If provided must be in the format `projects/[project_id]/topics/[topic_id]`. + type: string + name: + description: The `metadata.name` field of a `PubSubTopic` + resource. + type: string + namespace: + description: The `metadata.namespace` field of a `PubSubTopic` + resource. + type: string + type: object + required: + - topicRef + type: object + type: array + ttl: + description: Input only. The TTL for the [Secret][google.cloud.secretmanager.v1.Secret]. + type: string + versionAliases: + additionalProperties: + type: string + description: |- + Optional. Mapping from version alias to version name. + + A version alias is a string with a maximum length of 63 characters and can + contain uppercase and lowercase letters, numerals, and the hyphen (`-`) + and underscore ('_') characters. An alias string must start with a + letter and cannot be the string 'latest' or 'NEW'. + No more than 50 aliases can be assigned to a given secret. + + Version-Alias pairs will be viewable via GetSecret and modifiable via + UpdateSecret. Access by alias is only be supported on + GetSecretVersion and AccessSecretVersion. + type: object + type: object + status: + description: SecretManagerSecretStatus defines the config connector machine + state of SecretManagerSecret + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the SecretManagerSecret resource + in GCP. + type: string + name: + description: '[DEPRECATED] Please read from `.status.externalRef` + instead. Config Connector will remove the `.status.name` in v1 Version.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: secretmanagersecretversions.secretmanager.cnrm.cloud.google.com +spec: + group: secretmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SecretManagerSecretVersion + listKind: SecretManagerSecretVersionList + plural: secretmanagersecretversions + shortNames: + - gcpsecretmanagersecretversion + - gcpsecretmanagersecretversions + singular: secretmanagersecretversion + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: SecretManagerSecretVersion is the Schema for the SecretManagerSecretVersion + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SecretManagerSecretVersionSpec defines the desired state + of SecretManagerSecretVersion + properties: + deletionPolicy: + description: 'DEPRECATED. You do not need to set this field in direct + reconciler mode. Use delete-policy annotation instead. https://cloud.google.com/config-connector/docs/how-to/managing-deleting-resources#keeping_resources_after_deletion + The deletion policy for the secret version. Setting ''ABANDON'' + allows the resource to be abandoned rather than deleted. Setting + ''DISABLE'' allows the resource to be disabled rather than deleted. + Default is ''DELETE''. Possible values are: * DELETE * DISABLE * + ABANDON.' + type: string + enabled: + description: Should enable or disable the current SecretVersion. - + Enabled version can be accessed and described. - Disabled version + cannot be accessed, but the secret's contents still exist + type: boolean + isSecretDataBase64: + description: DEPRECATED. You do not need to set this field in direct + reconciler mode. + type: boolean + resourceID: + description: The SecretVersion number. If given, Config Connector + acquires the resource from the Secret Manager service. If not given, + Config Connector adds a new secret version to the GCP service, and + you can find out the version number from `status.observedState.version` + type: string + secretData: + description: The actual secret data. Config Connector supports secret + data stored in Kubernetes secret or plain data (base64) + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - key + - name + type: object + type: object + type: object + secretRef: + description: The resource name of the [Secret][google.cloud.secretmanager.v1.Secret] + to create a [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] + for. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed SecretManagerSecret + resource. Should be in the format "projects//locations//secrets/". + type: string + name: + description: The name of a SecretManagerSecret resource. + type: string + namespace: + description: The namespace of a SecretManagerSecret resource. + type: string + type: object + type: object + status: + description: SecretManagerSecretVersionStatus defines the config connector + machine state of SecretManagerSecretVersion + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: 'DEPRECATING NOTE: Please use status.observedState.createTime + instead.' + type: string + destroyTime: + description: 'DEPRECATING NOTE: Please use status.observedState.destroyTime + instead.' + type: string + externalRef: + description: A unique specifier for the SecretManagerSecretVersion + resource in GCP. + type: string + name: + description: 'DEPRECATING NOTE: Please use status.observedState.name + instead.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + clientSpecifiedPayloadChecksum: + description: Output only. True if payload checksum specified in + [SecretPayload][google.cloud.secretmanager.v1.SecretPayload] + object has been received by [SecretManagerService][google.cloud.secretmanager.v1.SecretManagerService] + on [SecretManagerService.AddSecretVersion][google.cloud.secretmanager.v1.SecretManagerService.AddSecretVersion]. + type: boolean + createTime: + description: Output only. The time at which the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] + was created. + type: string + customerManagedEncryption: + description: Output only. The customer-managed encryption status + of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + Only populated if customer-managed encryption is used and [Secret][google.cloud.secretmanager.v1.Secret] + is a Regionalised Secret. + properties: + kmsKeyVersionName: + description: 'Required. The resource name of the Cloud KMS + CryptoKeyVersion used to encrypt the secret payload, in + the following format: `projects/*/locations/*/keyRings/*/cryptoKeys/*/versions/*`.' + type: string + type: object + destroyTime: + description: Output only. The time this [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] + was destroyed. Only present if [state][google.cloud.secretmanager.v1.SecretVersion.state] + is [DESTROYED][google.cloud.secretmanager.v1.SecretVersion.State.DESTROYED]. + type: string + name: + description: |- + Output only. The resource name of the + [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] in the + format `projects/*/secrets/*/versions/*`. + + [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] IDs in a + [Secret][google.cloud.secretmanager.v1.Secret] start at 1 and are + incremented for each subsequent version of the secret. + type: string + replicationStatus: + description: The replication status of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + properties: + automatic: + description: |- + Describes the replication status of a + [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] with + automatic replication. + + Only populated if the parent + [Secret][google.cloud.secretmanager.v1.Secret] has an automatic + replication policy. + properties: + customerManagedEncryption: + description: Output only. The customer-managed encryption + status of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + Only populated if customer-managed encryption is used. + properties: + kmsKeyVersionName: + description: 'Required. The resource name of the Cloud + KMS CryptoKeyVersion used to encrypt the secret + payload, in the following format: `projects/*/locations/*/keyRings/*/cryptoKeys/*/versions/*`.' + type: string + type: object + type: object + userManaged: + description: |- + Describes the replication status of a + [SecretVersion][google.cloud.secretmanager.v1.SecretVersion] with + user-managed replication. + + Only populated if the parent + [Secret][google.cloud.secretmanager.v1.Secret] has a user-managed + replication policy. + properties: + replicas: + description: Output only. The list of replica statuses + for the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + items: + properties: + customerManagedEncryption: + description: Output only. The customer-managed encryption + status of the [SecretVersion][google.cloud.secretmanager.v1.SecretVersion]. + Only populated if customer-managed encryption + is used. + properties: + kmsKeyVersionName: + description: 'Required. The resource name of + the Cloud KMS CryptoKeyVersion used to encrypt + the secret payload, in the following format: + `projects/*/locations/*/keyRings/*/cryptoKeys/*/versions/*`.' + type: string + type: object + location: + description: 'Output only. The canonical ID of the + replica location. For example: `"us-east1"`.' + type: string + type: object + type: array + type: object + type: object + scheduledDestroyTime: + description: Optional. Output only. Scheduled destroy time for + secret version. This is a part of the Delayed secret version + destroy feature. For a Secret with a valid version destroy TTL, + when a secert version is destroyed, the version is moved to + disabled state and it is scheduled for destruction. The version + is destroyed only after the `scheduled_destroy_time`. + type: string + type: object + version: + description: DEPRECATED. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + name: securesourcemanagerinstances.securesourcemanager.cnrm.cloud.google.com +spec: + group: securesourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SecureSourceManagerInstance + listKind: SecureSourceManagerInstanceList + plural: securesourcemanagerinstances + shortNames: + - gcpsecuresourcemanagerinstance + - gcpsecuresourcemanagerinstances + singular: securesourcemanagerinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: SecureSourceManagerInstance is the Schema for the SecureSourceManagerInstance + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SecureSourceManagerInstanceSpec defines the desired state + of SecureSourceManagerInstance + properties: + kmsKeyRef: + description: Optional. Immutable. Customer-managed encryption key + name. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed KMSCryptoKey. + Should be in the format `projects/[kms_project_id]/locations/[region]/keyRings/[key_ring_id]/cryptoKeys/[key]`. + type: string + name: + description: The `name` of a `KMSCryptoKey` resource. + type: string + namespace: + description: The `namespace` of a `KMSCryptoKey` resource. + type: string + type: object + location: + description: Immutable. Location of the instance. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + description: SecureSourceManagerInstanceStatus defines the config connector + machine state of SecureSourceManagerInstance + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the SecureSourceManagerInstance + resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + hostConfig: + description: Output only. A list of hostnames for this instance. + properties: + api: + description: 'Output only. API hostname. This is the hostname + to use for **Host: Data Plane** endpoints.' + type: string + gitHTTP: + description: Output only. Git HTTP hostname. + type: string + gitSSH: + description: Output only. Git SSH hostname. + type: string + html: + description: Output only. HTML hostname. + type: string + type: object + state: + description: Output only. Current state of the instance. + type: string + stateNote: + description: Output only. An optional field providing information + about the current instance state. + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: securesourcemanagerrepositories.securesourcemanager.cnrm.cloud.google.com +spec: + group: securesourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SecureSourceManagerRepository + listKind: SecureSourceManagerRepositoryList + plural: securesourcemanagerrepositories + shortNames: + - gcpsecuresourcemanagerrepository + - gcpsecuresourcemanagerrepositories + singular: securesourcemanagerrepository + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: SecureSourceManagerRepository is the Schema for the SecureSourceManagerRepository + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SecureSourceManagerRepositorySpec defines the desired state + of SecureSourceManagerRepository + properties: + initialConfig: + description: Input only. Initial configurations for the repository. + properties: + defaultBranch: + description: Default branch name of the repository. + type: string + gitignores: + description: 'List of gitignore template names user can choose + from. Valid values: actionscript, ada, agda, android, anjuta, + ansible, appcelerator-titanium, app-engine, archives, arch-linux-packages, + atmel-studio, autotools, backup, bazaar, bazel, bitrix, bricx-cc, + c, cake-php, calabash, cf-wheels, chef-cookbook, clojure, cloud9, + c-make, code-igniter, code-kit, code-sniffer, common-lisp, composer, + concrete5, coq, cordova, cpp, craft-cms, cuda, cvs, d, dart, + dart-editor, delphi, diff, dm, dreamweaver, dropbox, drupal, + drupal-7, eagle, eclipse, eiffel-studio, elisp, elixir, elm, + emacs, ensime, epi-server, erlang, esp-idf, espresso, exercism, + expression-engine, ext-js, fancy, finale, flex-builder, force-dot-com, + fortran, fuel-php, gcov, git-book, gnome-shell-extension, go, + godot, gpg, gradle, grails, gwt, haskell, hugo, iar-ewarm, idris, + igor-pro, images, infor-cms, java, jboss, jboss-4, jboss-6, + jdeveloper, jekyll, jenkins-home, jenv, jet-brains, jigsaw, + joomla, julia, jupyter-notebooks, kate, kdevelop4, kentico, + ki-cad, kohana, kotlin, lab-view, laravel, lazarus, leiningen, + lemon-stand, libre-office, lilypond, linux, lithium, logtalk, + lua, lyx, mac-os, magento, magento-1, magento-2, matlab, maven, + mercurial, mercury, metals, meta-programming-system, meteor, + microsoft-office, model-sim, momentics, mono-develop, nanoc, + net-beans, nikola, nim, ninja, node, notepad-pp, nwjs, objective--c, + ocaml, octave, opa, open-cart, openssl, oracle-forms, otto, + packer, patch, perl, perl6, phalcon, phoenix, pimcore, play-framework, + plone, prestashop, processing, psoc-creator, puppet, pure-script, + putty, python, qooxdoo, qt, r, racket, rails, raku, red, redcar, + redis, rhodes-rhomobile, ros, ruby, rust, sam, sass, sbt, scala, + scheme, scons, scrivener, sdcc, seam-gen, sketch-up, slick-edit, + smalltalk, snap, splunk, stata, stella, sublime-text, sugar-crm, + svn, swift, symfony, symphony-cms, synopsys-vcs, tags, terraform, + tex, text-mate, textpattern, think-php, tortoise-git, turbo-gears-2, + typo3, umbraco, unity, unreal-engine, vagrant, vim, virtual-env, + virtuoso, visual-studio, visual-studio-code, vue, vvvv, waf, + web-methods, windows, word-press, xcode, xilinx, xilinx-ise, + xojo, yeoman, yii, zend-framework, zephir.' + items: + type: string + type: array + license: + description: 'License template name user can choose from. Valid + values: license-0bsd, license-389-exception, aal, abstyles, + adobe-2006, adobe-glyph, adsl, afl-1-1, afl-1-2, afl-2-0, afl-2-1, + afl-3-0, afmparse, agpl-1-0, agpl-1-0-only, agpl-1-0-or-later, + agpl-3-0-only, agpl-3-0-or-later, aladdin, amdplpa, aml, ampas, + antlr-pd, antlr-pd-fallback, apache-1-0, apache-1-1, apache-2-0, + apafml, apl-1-0, apsl-1-0, apsl-1-1, apsl-1-2, apsl-2-0, artistic-1-0, + artistic-1-0-cl8, artistic-1-0-perl, artistic-2-0, autoconf-exception-2-0, + autoconf-exception-3-0, bahyph, barr, beerware, bison-exception-2-2, + bittorrent-1-0, bittorrent-1-1, blessing, blueoak-1-0-0, bootloader-exception, + borceux, bsd-1-clause, bsd-2-clause, bsd-2-clause-freebsd, bsd-2-clause-netbsd, + bsd-2-clause-patent, bsd-2-clause-views, bsd-3-clause, bsd-3-clause-attribution, + bsd-3-clause-clear, bsd-3-clause-lbnl, bsd-3-clause-modification, + bsd-3-clause-no-nuclear-license, bsd-3-clause-no-nuclear-license-2014, + bsd-3-clause-no-nuclear-warranty, bsd-3-clause-open-mpi, bsd-4-clause, + bsd-4-clause-shortened, bsd-4-clause-uc, bsd-protection, bsd-source-code, + bsl-1-0, busl-1-1, cal-1-0, cal-1-0-combined-work-exception, + caldera, catosl-1-1, cc0-1-0, cc-by-1-0, cc-by-2-0, cc-by-3-0, + cc-by-3-0-at, cc-by-3-0-us, cc-by-4-0, cc-by-nc-1-0, cc-by-nc-2-0, + cc-by-nc-3-0, cc-by-nc-4-0, cc-by-nc-nd-1-0, cc-by-nc-nd-2-0, + cc-by-nc-nd-3-0, cc-by-nc-nd-3-0-igo, cc-by-nc-nd-4-0, cc-by-nc-sa-1-0, + cc-by-nc-sa-2-0, cc-by-nc-sa-3-0, cc-by-nc-sa-4-0, cc-by-nd-1-0, + cc-by-nd-2-0, cc-by-nd-3-0, cc-by-nd-4-0, cc-by-sa-1-0, cc-by-sa-2-0, + cc-by-sa-2-0-uk, cc-by-sa-2-1-jp, cc-by-sa-3-0, cc-by-sa-3-0-at, + cc-by-sa-4-0, cc-pddc, cddl-1-0, cddl-1-1, cdla-permissive-1-0, + cdla-sharing-1-0, cecill-1-0, cecill-1-1, cecill-2-0, cecill-2-1, + cecill-b, cecill-c, cern-ohl-1-1, cern-ohl-1-2, cern-ohl-p-2-0, + cern-ohl-s-2-0, cern-ohl-w-2-0, clartistic, classpath-exception-2-0, + clisp-exception-2-0, cnri-jython, cnri-python, cnri-python-gpl-compatible, + condor-1-1, copyleft-next-0-3-0, copyleft-next-0-3-1, cpal-1-0, + cpl-1-0, cpol-1-02, crossword, crystal-stacker, cua-opl-1-0, + cube, c-uda-1-0, curl, d-fsl-1-0, diffmark, digirule-foss-exception, + doc, dotseqn, drl-1-0, dsdp, dvipdfm, ecl-1-0, ecl-2-0, ecos-exception-2-0, + efl-1-0, efl-2-0, egenix, entessa, epics, epl-1-0, epl-2-0, + erlpl-1-1, etalab-2-0, eu-datagrid, eupl-1-0, eupl-1-1, eupl-1-2, + eurosym, fair, fawkes-runtime-exception, fltk-exception, font-exception-2-0, + frameworx-1-0, freebsd-doc, freeimage, freertos-exception-2-0, + fsfap, fsful, fsfullr, ftl, gcc-exception-2-0, gcc-exception-3-1, + gd, gfdl-1-1-invariants-only, gfdl-1-1-invariants-or-later, + gfdl-1-1-no-invariants-only, gfdl-1-1-no-invariants-or-later, + gfdl-1-1-only, gfdl-1-1-or-later, gfdl-1-2-invariants-only, + gfdl-1-2-invariants-or-later, gfdl-1-2-no-invariants-only, gfdl-1-2-no-invariants-or-later, + gfdl-1-2-only, gfdl-1-2-or-later, gfdl-1-3-invariants-only, + gfdl-1-3-invariants-or-later, gfdl-1-3-no-invariants-only, gfdl-1-3-no-invariants-or-later, + gfdl-1-3-only, gfdl-1-3-or-later, giftware, gl2ps, glide, glulxe, + glwtpl, gnu-javamail-exception, gnuplot, gpl-1-0-only, gpl-1-0-or-later, + gpl-2-0-only, gpl-2-0-or-later, gpl-3-0-linking-exception, gpl-3-0-linking-source-exception, + gpl-3-0-only, gpl-3-0-or-later, gpl-cc-1-0, gsoap-1-3b, haskell-report, + hippocratic-2-1, hpnd, hpnd-sell-variant, htmltidy, i2p-gpl-java-exception, + ibm-pibs, icu, ijg, image-magick, imatix, imlib2, info-zip, + intel, intel-acpi, interbase-1-0, ipa, ipl-1-0, isc, jasper-2-0, + jpnic, json, lal-1-2, lal-1-3, latex2e, leptonica, lgpl-2-0-only, + lgpl-2-0-or-later, lgpl-2-1-only, lgpl-2-1-or-later, lgpl-3-0-linking-exception, + lgpl-3-0-only, lgpl-3-0-or-later, lgpllr, libpng, libpng-2-0, + libselinux-1-0, libtiff, libtool-exception, liliq-p-1-1, liliq-r-1-1, + liliq-rplus-1-1, linux-openib, linux-syscall-note, llvm-exception, + lpl-1-0, lpl-1-02, lppl-1-0, lppl-1-1, lppl-1-2, lppl-1-3a, + lppl-1-3c, lzma-exception, make-index, mif-exception, miros, + mit, mit-0, mit-advertising, mit-cmu, mit-enna, mit-feh, mit-modern-variant, + mitnfa, mit-open-group, motosoto, mpich2, mpl-1-0, mpl-1-1, + mpl-2-0, mpl-2-0-no-copyleft-exception, ms-pl, ms-rl, mtll, + mulanpsl-1-0, mulanpsl-2-0, multics, mup, naist-2003, nasa-1-3, + naumen, nbpl-1-0, ncgl-uk-2-0, ncsa, netcdf, net-snmp, newsletr, + ngpl, nist-pd, nist-pd-fallback, nlod-1-0, nlpl, nokia, nokia-qt-exception-1-1, + nosl, noweb, npl-1-0, npl-1-1, nposl-3-0, nrl, ntp, ntp-0, ocaml-lgpl-linking-exception, + occt-exception-1-0, occt-pl, oclc-2-0, odbl-1-0, odc-by-1-0, + ofl-1-0, ofl-1-0-no-rfn, ofl-1-0-rfn, ofl-1-1, ofl-1-1-no-rfn, + ofl-1-1-rfn, ogc-1-0, ogdl-taiwan-1-0, ogl-canada-2-0, ogl-uk-1-0, + ogl-uk-2-0, ogl-uk-3-0, ogtsl, oldap-1-1, oldap-1-2, oldap-1-3, + oldap-1-4, oldap-2-0, oldap-2-0-1, oldap-2-1, oldap-2-2, oldap-2-2-1, + oldap-2-2-2, oldap-2-3, oldap-2-4, oldap-2-7, oml, openjdk-assembly-exception-1-0, + openssl, openvpn-openssl-exception, opl-1-0, oset-pl-2-1, osl-1-0, + osl-1-1, osl-2-0, osl-2-1, osl-3-0, o-uda-1-0, parity-6-0-0, + parity-7-0-0, pddl-1-0, php-3-0, php-3-01, plexus, polyform-noncommercial-1-0-0, + polyform-small-business-1-0-0, postgresql, psf-2-0, psfrag, + ps-or-pdf-font-exception-20170817, psutils, python-2-0, qhull, + qpl-1-0, qt-gpl-exception-1-0, qt-lgpl-exception-1-1, qwt-exception-1-0, + rdisc, rhecos-1-1, rpl-1-1, rpsl-1-0, rsa-md, rscpl, ruby, saxpath, + sax-pd, scea, sendmail, sendmail-8-23, sgi-b-1-0, sgi-b-1-1, + sgi-b-2-0, shl-0-51, shl-2-0, shl-2-1, simpl-2-0, sissl, sissl-1-2, + sleepycat, smlnj, smppl, snia, spencer-86, spencer-94, spencer-99, + spl-1-0, ssh-openssh, ssh-short, sspl-1-0, sugarcrm-1-1-3, swift-exception, + swl, tapr-ohl-1-0, tcl, tcp-wrappers, tmate, torque-1-1, tosl, + tu-berlin-1-0, tu-berlin-2-0, u-boot-exception-2-0, ucl-1-0, + unicode-dfs-2015, unicode-dfs-2016, unicode-tou, universal-foss-exception-1-0, + unlicense, upl-1-0, vim, vostrom, vsl-1-0, w3c, w3c-19980720, + w3c-20150513, watcom-1-0, wsuipa, wtfpl, wxwindows-exception-3-1, + x11, xerox, xfree86-1-1, xinetd, xnet, xpp, xskat, ypl-1-0, + ypl-1-1, zed, zend-2-0, zimbra-1-3, zimbra-1-4, zlib, zlib-acknowledgement, + zpl-1-1, zpl-2-0, zpl-2-1.' + type: string + readme: + description: 'README template name. Valid template name(s) are: + default.' + type: string + type: object + instanceRef: + description: The name of the instance in which the repository is hosted, + formatted as `projects/{project_number}/locations/{location_id}/instances/{instance_id}` + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed SecureSourceManagerInstance + resource. Should be in the format "projects//locations//instances/". + type: string + name: + description: The name of a SecureSourceManagerInstance resource. + type: string + namespace: + description: The namespace of a SecureSourceManagerInstance resource. + type: string + type: object + location: + description: Immutable. Location of the instance. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + resourceID: + description: Immutable. The SecureSourceManagerRepository name. If + not given, the metadata.name will be used. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + required: + - instanceRef + - location + - projectRef + type: object + status: + description: SecureSourceManagerRepositoryStatus defines the config connector + machine state of SecureSourceManagerRepository + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the SecureSourceManagerRepository + resource in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + etag: + description: Output only. This checksum is computed by the server + based on the value of other fields, and may be sent on update + and delete requests to ensure the client has an up-to-date value + before proceeding. + type: string + uid: + description: Output only. Unique identifier of the repository. + type: string + uris: + description: Output only. URIs for the repository. + properties: + api: + description: Output only. API is the URI for API access. + type: string + gitHTTPS: + description: Output only. git_https is the git HTTPS URI for + git operations. + type: string + html: + description: Output only. HTML is the URI for user to view + the repository in a browser. + type: string + type: object + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: securitycenternotificationconfigs.securitycenter.cnrm.cloud.google.com +spec: + group: securitycenter.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SecurityCenterNotificationConfig + plural: securitycenternotificationconfigs + shortNames: + - gcpsecuritycenternotificationconfig + - gcpsecuritycenternotificationconfigs + singular: securitycenternotificationconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + configId: + description: Immutable. This must be unique within the organization. + type: string + description: + description: The description of the notification config (max of 1024 + characters). + type: string + organizationRef: + description: The organization that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + pubsubTopic: + description: |- + The Pub/Sub topic to send notifications to. Its format is + "projects/[project_id]/topics/[topic]". + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + streamingConfig: + description: The config for triggering streaming-based notifications. + properties: + filter: + description: |- + Expression that defines the filter to apply across create/update + events of assets or findings as specified by the event type. The + expression is a list of zero or more restrictions combined via + logical operators AND and OR. Parentheses are supported, and OR + has higher precedence than AND. + + Restrictions have the form and may have + a - character in front of them to indicate negation. The fields + map to those defined in the corresponding resource. + + The supported operators are: + + * = for all value types. + * >, <, >=, <= for integer values. + * :, meaning substring matching, for strings. + + The supported value types are: + + * string literals in quotes. + * integer literals without quotes. + * boolean literals true and false without quotes. + + See + [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + for information on how to write a filter. + type: string + required: + - filter + type: object + required: + - configId + - organizationRef + - pubsubTopic + - streamingConfig + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The resource name of this notification config, in the format + 'organizations/{{organization}}/notificationConfigs/{{config_id}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + serviceAccount: + description: |- + The service account that needs "pubsub.topics.publish" permission to + publish to the Pub/Sub topic. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: securitycentersources.securitycenter.cnrm.cloud.google.com +spec: + group: securitycenter.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SecurityCenterSource + plural: securitycentersources + shortNames: + - gcpsecuritycentersource + - gcpsecuritycentersources + singular: securitycentersource + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the source (max of 1024 characters). + type: string + displayName: + description: |- + The source’s display name. A source’s display name must be unique + amongst its siblings, for example, two sources with the same parent + can't share the same display name. The display name must start and end + with a letter or digit, may contain letters, digits, spaces, hyphens, + and underscores, and can be no longer than 32 characters. + type: string + organizationRef: + description: The organization that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - organizationRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The resource name of this source, in the format + 'organizations/{{organization}}/sources/{{source}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: servicedirectoryendpoints.servicedirectory.cnrm.cloud.google.com +spec: + group: servicedirectory.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ServiceDirectoryEndpoint + plural: servicedirectoryendpoints + shortNames: + - gcpservicedirectoryendpoint + - gcpservicedirectoryendpoints + singular: servicedirectoryendpoint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkRef: + description: |- + Only the `external` field is supported to configure the reference. + + Immutable. The Google Compute Engine network (VPC) of the endpoint in the format + projects//locations/global/networks/*. + + The project must be specified by project number (project id is rejected). Incorrectly formatted networks are + rejected, but no other validation is performed on this field (ex. network or project existence, + reachability, or permissions). + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + port: + description: |- + Port that the endpoint is running on, must be in the + range of [0, 65535]. If unspecified, the default is 0. + type: integer + resourceID: + description: Immutable. Optional. The endpointId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceRef: + description: The ServiceDirectoryService that this endpoint belongs + to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ServiceDirectoryService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - serviceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The resource name for the endpoint in the format + 'projects/*/locations/*/namespaces/*/services/*/endpoints/*'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: servicedirectorynamespaces.servicedirectory.cnrm.cloud.google.com +spec: + group: servicedirectory.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ServiceDirectoryNamespace + plural: servicedirectorynamespaces + shortNames: + - gcpservicedirectorynamespace + - gcpservicedirectorynamespaces + singular: servicedirectorynamespace + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: + description: |- + Immutable. The location for the Namespace. + A full list of valid locations can be found by running + 'gcloud beta service-directory locations list'. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The namespaceId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The resource name for the namespace + in the format 'projects/*/locations/*/namespaces/*'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: servicedirectoryservices.servicedirectory.cnrm.cloud.google.com +spec: + group: servicedirectory.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ServiceDirectoryService + plural: servicedirectoryservices + shortNames: + - gcpservicedirectoryservice + - gcpservicedirectoryservices + singular: servicedirectoryservice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + namespaceRef: + description: The ServiceDirectoryNamespace that this service belongs + to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ServiceDirectoryNamespace` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The serviceId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - namespaceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The resource name for the service in the + format 'projects/*/locations/*/namespaces/*/services/*'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: serviceidentities.serviceusage.cnrm.cloud.google.com +spec: + group: serviceusage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ServiceIdentity + plural: serviceidentities + shortNames: + - gcpserviceidentity + - gcpserviceidentities + singular: serviceidentity + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + email: + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: servicenetworkingconnections.servicenetworking.cnrm.cloud.google.com +spec: + group: servicenetworking.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ServiceNetworkingConnection + plural: servicenetworkingconnections + shortNames: + - gcpservicenetworkingconnection + - gcpservicenetworkingconnections + singular: servicenetworkingconnection + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + reservedPeeringRanges: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + service: + description: Immutable. Provider peering service that is managing + peering connectivity for a service provider organization. For Google + services that support this functionality it is 'servicenetworking.googleapis.com'. + type: string + required: + - networkRef + - reservedPeeringRanges + - service + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + peering: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: services.serviceusage.cnrm.cloud.google.com +spec: + group: serviceusage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: Service + plural: services + shortNames: + - gcpservice + - gcpservices + singular: service + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: serviceusageconsumerquotaoverrides.serviceusage.cnrm.cloud.google.com +spec: + group: serviceusage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ServiceUsageConsumerQuotaOverride + plural: serviceusageconsumerquotaoverrides + shortNames: + - gcpserviceusageconsumerquotaoverride + - gcpserviceusageconsumerquotaoverrides + singular: serviceusageconsumerquotaoverride + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dimensions: + additionalProperties: + type: string + description: Immutable. If this map is nonempty, then this override + applies only to specific values for dimensions defined in the limit + unit. + type: object + force: + description: |- + If the new quota would decrease the existing quota by more than 10%, the request is rejected. + If 'force' is 'true', that safety check is ignored. + type: boolean + limit: + description: |- + Immutable. The limit on the metric, e.g. '/project/region'. + + ~> Make sure that 'limit' is in a format that doesn't start with '1/' or contain curly braces. + E.g. use '/project/user' instead of '1/{project}/{user}'. + type: string + metric: + description: Immutable. The metric that should be limited, e.g. 'compute.googleapis.com/cpus'. + type: string + overrideValue: + description: The overriding quota limit value. Can be any nonnegative + integer, or -1 (unlimited quota). + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + service: + description: Immutable. The service that the metrics belong to, e.g. + 'compute.googleapis.com'. + type: string + required: + - limit + - metric + - overrideValue + - projectRef + - service + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The server-generated name of the quota override. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: sourcereporepositories.sourcerepo.cnrm.cloud.google.com +spec: + group: sourcerepo.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SourceRepoRepository + plural: sourcereporepositories + shortNames: + - gcpsourcereporepository + - gcpsourcereporepositories + singular: sourcereporepository + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + pubsubConfigs: + description: |- + How this repository publishes a change in the repository through Cloud Pub/Sub. + Keyed by the topic names. + items: + properties: + messageFormat: + description: |- + The format of the Cloud Pub/Sub messages. + - PROTOBUF: The message payload is a serialized protocol buffer of SourceRepoEvent. + - JSON: The message payload is a JSON string of SourceRepoEvent. Possible values: ["PROTOBUF", "JSON"]. + type: string + serviceAccountRef: + description: |- + Service account used for publishing Cloud Pub/Sub messages. This + service account needs to be in the same project as the + pubsubConfig. When added, the caller needs to have + iam.serviceAccounts.actAs permission on this service account. If + unspecified, it defaults to the compute engine default service + account. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `PubSubTopic` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - messageFormat + - topicRef + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + size: + description: The disk usage of the repo, in bytes. + type: integer + url: + description: URL to clone the repository from Google Cloud Source + Repositories. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: spannerdatabases.spanner.cnrm.cloud.google.com +spec: + group: spanner.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SpannerDatabase + plural: spannerdatabases + shortNames: + - gcpspannerdatabase + - gcpspannerdatabases + singular: spannerdatabase + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + databaseDialect: + description: |- + Immutable. The dialect of the Cloud Spanner Database. + If it is not provided, "GOOGLE_STANDARD_SQL" will be used. Possible values: ["GOOGLE_STANDARD_SQL", "POSTGRESQL"]. + type: string + ddl: + description: |- + An optional list of DDL statements to run inside the newly created + database. Statements can create tables, indexes, etc. These statements + execute atomically with the creation of the database: if there is an + error in any statement, the database is not created. + items: + type: string + type: array + enableDropProtection: + type: boolean + encryptionConfig: + description: Immutable. Encryption configuration for the database. + properties: + kmsKeyRef: + description: |- + Fully qualified name of the KMS key to use to encrypt this database. This key + must exist in the same location as the Spanner Database. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + instanceRef: + description: The instance to create the database on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SpannerInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + versionRetentionPeriod: + description: |- + The retention period for the database. The retention period must be between 1 hour + and 7 days, and can be specified in days, hours, minutes, or seconds. For example, + the values 1d, 24h, 1440m, and 86400s are equivalent. Default value is 1h. + If this property is used, you must avoid adding new DDL statements to 'ddl' that + update the database's version_retention_period. + type: string + required: + - instanceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: An explanation of the status of the database. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: spannerinstances.spanner.cnrm.cloud.google.com +spec: + group: spanner.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SpannerInstance + listKind: SpannerInstanceList + plural: spannerinstances + shortNames: + - gcpspannerinstance + - gcpspannerinstances + singular: spannerinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: SpannerInstance is the Schema for the SpannerInstance API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SpannerInstanceSpec defines the desired state of SpannerInstance + properties: + config: + description: Immutable. The name of the instance's configuration (similar + but not quite the same as a region) which defines the geographic + placement and replication of your databases in this instance. It + determines where your data is stored. Values are typically of the + form 'regional-europe-west1' , 'us-central' etc. In order to obtain + a valid list please consult the [Configuration section of the docs](https://cloud.google.com/spanner/docs/instances). + type: string + x-kubernetes-validations: + - message: Config field is immutable + rule: self == oldSelf + displayName: + description: The descriptive name for this instance as it appears + in UIs. Must be unique per project and between 4 and 30 characters + in length. + type: string + numNodes: + format: int64 + type: integer + processingUnits: + format: int64 + type: integer + resourceID: + description: Immutable. The SpannerInstance name. If not given, the + metadata.name will be used. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + required: + - config + - displayName + type: object + status: + description: SpannerInstanceStatus defines the config connector machine + state of SpannerInstance + properties: + conditions: + description: Conditions represent the latest available observations + of the SpannerInstance's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the SpannerInstance resource in + GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + state: + description: 'Instance status: ''CREATING'' or ''READY''.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: sqldatabases.sql.cnrm.cloud.google.com +spec: + group: sql.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SQLDatabase + plural: sqldatabases + shortNames: + - gcpsqldatabase + - gcpsqldatabases + singular: sqldatabase + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + charset: + description: |- + The charset value. See MySQL's + [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) + and Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html) + for more details and supported values. Postgres databases only support + a value of 'UTF8' at creation time. + type: string + collation: + description: |- + The collation value. See MySQL's + [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) + and Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html) + for more details and supported values. Postgres databases only support + a value of 'en_US.UTF8' at creation time. + type: string + deletionPolicy: + description: |- + The deletion policy for the database. Setting ABANDON allows the resource + to be abandoned rather than deleted. This is useful for Postgres, where databases cannot be + deleted from the API if there are users other than cloudsqlsuperuser with access. Possible + values are: "ABANDON", "DELETE". Defaults to "DELETE". + type: string + instanceRef: + description: The Cloud SQL instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SQLInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - instanceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: sqlinstances.sql.cnrm.cloud.google.com +spec: + group: sql.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SQLInstance + listKind: SQLInstanceList + plural: sqlinstances + shortNames: + - gcpsqlinstance + - gcpsqlinstances + singular: sqlinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: SQLInstance is the Schema for the sql API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cloneSource: + description: Create this database as a clone of a source instance. + Immutable. + properties: + binLogCoordinates: + description: Binary log coordinates, if specified, identify the + position up to which the source instance is cloned. If not specified, + the source instance is cloned up to the most recent binary log + coordinates. + properties: + binLogFileName: + description: Name of the binary log file for a Cloud SQL instance. + type: string + binLogPosition: + description: Position (offset) within the binary log file. + format: int64 + type: integer + type: object + databaseNames: + description: (SQL Server only) Clone only the specified databases + from the source instance. Clone all databases if empty. + items: + type: string + type: array + pointInTime: + description: Timestamp, if specified, identifies the time to which + the source instance is cloned. + type: string + sqlInstanceRef: + description: The source SQLInstance to clone + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The SQLInstance selfLink, when not managed by + Config Connector. + type: string + name: + description: The `name` field of a `SQLInstance` resource. + type: string + namespace: + description: The `namespace` field of a `SQLInstance` resource. + type: string + type: object + type: object + databaseVersion: + description: The MySQL, PostgreSQL or SQL Server (beta) version to + use. Supported values include MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6, + POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, + POSTGRES_15, SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, + SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB. Database Version Policies + includes an up-to-date reference of supported versions. + type: string + encryptionKMSCryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed KMSCryptoKey. + Should be in the format `projects/[kms_project_id]/locations/[region]/keyRings/[key_ring_id]/cryptoKeys/[key]`. + type: string + name: + description: The `name` of a `KMSCryptoKey` resource. + type: string + namespace: + description: The `namespace` of a `KMSCryptoKey` resource. + type: string + type: object + instanceType: + description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', + 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. + type: string + maintenanceVersion: + description: Maintenance version. + type: string + masterInstanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The SQLInstance selfLink, when not managed by Config + Connector. + type: string + name: + description: The `name` field of a `SQLInstance` resource. + type: string + namespace: + description: The `namespace` field of a `SQLInstance` resource. + type: string + type: object + region: + description: Immutable. The region the instance will sit in. Note, + Cloud SQL is not available in all regions. A valid region must be + provided to use this resource. If a region is not provided in the + resource definition, the provider region will be used instead, but + this will be an apply-time error for instances if the provider region + is not supported with Cloud SQL. If you choose not to provide the + region argument for this resource, make sure you understand this. + type: string + replicaConfiguration: + description: The configuration for replication. + properties: + caCertificate: + description: Immutable. PEM representation of the trusted CA's + x509 certificate. + type: string + clientCertificate: + description: Immutable. PEM representation of the replica's x509 + certificate. + type: string + clientKey: + description: Immutable. PEM representation of the replica's private + key. The corresponding public key in encoded in the client_certificate. + type: string + connectRetryInterval: + description: Immutable. The number of seconds between connect + retries. MySQL's default is 60 seconds. + format: int64 + type: integer + dumpFilePath: + description: Immutable. Path to a SQL file in Google Cloud Storage + from which replica instances are created. Format is gs://bucket/filename. + type: string + failoverTarget: + description: Immutable. Specifies if the replica is the failover + target. If the field is set to true the replica will be designated + as a failover replica. If the master instance fails, the replica + instance will be promoted as the new master instance. Not supported + for Postgres. + type: boolean + masterHeartbeatPeriod: + description: Immutable. Time in ms between replication heartbeats. + format: int64 + type: integer + password: + description: Immutable. Password for the replication connection. + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - key + - name + type: object + type: object + type: object + sslCipher: + description: Immutable. Permissible ciphers for use in SSL encryption. + type: string + username: + description: Immutable. Username for replication connection. + type: string + verifyServerCertificate: + description: Immutable. True if the master's common name value + is checked during the SSL handshake. + type: boolean + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rootPassword: + description: Initial root password. Required for MS SQL Server. + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - key + - name + type: object + type: object + type: object + settings: + description: The settings to use for the database. The configuration + is detailed below. + properties: + activationPolicy: + description: This specifies when the instance should be active. + Can be either ALWAYS, NEVER or ON_DEMAND. + type: string + activeDirectoryConfig: + properties: + domain: + description: Domain name of the Active Directory for SQL Server + (e.g., mydomain.com). + type: string + required: + - domain + type: object + advancedMachineFeatures: + properties: + threadsPerCore: + description: The number of threads per physical core. Can + be 1 or 2. + format: int64 + type: integer + type: object + authorizedGaeApplications: + description: DEPRECATED. This property is only applicable to First + Generation instances, and First Generation instances are now + deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice + for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove + this field from your configuration. + items: + type: string + type: array + availabilityType: + description: The availability type of the Cloud SQL instance, + high availability (REGIONAL) or single zone (ZONAL). For all + instances, ensure that settings.backup_configuration.enabled + is set to true. For MySQL instances, ensure that settings.backup_configuration.binary_log_enabled + is set to true. For Postgres instances, ensure that settings.backup_configuration.point_in_time_recovery_enabled + is set to true. Defaults to ZONAL. + type: string + backupConfiguration: + properties: + backupRetentionSettings: + properties: + retainedBackups: + description: Number of backups to retain. + format: int64 + type: integer + retentionUnit: + description: The unit that 'retainedBackups' represents. + Defaults to COUNT. + type: string + required: + - retainedBackups + type: object + binaryLogEnabled: + description: True if binary logging is enabled. If settings.backup_configuration.enabled + is false, this must be as well. Can only be used with MySQL. + type: boolean + enabled: + description: True if backup configuration is enabled. + type: boolean + location: + description: Location of the backup configuration. + type: string + pointInTimeRecoveryEnabled: + description: True if Point-in-time recovery is enabled. + type: boolean + startTime: + description: HH:MM format time indicating when backup configuration + starts. + type: string + transactionLogRetentionDays: + description: The number of days of transaction logs we retain + for point in time restore, from 1-7. (For PostgreSQL Enterprise + Plus instances, from 1 to 35.). + format: int64 + type: integer + type: object + collation: + description: Immutable. The name of server instance collation. + type: string + connectorEnforcement: + description: Specifies if connections must use Cloud SQL connectors. + type: string + crashSafeReplication: + description: DEPRECATED. This property is only applicable to First + Generation instances, and First Generation instances are now + deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice + for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove + this field from your configuration. + type: boolean + dataCacheConfig: + description: Data cache configurations. + properties: + dataCacheEnabled: + description: Whether data cache is enabled for the instance. + type: boolean + type: object + databaseFlags: + items: + properties: + name: + description: Name of the flag. + type: string + value: + description: Value of the flag. + type: string + required: + - name + - value + type: object + type: array + deletionProtectionEnabled: + description: Configuration to protect against accidental instance + deletion. + type: boolean + denyMaintenancePeriod: + properties: + endDate: + description: End date before which maintenance will not take + place. The date is in format yyyy-mm-dd i.e., 2020-11-01, + or mm-dd, i.e., 11-01. + type: string + startDate: + description: Start date after which maintenance will not take + place. The date is in format yyyy-mm-dd i.e., 2020-11-01, + or mm-dd, i.e., 11-01. + type: string + time: + description: 'Time in UTC when the "deny maintenance period" + starts on start_date and ends on end_date. The time is in + format: HH:mm:SS, i.e., 00:00:00.' + type: string + required: + - endDate + - startDate + - time + type: object + diskAutoresize: + description: Enables auto-resizing of the storage size. Defaults + to true. + type: boolean + diskAutoresizeLimit: + description: The maximum size, in GB, to which storage capacity + can be automatically increased. The default value is 0, which + specifies that there is no limit. + format: int64 + type: integer + diskSize: + description: The size of data disk, in GB. Size of a running instance + cannot be reduced but can be increased. The minimum value is + 10GB. + format: int64 + type: integer + diskType: + description: 'Immutable. The type of data disk: PD_SSD or PD_HDD. + Defaults to PD_SSD.' + type: string + edition: + description: The edition of the instance, can be ENTERPRISE or + ENTERPRISE_PLUS. + type: string + insightsConfig: + description: Configuration of Query Insights. + properties: + queryInsightsEnabled: + description: True if Query Insights feature is enabled. + type: boolean + queryPlansPerMinute: + description: Number of query execution plans captured by Insights + per minute for all queries combined. Between 0 and 20. Default + to 5. + format: int64 + type: integer + queryStringLength: + description: Maximum query length stored in bytes. Between + 256 and 4500. Default to 1024. + format: int64 + type: integer + recordApplicationTags: + description: True if Query Insights will record application + tags from query when enabled. + type: boolean + recordClientAddress: + description: True if Query Insights will record client address + when enabled. + type: boolean + type: object + ipConfiguration: + properties: + allocatedIpRange: + description: 'The name of the allocated ip range for the private + ip CloudSQL instance. For example: "google-managed-services-default". + If set, the instance ip will be created in the allocated + range. The range name must comply with RFC 1035. Specifically, + the name must be 1-63 characters long and match the regular + expression [a-z]([-a-z0-9]*[a-z0-9])?.' + type: string + authorizedNetworks: + items: + properties: + expirationTime: + type: string + name: + type: string + value: + type: string + required: + - value + type: object + type: array + enablePrivatePathForGoogleCloudServices: + description: Whether Google Cloud services such as BigQuery + are allowed to access data in this Cloud SQL instance over + a private IP connection. SQLSERVER database type is not + supported. + type: boolean + ipv4Enabled: + description: Whether this Cloud SQL instance should be assigned + a public IPV4 address. At least ipv4_enabled must be enabled + or a private_network must be configured. + type: boolean + privateNetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed Compute + Network resource. Should be in the format `projects//global/networks/`. + type: string + name: + description: The `name` field of a `ComputeNetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeNetwork` + resource. + type: string + type: object + pscConfig: + description: PSC settings for a Cloud SQL instance. + items: + properties: + allowedConsumerProjects: + description: List of consumer projects that are allow-listed + for PSC connections to this instance. This instance + can be connected to with PSC from any network in these + projects. Each consumer project in this list may be + represented by a project number (numeric) or by a + project id (alphanumeric). + items: + type: string + type: array + pscEnabled: + description: Whether PSC connectivity is enabled for + this instance. + type: boolean + type: object + type: array + requireSsl: + type: boolean + sslMode: + description: Specify how SSL connection should be enforced + in DB connections. This field provides more SSL enforcment + options compared to requireSsl. To change this field, also + set the correspoding value in requireSsl if it has been + set. + type: string + type: object + locationPreference: + properties: + followGaeApplication: + description: A Google App Engine application whose zone to + remain in. Must be in the same region as this instance. + type: string + secondaryZone: + description: The preferred Compute Engine zone for the secondary/failover. + type: string + zone: + description: The preferred compute engine zone. + type: string + type: object + maintenanceWindow: + description: Declares a one-hour maintenance window when an Instance + can automatically restart to apply updates. The maintenance + window is specified in UTC time. + properties: + day: + description: Day of week (1-7), starting on Monday. + format: int64 + type: integer + hour: + description: Hour of day (0-23), ignored if day not set. + format: int64 + type: integer + updateTrack: + description: Receive updates earlier (canary) or later (stable). + type: string + type: object + passwordValidationPolicy: + properties: + complexity: + description: Password complexity. + type: string + disallowUsernameSubstring: + description: Disallow username as a part of the password. + type: boolean + enablePasswordPolicy: + description: Whether the password policy is enabled or not. + type: boolean + minLength: + description: Minimum number of characters allowed. + format: int64 + type: integer + passwordChangeInterval: + description: Minimum interval after which the password can + be changed. This flag is only supported for PostgresSQL. + type: string + reuseInterval: + description: Number of previous passwords that cannot be reused. + format: int64 + type: integer + required: + - enablePasswordPolicy + type: object + pricingPlan: + description: Pricing plan for this instance, can only be PER_USE. + type: string + replicationType: + description: DEPRECATED. This property is only applicable to First + Generation instances, and First Generation instances are now + deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice + for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove + this field from your configuration. + type: string + sqlServerAuditConfig: + properties: + bucketRef: + description: The name of the destination bucket (e.g., gs://mybucket). + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The StorageBucket selfLink, when not managed + by Config Connector. + type: string + name: + description: The `name` field of a `StorageBucket` resource. + type: string + namespace: + description: The `namespace` field of a `StorageBucket` + resource. + type: string + type: object + retentionInterval: + description: 'How long to keep generated audit files. A duration + in seconds with up to nine fractional digits, terminated + by ''s''. Example: "3.5s"..' + type: string + uploadInterval: + description: 'How often to upload generated audit files. A + duration in seconds with up to nine fractional digits, terminated + by ''s''. Example: "3.5s".' + type: string + type: object + tier: + description: The machine type to use. See tiers for more details + and supported versions. Postgres supports only shared-core machine + types, and custom machine types such as db-custom-2-13312. See + the Custom Machine Type Documentation to learn about specifying + custom machine types. + type: string + timeZone: + description: Immutable. The time_zone to be used by the database + engine (supported only for SQL Server), in SQL Server timezone + format. + type: string + required: + - tier + type: object + required: + - settings + type: object + status: + properties: + availableMaintenanceVersions: + description: Available Maintenance versions. + items: + type: string + type: array + conditions: + description: Conditions represent the latest available observations + of the SQLInstance's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + connectionName: + description: The connection name of the instance to be used in connection + strings. For example, when connecting with Cloud SQL Proxy. + type: string + dnsName: + description: The dns name of the instance. + type: string + firstIpAddress: + type: string + instanceType: + description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', + 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. + type: string + ipAddress: + items: + properties: + ipAddress: + type: string + timeToRetire: + type: string + type: + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + privateIpAddress: + type: string + pscServiceAttachmentLink: + description: The link to service attachment of PSC instance. + type: string + publicIpAddress: + type: string + selfLink: + description: The URI of the created resource. + type: string + serverCaCert: + properties: + cert: + description: The CA Certificate used to connect to the SQL Instance + via SSL. + type: string + commonName: + description: The CN valid for the CA Cert. + type: string + createTime: + description: Creation time of the CA Cert. + type: string + expirationTime: + description: Expiration time of the CA Cert. + type: string + sha1Fingerprint: + description: SHA Fingerprint of the CA Cert. + type: string + type: object + serviceAccountEmailAddress: + description: The service account email address assigned to the instance. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: sqlsslcerts.sql.cnrm.cloud.google.com +spec: + group: sql.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SQLSSLCert + plural: sqlsslcerts + shortNames: + - gcpsqlsslcert + - gcpsqlsslcerts + singular: sqlsslcert + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + commonName: + description: Immutable. The common name to be used in the certificate + to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this + forces a new resource to be created. + type: string + instanceRef: + description: The Cloud SQL instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SQLInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated sha1Fingerprint + of the resource. Used for acquisition only. Leave unset to create + a new resource. + type: string + required: + - commonName + - instanceRef + type: object + status: + properties: + cert: + description: The actual certificate data for this client certificate. + type: string + certSerialNumber: + description: The serial number extracted from the certificate data. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the certificate was created in RFC 3339 + format, for example 2012-11-15T16:19:00.094Z. + type: string + expirationTime: + description: The time when the certificate expires in RFC 3339 format, + for example 2012-11-15T16:19:00.094Z. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + privateKey: + description: The private key associated with the client certificate. + type: string + serverCaCert: + description: The CA cert of the server this client cert was generated + from. + type: string + sha1Fingerprint: + description: The SHA1 Fingerprint of the certificate. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: sqlusers.sql.cnrm.cloud.google.com +spec: + group: sql.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SQLUser + plural: sqlusers + shortNames: + - gcpsqluser + - gcpsqlusers + singular: sqluser + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + host: + description: Immutable. The host the user can connect from. This is + only supported for MySQL instances. Don't set this field for PostgreSQL + instances. Can be an IP address. Changing this forces a new resource + to be created. + type: string + instanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SQLInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + password: + description: |- + The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to + either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + passwordPolicy: + properties: + allowedFailedAttempts: + description: Number of failed attempts allowed before the user + get locked. + type: integer + enableFailedAttemptsCheck: + description: If true, the check that will lock user after too + many failed login attempts will be enabled. + type: boolean + enablePasswordVerification: + description: If true, the user must specify the current password + before changing the password. This flag is supported only for + MySQL. + type: boolean + passwordExpirationDuration: + description: Password expiration duration with one week grace + period. + type: string + status: + items: + properties: + locked: + description: If true, user does not have login privileges. + type: boolean + passwordExpirationTime: + description: Password expiration duration with one week + grace period. + type: string + type: object + type: array + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The user type. It determines the method to authenticate the user during login. + The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", or "CLOUD_IAM_SERVICE_ACCOUNT". + type: string + required: + - instanceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + sqlServerUserDetails: + items: + properties: + disabled: + description: If the user has been disabled. + type: boolean + serverRoles: + description: The server roles for this user in the database. + items: + type: string + type: array + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: storagebucketaccesscontrols.storage.cnrm.cloud.google.com +spec: + group: storage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: StorageBucketAccessControl + plural: storagebucketaccesscontrols + shortNames: + - gcpstoragebucketaccesscontrol + - gcpstoragebucketaccesscontrols + singular: storagebucketaccesscontrol + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bucketRef: + description: Reference to the bucket. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + entity: + description: |- + Immutable. The entity holding the permission, in one of the following forms: + user-userId + user-email + group-groupId + group-email + domain-domain + project-team-projectId + allUsers + allAuthenticatedUsers + Examples: + The user liz@example.com would be user-liz@example.com. + The group example@googlegroups.com would be + group-example@googlegroups.com. + To refer to all members of the Google Apps for Business domain + example.com, the entity would be domain-example.com. + type: string + role: + description: 'The access permission for the entity. Possible values: + ["OWNER", "READER", "WRITER"].' + type: string + required: + - bucketRef + - entity + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + domain: + description: The domain associated with the entity. + type: string + email: + description: The email address associated with the entity. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: storagebuckets.storage.cnrm.cloud.google.com +spec: + group: storage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: StorageBucket + plural: storagebuckets + shortNames: + - gcpstoragebucket + - gcpstoragebuckets + singular: storagebucket + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoclass: + description: The bucket's autoclass configuration. + properties: + enabled: + description: While set to true, autoclass automatically transitions + objects in your bucket to appropriate storage classes based + on each object's access pattern. + type: boolean + required: + - enabled + type: object + bucketPolicyOnly: + description: |- + DEPRECATED. Please use the `uniformBucketLevelAccess` field as this field has been renamed by Google. The `uniformBucketLevelAccess` field will supersede this field. + Enables Bucket PolicyOnly access to a bucket. + type: boolean + cors: + description: The bucket's Cross-Origin Resource Sharing (CORS) configuration. + items: + properties: + maxAgeSeconds: + description: The value, in seconds, to return in the Access-Control-Max-Age + header used in preflight responses. + type: integer + method: + description: 'The list of HTTP methods on which to include CORS + response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted + in the list of methods, and means "any method".' + items: + type: string + type: array + origin: + description: 'The list of Origins eligible to receive CORS response + headers. Note: "*" is permitted in the list of origins, and + means "any Origin".' + items: + type: string + type: array + responseHeader: + description: The list of HTTP headers other than the simple + response headers to give permission for the user-agent to + share across domains. + items: + type: string + type: array + type: object + type: array + customPlacementConfig: + description: The bucket's custom location configuration, which specifies + the individual regions that comprise a dual-region bucket. If the + bucket is designated a single or multi-region, the parameters are + empty. + properties: + dataLocations: + description: 'Immutable. The list of individual regions that comprise + a dual-region bucket. See the docs for a list of acceptable + regions. Note: If any of the data_locations changes, it will + recreate the bucket.' + items: + type: string + type: array + required: + - dataLocations + type: object + defaultEventBasedHold: + description: Whether or not to automatically apply an eventBasedHold + to new objects added to the bucket. + type: boolean + encryption: + description: The bucket's encryption configuration. + properties: + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + lifecycleRule: + description: The bucket's Lifecycle Rules configuration. + items: + properties: + action: + description: The Lifecycle Rule's action configuration. A single + block of this type is supported. + properties: + storageClass: + description: 'The target Storage Class of objects affected + by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, + REGIONAL, NEARLINE, COLDLINE, ARCHIVE.' + type: string + type: + description: 'The type of the action of this Lifecycle Rule. + Supported values include: Delete, SetStorageClass and + AbortIncompleteMultipartUpload.' + type: string + required: + - type + type: object + condition: + description: The Lifecycle Rule's condition configuration. + properties: + age: + description: Minimum age of an object in days to satisfy + this condition. + type: integer + createdBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + customTimeBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + daysSinceCustomTime: + description: Number of days elapsed since the user-specified + timestamp set on an object. + type: integer + daysSinceNoncurrentTime: + description: "Number of days elapsed since the noncurrent + timestamp of an object. This\n\t\t\t\t\t\t\t\t\t\tcondition + is relevant only for versioned objects." + type: integer + matchesPrefix: + description: One or more matching name prefixes to satisfy + this condition. + items: + type: string + type: array + matchesStorageClass: + description: 'Storage Class of objects to satisfy this condition. + Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, + COLDLINE, ARCHIVE, STANDARD, DURABLE_REDUCED_AVAILABILITY.' + items: + type: string + type: array + matchesSuffix: + description: One or more matching name suffixes to satisfy + this condition. + items: + type: string + type: array + noncurrentTimeBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + numNewerVersions: + description: Relevant only for versioned objects. The number + of newer versions of an object to satisfy this condition. + type: integer + withState: + description: 'Match to live and/or archived objects. Unversioned + buckets have only live objects. Supported values include: + "LIVE", "ARCHIVED", "ANY".' + type: string + type: object + required: + - action + - condition + type: object + type: array + location: + default: US + description: Immutable. The Google Cloud Storage location. + type: string + logging: + description: The bucket's Access & Storage Logs configuration. + properties: + logBucket: + description: The bucket that will receive log objects. + type: string + logObjectPrefix: + description: The object prefix for log objects. If it's not provided, + by default Google Cloud Storage sets this to this bucket's name. + type: string + required: + - logBucket + type: object + publicAccessPrevention: + description: Prevents public access to a bucket. + type: string + requesterPays: + description: Enables Requester Pays on a storage bucket. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retentionPolicy: + description: Configuration of the bucket's data retention policy for + how long objects in the bucket should be retained. + properties: + isLocked: + description: 'If set to true, the bucket will be locked and permanently + restrict edits to the bucket''s retention policy. Caution: + Locking a bucket is an irreversible action.' + type: boolean + retentionPeriod: + description: The period of time, in seconds, that objects in the + bucket must be retained and cannot be deleted, overwritten, + or archived. The value must be less than 3,155,760,000 seconds. + type: integer + required: + - retentionPeriod + type: object + softDeletePolicy: + description: The bucket's soft delete policy, which defines the period + of time that soft-deleted objects will be retained, and cannot be + permanently deleted. If it is not provided, by default Google Cloud + Storage sets this to default soft delete policy. + properties: + retentionDurationSeconds: + description: The duration in seconds that soft-deleted objects + in the bucket will be retained and cannot be permanently deleted. + Default value is 604800. + type: integer + type: object + storageClass: + description: 'The Storage Class of the new bucket. Supported values + include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, + ARCHIVE.' + type: string + uniformBucketLevelAccess: + description: Enables uniform bucket-level access on a bucket. + type: boolean + versioning: + description: The bucket's Versioning configuration. + properties: + enabled: + description: While set to true, versioning is fully enabled for + this bucket. + type: boolean + required: + - enabled + type: object + website: + description: Configuration if the bucket acts as a website. + properties: + mainPageSuffix: + description: Behaves as the bucket's directory index where missing + objects are treated as potential directories. + type: string + notFoundPage: + description: The custom object to return when a requested resource + is not found. + type: string + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + softDeletePolicy: + description: The bucket's soft delete policy, which defines the + period of time that soft-deleted objects will be retained, and + cannot be permanently deleted. If it is not provided, by default + Google Cloud Storage sets this to default soft delete policy. + properties: + effectiveTime: + description: Server-determined value that indicates the time + from which the policy, or one with a greater retention, + was effective. This value is in RFC 3339 format. + type: string + retentionDurationSeconds: + description: The duration in seconds that soft-deleted objects + in the bucket will be retained and cannot be permanently + deleted. Default value is 604800. + type: integer + type: object + type: object + selfLink: + description: The URI of the created resource. + type: string + url: + description: The base URL of the bucket, in the format gs://. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: storagedefaultobjectaccesscontrols.storage.cnrm.cloud.google.com +spec: + group: storage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: StorageDefaultObjectAccessControl + plural: storagedefaultobjectaccesscontrols + shortNames: + - gcpstoragedefaultobjectaccesscontrol + - gcpstoragedefaultobjectaccesscontrols + singular: storagedefaultobjectaccesscontrol + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bucketRef: + description: Reference to the bucket. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + entity: + description: |- + The entity holding the permission, in one of the following forms: + * user-{{userId}} + * user-{{email}} (such as "user-liz@example.com") + * group-{{groupId}} + * group-{{email}} (such as "group-example@googlegroups.com") + * domain-{{domain}} (such as "domain-example.com") + * project-team-{{projectId}} + * allUsers + * allAuthenticatedUsers. + type: string + object: + description: The name of the object, if applied to an object. + type: string + role: + description: 'The access permission for the entity. Possible values: + ["OWNER", "READER"].' + type: string + required: + - bucketRef + - entity + - role + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + domain: + description: The domain associated with the entity. + type: string + email: + description: The email address associated with the entity. + type: string + entityId: + description: The ID for the entity. + type: string + generation: + description: The content generation of the object, if applied to an + object. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + projectTeam: + description: The project team associated with the entity. + properties: + projectNumber: + description: The project team associated with the entity. + type: string + team: + description: 'The team. Possible values: ["editors", "owners", + "viewers"].' + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: storagehmackeys.storage.cnrm.cloud.google.com +spec: + group: storage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: StorageHMACKey + plural: storagehmackeys + shortNames: + - gcpstoragehmackey + - gcpstoragehmackeys + singular: storagehmackey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated accessId of + the resource. Used for acquisition only. Leave unset to create a + new resource. + type: string + serviceAccountEmail: + description: Immutable. The email address of the key's associated + service account. + type: string + state: + description: 'The state of the key. Can be set to one of ACTIVE, INACTIVE. + Default value: "ACTIVE" Possible values: ["ACTIVE", "INACTIVE"].' + type: string + required: + - projectRef + - serviceAccountEmail + type: object + status: + properties: + accessId: + description: The access ID of the HMAC Key. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + secret: + description: HMAC secret key material. + type: string + timeCreated: + description: '''The creation time of the HMAC key in RFC 3339 format. + ''.' + type: string + updated: + description: '''The last modification time of the HMAC key metadata + in RFC 3339 format.''.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: storagenotifications.storage.cnrm.cloud.google.com +spec: + group: storage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: StorageNotification + plural: storagenotifications + shortNames: + - gcpstoragenotification + - gcpstoragenotifications + singular: storagenotification + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + customAttributes: + additionalProperties: + type: string + description: Immutable. A set of key/value attribute pairs to attach + to each Cloud Pub/Sub message published for this notification subscription. + type: object + eventTypes: + description: 'Immutable. List of event type filters for this notification + config. If not specified, Cloud Storage will send notifications + for all event types. The valid types are: "OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE", + "OBJECT_DELETE", "OBJECT_ARCHIVE".' + items: + type: string + type: array + objectNamePrefix: + description: Immutable. Specifies a prefix path filter for this notification + config. Cloud Storage will only send notifications for objects in + this bucket whose names begin with the specified prefix. + type: string + payloadFormat: + description: Immutable. The desired content of the Payload. One of + "JSON_API_V1" or "NONE". + type: string + resourceID: + description: Immutable. Optional. The service-generated notificationId + of the resource. Used for acquisition only. Leave unset to create + a new resource. + type: string + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - bucketRef + - payloadFormat + - topicRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + notificationId: + description: The ID of the created notification. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: storagetransferagentpools.storagetransfer.cnrm.cloud.google.com +spec: + group: storagetransfer.cnrm.cloud.google.com + names: + categories: + - gcp + kind: StorageTransferAgentPool + plural: storagetransferagentpools + shortNames: + - gcpstoragetransferagentpool + - gcpstoragetransferagentpools + singular: storagetransferagentpool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bandwidthLimit: + description: Specifies the bandwidth limit details. If this field + is unspecified, the default value is set as 'No Limit'. + properties: + limitMbps: + description: Bandwidth rate in megabytes per second, distributed + across all the agents in the pool. + type: string + required: + - limitMbps + type: object + displayName: + description: Specifies the client-specified AgentPool description. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: Specifies the state of the AgentPool. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: storagetransferjobs.storagetransfer.cnrm.cloud.google.com +spec: + group: storagetransfer.cnrm.cloud.google.com + names: + categories: + - gcp + kind: StorageTransferJob + plural: storagetransferjobs + shortNames: + - gcpstoragetransferjob + - gcpstoragetransferjobs + singular: storagetransferjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Unique description to identify the Transfer Job. + type: string + notificationConfig: + description: Notification configuration. + properties: + eventTypes: + description: Event types for which a notification is desired. + If empty, send notifications for all event types. The valid + types are "TRANSFER_OPERATION_SUCCESS", "TRANSFER_OPERATION_FAILED", + "TRANSFER_OPERATION_ABORTED". + items: + type: string + type: array + payloadFormat: + description: The desired format of the notification message payloads. + One of "NONE" or "JSON". + type: string + topicRef: + description: The PubSubTopic to which to publish notifications. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - payloadFormat + - topicRef + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + schedule: + description: Schedule specification defining when the Transfer Job + should be scheduled to start, end and what time to run. + properties: + repeatInterval: + description: 'Interval between the start of each scheduled transfer. + If unspecified, the default value is 24 hours. This value may + not be less than 1 hour. A duration in seconds with up to nine + fractional digits, terminated by ''s''. Example: "3.5s".' + type: string + scheduleEndDate: + description: The last day the recurring transfer will be run. + If schedule_end_date is the same as schedule_start_date, the + transfer will be executed only once. + properties: + day: + description: Day of month. Must be from 1 to 31 and valid + for the year and month. + type: integer + month: + description: Month of year. Must be from 1 to 12. + type: integer + year: + description: Year of date. Must be from 1 to 9999. + type: integer + required: + - day + - month + - year + type: object + scheduleStartDate: + description: The first day the recurring transfer is scheduled + to run. If schedule_start_date is in the past, the transfer + will run for the first time on the following day. + properties: + day: + description: Day of month. Must be from 1 to 31 and valid + for the year and month. + type: integer + month: + description: Month of year. Must be from 1 to 12. + type: integer + year: + description: Year of date. Must be from 1 to 9999. + type: integer + required: + - day + - month + - year + type: object + startTimeOfDay: + description: The time in UTC at which the transfer will be scheduled + to start in a day. Transfers may start later than this time. + If not specified, recurring and one-time transfers that are + scheduled to run today will run immediately; recurring transfers + that are scheduled to run on a future date will start at approximately + midnight UTC on that date. Note that when configuring a transfer + with the Cloud Platform Console, the transfer's start time in + a day is specified in your local timezone. + properties: + hours: + description: Hours of day in 24 hour format. Should be from + 0 to 23. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must be + from 0 to 999,999,999. + type: integer + seconds: + description: Seconds of minutes of the time. Must normally + be from 0 to 59. + type: integer + required: + - hours + - minutes + - nanos + - seconds + type: object + required: + - scheduleStartDate + type: object + status: + description: 'Status of the job. Default: ENABLED. NOTE: The effect + of the new job status takes place during a subsequent job run. For + example, if you change the job status from ENABLED to DISABLED, + and an operation spawned by the transfer is running, the status + change would not affect the current operation.' + type: string + transferSpec: + description: Transfer specification. + properties: + awsS3DataSource: + description: An AWS S3 data source. + properties: + awsAccessKey: + description: AWS credentials block. + properties: + accessKeyId: + description: AWS Key ID. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + secretAccessKey: + description: AWS Secret Access Key. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - accessKeyId + - secretAccessKey + type: object + bucketName: + description: S3 Bucket name. + type: string + path: + description: S3 Bucket path in bucket to transfer. + type: string + roleArn: + description: The Amazon Resource Name (ARN) of the role to + support temporary credentials via 'AssumeRoleWithWebIdentity'. + For more information about ARNs, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns). + When a role ARN is provided, Transfer Service fetches temporary + credentials for the session using a 'AssumeRoleWithWebIdentity' + call for the provided role using the [GoogleServiceAccount][] + for this project. + type: string + required: + - bucketName + type: object + azureBlobStorageDataSource: + description: An Azure Blob Storage data source. + properties: + azureCredentials: + description: ' Credentials used to authenticate API requests + to Azure.' + properties: + sasToken: + description: Azure shared access signature. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - sasToken + type: object + container: + description: The container to transfer from the Azure Storage + account. + type: string + path: + description: Root path to transfer objects. Must be an empty + string or full path name that ends with a '/'. This field + is treated as an object prefix. As such, it should generally + not begin with a '/'. + type: string + storageAccount: + description: The name of the Azure Storage account. + type: string + required: + - azureCredentials + - container + - storageAccount + type: object + gcsDataSink: + description: A Google Cloud Storage data sink. + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + path: + description: Google Cloud Storage path in bucket to transfer. + type: string + required: + - bucketRef + type: object + gcsDataSource: + description: A Google Cloud Storage data source. + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + path: + description: Google Cloud Storage path in bucket to transfer. + type: string + required: + - bucketRef + type: object + httpDataSource: + description: A HTTP URL data source. + properties: + listUrl: + description: The URL that points to the file that stores the + object list entries. This file must allow public access. + Currently, only URLs with HTTP and HTTPS schemes are supported. + type: string + required: + - listUrl + type: object + objectConditions: + description: Only objects that satisfy these object conditions + are included in the set of data source and data sink objects. + Object conditions based on objects' last_modification_time do + not exclude objects in a data sink. + properties: + excludePrefixes: + description: exclude_prefixes must follow the requirements + described for include_prefixes. + items: + type: string + type: array + includePrefixes: + description: If include_refixes is specified, objects that + satisfy the object conditions must have names that start + with one of the include_prefixes and that do not start with + any of the exclude_prefixes. If include_prefixes is not + specified, all objects except those that have names starting + with one of the exclude_prefixes must satisfy the object + conditions. + items: + type: string + type: array + lastModifiedBefore: + description: 'If specified, only objects with a "last modification + time" before this timestamp and objects that don''t have + a "last modification time" are transferred. A timestamp + in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" + and "2014-10-02T15:01:23.045123456Z".' + type: string + lastModifiedSince: + description: 'If specified, only objects with a "last modification + time" on or after this timestamp and objects that don''t + have a "last modification time" are transferred. A timestamp + in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" + and "2014-10-02T15:01:23.045123456Z".' + type: string + maxTimeElapsedSinceLastModification: + description: 'A duration in seconds with up to nine fractional + digits, terminated by ''s''. Example: "3.5s".' + type: string + minTimeElapsedSinceLastModification: + description: 'A duration in seconds with up to nine fractional + digits, terminated by ''s''. Example: "3.5s".' + type: string + type: object + posixDataSink: + description: A POSIX filesystem data sink. + properties: + rootDirectory: + description: Root directory path to the filesystem. + type: string + required: + - rootDirectory + type: object + posixDataSource: + description: A POSIX filesystem data source. + properties: + rootDirectory: + description: Root directory path to the filesystem. + type: string + required: + - rootDirectory + type: object + sinkAgentPoolName: + description: Immutable. Specifies the agent pool name associated + with the posix data source. When unspecified, the default name + is used. + type: string + sourceAgentPoolName: + description: Immutable. Specifies the agent pool name associated + with the posix data source. When unspecified, the default name + is used. + type: string + transferOptions: + description: Characteristics of how to treat files from datasource + and sink during job. If the option delete_objects_unique_in_sink + is true, object conditions based on objects' last_modification_time + are ignored and do not exclude objects in a data source or a + data sink. + properties: + deleteObjectsFromSourceAfterTransfer: + description: Whether objects should be deleted from the source + after they are transferred to the sink. Note that this option + and delete_objects_unique_in_sink are mutually exclusive. + type: boolean + deleteObjectsUniqueInSink: + description: Whether objects that exist only in the sink should + be deleted. Note that this option and delete_objects_from_source_after_transfer + are mutually exclusive. + type: boolean + overwriteObjectsAlreadyExistingInSink: + description: Whether overwriting objects that already exist + in the sink is allowed. + type: boolean + overwriteWhen: + description: When to overwrite objects that already exist + in the sink. If not set, overwrite behavior is determined + by overwriteObjectsAlreadyExistingInSink. + type: string + type: object + type: object + required: + - description + - transferSpec + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTime: + description: When the Transfer Job was created. + type: string + deletionTime: + description: When the Transfer Job was deleted. + type: string + lastModificationTime: + description: When the Transfer Job was last modified. + type: string + name: + description: The name of the Transfer Job. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: tagslocationtagbindings.tags.cnrm.cloud.google.com +spec: + group: tags.cnrm.cloud.google.com + names: + categories: + - gcp + kind: TagsLocationTagBinding + plural: tagslocationtagbindings + shortNames: + - gcptagslocationtagbinding + - gcptagslocationtagbindings + singular: tagslocationtagbinding + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: + description: |- + Immutable. The geographic location where the transfer config should reside. + Examples: US, EU, asia-northeast1. The default value is US. + type: string + parentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `//cloudresourcemanager.googleapis.com/projects/{{value}}`, + where {{value}} is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + tagValueRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `tagValues/{{value}}`, + where {{value}} is the `name` field of a `TagsTagValue` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - parentRef + - tagValueRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The generated id for the TagBinding. This is a string + of the form: ''tagBindings/{full-resource-name}/{tag-value-name}''.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: tagstagbindings.tags.cnrm.cloud.google.com +spec: + group: tags.cnrm.cloud.google.com + names: + categories: + - gcp + kind: TagsTagBinding + plural: tagstagbindings + shortNames: + - gcptagstagbinding + - gcptagstagbindings + singular: tagstagbinding + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + parentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `//cloudresourcemanager.googleapis.com/projects/{{value}}`, + where {{value}} is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + tagValueRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `tagValues/{{value}}`, + where {{value}} is the `name` field of a `TagsTagValue` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - parentRef + - tagValueRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The generated id for the TagBinding. This is a string + of the form: ''tagBindings/{full-resource-name}/{tag-value-name}''.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: tagstagkeys.tags.cnrm.cloud.google.com +spec: + group: tags.cnrm.cloud.google.com + names: + categories: + - gcp + kind: TagsTagKey + plural: tagstagkeys + shortNames: + - gcptagstagkey + - gcptagstagkeys + singular: tagstagkey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: User-assigned description of the TagKey. Must not exceed + 256 characters. + type: string + parent: + description: Immutable. Input only. The resource name of the new TagKey's + parent. Must be of the form organizations/{org_id} or projects/{project_id_or_number}. + type: string + purpose: + description: |- + Immutable. Optional. A purpose cannot be changed once set. + + A purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. Possible values: ["GCE_FIREWALL"]. + type: string + purposeData: + additionalProperties: + type: string + description: |- + Immutable. Optional. Purpose data cannot be changed once set. + + Purpose data corresponds to the policy system that the tag is intended for. For example, the GCE_FIREWALL purpose expects data in the following format: 'network = "/"'. + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + shortName: + description: |- + Immutable. Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. + + The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + type: string + required: + - parent + - shortName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Output only. Creation time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + name: + description: The generated numeric id for the TagKey. + type: string + namespacedName: + description: Output only. Namespaced name of the TagKey. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + Output only. Update time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: tagstagvalues.tags.cnrm.cloud.google.com +spec: + group: tags.cnrm.cloud.google.com + names: + categories: + - gcp + kind: TagsTagValue + plural: tagstagvalues + shortNames: + - gcptagstagvalue + - gcptagstagvalues + singular: tagstagvalue + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: User-assigned description of the TagValue. Must not exceed + 256 characters. + type: string + parentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `tagKeys/{{value}}`, + where {{value}} is the `name` field of a `TagsTagKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + shortName: + description: |- + Immutable. Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. + + The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + type: string + required: + - parentRef + - shortName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Output only. Creation time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + name: + description: The generated numeric id for the TagValue. + type: string + namespacedName: + description: Output only. Namespaced name of the TagValue. Will be + in the format {parentNamespace}/{tagKeyShortName}/{shortName}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + Output only. Update time. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: tpunodes.tpu.cnrm.cloud.google.com +spec: + group: tpu.cnrm.cloud.google.com + names: + categories: + - gcp + kind: TPUNode + plural: tpunodes + shortNames: + - gcptpunode + - gcptpunodes + singular: tpunode + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + acceleratorType: + description: Immutable. The type of hardware accelerators associated + with this node. + type: string + cidrBlock: + description: |- + Immutable. The CIDR block that the TPU node will use when selecting an IP + address. This CIDR block must be a /29 block; the Compute Engine + networks API forbids a smaller block, and using a larger block would + be wasteful (a node can only consume one IP address). + + Errors will occur if the CIDR block has already been used for a + currently existing TPU node, the CIDR block conflicts with any + subnetworks in the user's provided network, or the provided network + is peered with another network that is using that CIDR block. + type: string + description: + description: Immutable. The user-supplied description of the TPU. + Maximum of 512 characters. + type: string + network: + description: |- + Immutable. The name of a network to peer the TPU node to. It must be a + preexisting Compute Engine network inside of the project on which + this API has been activated. If none is provided, "default" will be + used. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + schedulingConfig: + description: Immutable. Sets the scheduling options for this TPU instance. + properties: + preemptible: + description: Immutable. Defines whether the TPU instance is preemptible. + type: boolean + required: + - preemptible + type: object + tensorflowVersion: + description: The version of Tensorflow running in the Node. + type: string + useServiceNetworking: + description: |- + Immutable. Whether the VPC peering for the node is set up through Service Networking API. + The VPC Peering should be set up before provisioning the node. If this field is set, + cidr_block field should not be specified. If the network that you want to peer the + TPU Node to is a Shared VPC network, the node must be created with this this field enabled. + type: boolean + zone: + description: Immutable. The GCP location for the TPU. If it is not + provided, the provider zone is used. + type: string + required: + - acceleratorType + - projectRef + - tensorflowVersion + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + networkEndpoints: + description: |- + The network endpoints where TPU workers can be accessed and sent work. + It is recommended that Tensorflow clients of the node first reach out + to the first (index 0) entry. + items: + properties: + ipAddress: + description: The IP address of this network endpoint. + type: string + port: + description: The port of this network endpoint. + type: integer + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + serviceAccount: + description: |- + The service account used to run the tensor flow services within the + node. To share resources, including Google Cloud Storage data, with + the Tensorflow job running in the Node, this account must have + permissions to that data. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaidatasets.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIDataset + plural: vertexaidatasets + shortNames: + - gcpvertexaidataset + - gcpvertexaidatasets + singular: vertexaidataset + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The user-defined name of the Dataset. The name can be + up to 128 characters long and can be consist of any UTF-8 characters. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for a + Dataset. If set, this Dataset and all sub-resources of this Dataset + will be secured by this key. + properties: + kmsKeyNameRef: + description: |- + Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. + The key needs to be in the same region as where the compute resource is created. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + metadataSchemaUri: + description: Immutable. Points to a YAML file stored on Google Cloud + Storage describing additional information about the Dataset. The + schema is defined as an OpenAPI 3.0.2 Schema Object. The schema + files that can be used here are found in gs://google-cloud-aiplatform/schema/dataset/metadata/. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the dataset. eg us-central1. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - metadataSchemaUri + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + createTime: + description: The timestamp of when the dataset was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + type: string + name: + description: The resource name of the Dataset. This value is set + by Google. + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The user-defined name of the Dataset. The name can be + up to 128 characters long and can be consist of any UTF-8 characters. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for a + Dataset. If set, this Dataset and all sub-resources of this Dataset + will be secured by this key. + properties: + kmsKeyNameRef: + description: |- + Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. + The key needs to be in the same region as where the compute resource is created. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + metadataSchemaUri: + description: Immutable. Points to a YAML file stored on Google Cloud + Storage describing additional information about the Dataset. The + schema is defined as an OpenAPI 3.0.2 Schema Object. The schema + files that can be used here are found in gs://google-cloud-aiplatform/schema/dataset/metadata/. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the dataset. eg us-central1. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - metadataSchemaUri + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + createTime: + description: The timestamp of when the dataset was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + type: string + name: + description: The resource name of the Dataset. This value is set + by Google. + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaiendpoints.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIEndpoint + plural: vertexaiendpoints + shortNames: + - gcpvertexaiendpoint + - gcpvertexaiendpoints + singular: vertexaiendpoint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the Endpoint. + type: string + displayName: + description: Required. The display name of the Endpoint. The name + can be up to 128 characters long and can consist of any UTF-8 characters. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for an + Endpoint. If set, this Endpoint and all sub-resources of this Endpoint + will be secured by this key. + properties: + kmsKeyNameRef: + description: |- + Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. + The key needs to be in the same region as where the compute resource is created. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyNameRef + type: object + networkRef: + description: |- + Optional. The full name of the Google Compute Engine network to which the Endpoint should be peered. + Private services access must already be configured for the network. If left unspecified, the Endpoint is not peered with any network. + Only one of the fields, network or enablePrivateServiceConnect, can be set. + Format: projects/{project_id}/global/networks/{network_name}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/global/networks/{{value}}`, + where {{value}} is the `name` field of a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region for the resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - displayName + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + createTime: + description: Output only. Timestamp when this Endpoint was created. + type: string + modelDeploymentMonitoringJob: + description: 'Output only. Resource name of the Model Monitoring + job associated with this Endpoint if monitoring is enabled by + CreateModelDeploymentMonitoringJob. Format: ''projects/{project}/locations/{location}/modelDeploymentMonitoringJobs/{model_deployment_monitoring_job}''.' + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the Endpoint. + type: string + displayName: + description: Required. The display name of the Endpoint. The name + can be up to 128 characters long and can consist of any UTF-8 characters. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for an + Endpoint. If set, this Endpoint and all sub-resources of this Endpoint + will be secured by this key. + properties: + kmsKeyNameRef: + description: |- + Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. + The key needs to be in the same region as where the compute resource is created. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyNameRef + type: object + networkRef: + description: |- + Optional. The full name of the Google Compute Engine network to which the Endpoint should be peered. + Private services access must already be configured for the network. If left unspecified, the Endpoint is not peered with any network. + Only one of the fields, network or enablePrivateServiceConnect, can be set. + Format: projects/{project_id}/global/networks/{network_name}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/global/networks/{{value}}`, + where {{value}} is the `name` field of a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region for the resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - displayName + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + createTime: + description: Output only. Timestamp when this Endpoint was created. + type: string + modelDeploymentMonitoringJob: + description: 'Output only. Resource name of the Model Monitoring + job associated with this Endpoint if monitoring is enabled by + CreateModelDeploymentMonitoringJob. Format: ''projects/{project}/locations/{location}/modelDeploymentMonitoringJobs/{model_deployment_monitoring_job}''.' + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaifeaturestoreentitytypefeatures.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIFeaturestoreEntityTypeFeature + plural: vertexaifeaturestoreentitytypefeatures + shortNames: + - gcpvertexaifeaturestoreentitytypefeature + - gcpvertexaifeaturestoreentitytypefeatures + singular: vertexaifeaturestoreentitytypefeature + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Description of the feature. + type: string + entitytype: + description: Immutable. The name of the Featurestore to use, in the + format projects/{project}/locations/{location}/featurestores/{featurestore}/entityTypes/{entitytype}. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + valueType: + description: Immutable. Type of Feature value. Immutable. https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featurestores.entityTypes.features#ValueType. + type: string + required: + - entitytype + - valueType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the entity type was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + etag: + description: Used to perform consistent read-modify-write updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: The region of the feature. + type: string + updateTime: + description: The timestamp when the entity type was most recently + updated in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaifeaturestoreentitytypes.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIFeaturestoreEntityType + plural: vertexaifeaturestoreentitytypes + shortNames: + - gcpvertexaifeaturestoreentitytype + - gcpvertexaifeaturestoreentitytypes + singular: vertexaifeaturestoreentitytype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. Description of the EntityType. + type: string + featurestore: + description: Immutable. The name of the Featurestore to use, in the + format projects/{project}/locations/{location}/featurestores/{featurestore}. + type: string + monitoringConfig: + description: |- + The default monitoring configuration for all Features under this EntityType. + + If this is populated with [FeaturestoreMonitoringConfig.monitoring_interval] specified, snapshot analysis monitoring is enabled. Otherwise, snapshot analysis monitoring is disabled. + properties: + categoricalThresholdConfig: + description: Threshold for categorical features of anomaly detection. + This is shared by all types of Featurestore Monitoring for categorical + features (i.e. Features with type (Feature.ValueType) BOOL or + STRING). + properties: + value: + description: Specify a threshold value that can trigger the + alert. For categorical feature, the distribution distance + is calculated by L-inifinity norm. Each feature must have + a non-zero threshold if they need to be monitored. Otherwise + no alert will be triggered for that feature. The default + value is 0.3. + type: number + required: + - value + type: object + importFeaturesAnalysis: + description: The config for ImportFeatures Analysis Based Feature + Monitoring. + properties: + anomalyDetectionBaseline: + description: |- + Defines the baseline to do anomaly detection for feature values imported by each [entityTypes.importFeatureValues][] operation. The value must be one of the values below: + * LATEST_STATS: Choose the later one statistics generated by either most recent snapshot analysis or previous import features analysis. If non of them exists, skip anomaly detection and only generate a statistics. + * MOST_RECENT_SNAPSHOT_STATS: Use the statistics generated by the most recent snapshot analysis if exists. + * PREVIOUS_IMPORT_FEATURES_STATS: Use the statistics generated by the previous import features analysis if exists. + type: string + state: + description: |- + Whether to enable / disable / inherite default hebavior for import features analysis. The value must be one of the values below: + * DEFAULT: The default behavior of whether to enable the monitoring. EntityType-level config: disabled. + * ENABLED: Explicitly enables import features analysis. EntityType-level config: by default enables import features analysis for all Features under it. + * DISABLED: Explicitly disables import features analysis. EntityType-level config: by default disables import features analysis for all Features under it. + type: string + type: object + numericalThresholdConfig: + description: Threshold for numerical features of anomaly detection. + This is shared by all objectives of Featurestore Monitoring + for numerical features (i.e. Features with type (Feature.ValueType) + DOUBLE or INT64). + properties: + value: + description: Specify a threshold value that can trigger the + alert. For numerical feature, the distribution distance + is calculated by Jensen–Shannon divergence. Each feature + must have a non-zero threshold if they need to be monitored. + Otherwise no alert will be triggered for that feature. The + default value is 0.3. + type: number + required: + - value + type: object + snapshotAnalysis: + description: The config for Snapshot Analysis Based Feature Monitoring. + properties: + disabled: + description: 'The monitoring schedule for snapshot analysis. + For EntityType-level config: unset / disabled = true indicates + disabled by default for Features under it; otherwise by + default enable snapshot analysis monitoring with monitoringInterval + for Features under it.' + type: boolean + monitoringInterval: + description: |- + DEPRECATED. `monitoring_interval` is deprecated and will be removed in a future release. Configuration of the snapshot analysis based monitoring pipeline running interval. The value is rolled up to full day. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + monitoringIntervalDays: + description: |- + Configuration of the snapshot analysis based monitoring pipeline running interval. The value indicates number of days. The default value is 1. + If both FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days and [FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval][] are set when creating/updating EntityTypes/Features, FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days will be used. + type: integer + stalenessDays: + description: Customized export features time window for snapshot + analysis. Unit is one day. The default value is 21 days. + Minimum value is 1 day. Maximum value is 4000 days. + type: integer + type: object + type: object + offlineStorageTtlDays: + description: Config for data retention policy in offline storage. + TTL in days for feature values that will be stored in offline storage. + The Feature Store offline storage periodically removes obsolete + feature values older than offlineStorageTtlDays since the feature + generation time. If unset (or explicitly set to 0), default to 4000 + days TTL. + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - featurestore + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the featurestore was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + etag: + description: Used to perform consistent read-modify-write updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: The region of the EntityType. + type: string + updateTime: + description: The timestamp of when the featurestore was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaifeaturestores.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIFeaturestore + plural: vertexaifeaturestores + shortNames: + - gcpvertexaifeaturestore + - gcpvertexaifeaturestores + singular: vertexaifeaturestore + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + encryptionSpec: + description: If set, both of the online and offline data storage will + be secured by this key. + properties: + kmsKeyName: + description: 'The Cloud KMS resource identifier of the customer + managed encryption key used to protect a resource. Has the form: + projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. + The key needs to be in the same region as where the compute + resource is created.' + type: string + required: + - kmsKeyName + type: object + forceDestroy: + description: If set to true, any EntityTypes and Features for this + Featurestore will also be deleted. + type: boolean + onlineServingConfig: + description: Config for online serving resources. + properties: + fixedNodeCount: + description: The number of nodes for each cluster. The number + of nodes will not scale automatically but can be scaled manually + by providing different values when updating. + type: integer + scaling: + description: Online serving scaling configuration. Only one of + fixedNodeCount and scaling can be set. Setting one will reset + the other. + properties: + maxNodeCount: + description: The maximum number of nodes to scale up to. Must + be greater than minNodeCount, and less than or equal to + 10 times of 'minNodeCount'. + type: integer + minNodeCount: + description: The minimum number of nodes to scale down to. + Must be greater than or equal to 1. + type: integer + required: + - maxNodeCount + - minNodeCount + type: object + type: object + onlineStorageTtlDays: + description: TTL in days for feature values that will be stored in + online serving storage. The Feature Store online storage periodically + removes obsolete feature values older than onlineStorageTtlDays + since the feature generation time. Note that onlineStorageTtlDays + should be less than or equal to offlineStorageTtlDays for each EntityType + under a featurestore. If not set, default to 4000 days. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the dataset. eg us-central1. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the featurestore was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + etag: + description: Used to perform consistent read-modify-write updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: The timestamp of when the featurestore was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaiindexendpoints.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIIndexEndpoint + plural: vertexaiindexendpoints + shortNames: + - gcpvertexaiindexendpoint + - gcpvertexaiindexendpoints + singular: vertexaiindexendpoint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the Index. + type: string + displayName: + description: The display name of the Index. The name can be up to + 128 characters long and can consist of any UTF-8 characters. + type: string + network: + description: |- + Immutable. The full name of the Google Compute Engine [network](https://cloud.google.com//compute/docs/networks-and-firewalls#networks) to which the index endpoint should be peered. + Private services access must already be configured for the network. If left unspecified, the index endpoint is not peered with any network. + [Format](https://cloud.google.com/compute/docs/reference/rest/v1/networks/insert): 'projects/{project}/global/networks/{network}'. + Where '{project}' is a project number, as in '12345', and '{network}' is network name. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + publicEndpointEnabled: + description: Immutable. If true, the deployed index will be accessible + through public endpoint. + type: boolean + region: + description: Immutable. The region of the index endpoint. eg us-central1. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the Index was created in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. + type: string + etag: + description: Used to perform consistent read-modify-write updates. + type: string + name: + description: The resource name of the Index. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + publicEndpointDomainName: + description: If publicEndpointEnabled is true, this field will be + populated with the domain name to use for this index endpoint. + type: string + updateTime: + description: The timestamp of when the Index was last updated in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaiindexes.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIIndex + plural: vertexaiindexes + shortNames: + - gcpvertexaiindex + - gcpvertexaiindexes + singular: vertexaiindex + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the Index. + type: string + displayName: + description: The display name of the Index. The name can be up to + 128 characters long and can consist of any UTF-8 characters. + type: string + indexUpdateMethod: + description: |- + Immutable. The update method to use with this Index. The value must be the followings. If not set, BATCH_UPDATE will be used by default. + * BATCH_UPDATE: user can call indexes.patch with files on Cloud Storage of datapoints to update. + * STREAM_UPDATE: user can call indexes.upsertDatapoints/DeleteDatapoints to update the Index and the updates will be applied in corresponding DeployedIndexes in nearly real-time. + type: string + metadata: + description: An additional information about the Index. + properties: + config: + description: Immutable. The configuration of the Matching Engine + Index. + properties: + algorithmConfig: + description: The configuration with regard to the algorithms + used for efficient search. + properties: + bruteForceConfig: + description: |- + Configuration options for using brute force search, which simply implements the + standard linear search in the database for each query. + type: object + x-kubernetes-preserve-unknown-fields: true + treeAhConfig: + description: |- + Configuration options for using the tree-AH algorithm (Shallow tree + Asymmetric Hashing). + Please refer to this paper for more details: https://arxiv.org/abs/1908.10396. + properties: + leafNodeEmbeddingCount: + description: Number of embeddings on each leaf node. + The default value is 1000 if not set. + type: integer + leafNodesToSearchPercent: + description: |- + The default percentage of leaf nodes that any query may be searched. Must be in + range 1-100, inclusive. The default value is 10 (means 10%) if not set. + type: integer + type: object + type: object + approximateNeighborsCount: + description: |- + The default number of neighbors to find via approximate search before exact reordering is + performed. Exact reordering is a procedure where results returned by an + approximate search algorithm are reordered via a more expensive distance computation. + Required if tree-AH algorithm is used. + type: integer + dimensions: + description: The number of dimensions of the input vectors. + type: integer + distanceMeasureType: + description: |- + The distance measure used in nearest neighbor search. The value must be one of the followings: + * SQUARED_L2_DISTANCE: Euclidean (L_2) Distance + * L1_DISTANCE: Manhattan (L_1) Distance + * COSINE_DISTANCE: Cosine Distance. Defined as 1 - cosine similarity. + * DOT_PRODUCT_DISTANCE: Dot Product Distance. Defined as a negative of the dot product. + type: string + featureNormType: + description: |- + Type of normalization to be carried out on each vector. The value must be one of the followings: + * UNIT_L2_NORM: Unit L2 normalization type + * NONE: No normalization type is specified. + type: string + shardSize: + description: |- + Immutable. Index data is split into equal parts to be processed. These are called "shards". + The shard size must be specified when creating an index. The value must be one of the followings: + * SHARD_SIZE_SMALL: Small (2GB) + * SHARD_SIZE_MEDIUM: Medium (20GB) + * SHARD_SIZE_LARGE: Large (50GB). + type: string + required: + - dimensions + type: object + contentsDeltaUri: + description: |- + Allows creating or replacing the contents of the Matching Engine Index. + When being updated, the existing content of the Index will be replaced by the data + from the latest contentsDeltaUri. + The string must be a valid Cloud Storage directory path. If this + field is set when calling IndexService.UpdateIndex, then no other + Index field can be also updated as part of the same call. + The expected structure and format of the files this URI points to is + described at https://cloud.google.com/vertex-ai/docs/matching-engine/using-matching-engine#input-data-format. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the index. eg us-central1. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + createTime: + description: The timestamp of when the Index was created in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. + type: string + indexStats: + description: Stats of the index resource. + items: + properties: + shardsCount: + description: The number of shards in the Index. + type: integer + vectorsCount: + description: The number of vectors in the Index. + type: string + type: object + type: array + metadataSchemaUri: + description: Points to a YAML file stored on Google Cloud Storage + describing additional information about the Index, that is specific + to it. Unset if the Index does not have any additional information. + type: string + name: + description: The resource name of the Index. + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the Index. + type: string + displayName: + description: The display name of the Index. The name can be up to + 128 characters long and can consist of any UTF-8 characters. + type: string + indexUpdateMethod: + description: |- + Immutable. The update method to use with this Index. The value must be the followings. If not set, BATCH_UPDATE will be used by default. + * BATCH_UPDATE: user can call indexes.patch with files on Cloud Storage of datapoints to update. + * STREAM_UPDATE: user can call indexes.upsertDatapoints/DeleteDatapoints to update the Index and the updates will be applied in corresponding DeployedIndexes in nearly real-time. + type: string + metadata: + description: An additional information about the Index. + properties: + config: + description: Immutable. The configuration of the Matching Engine + Index. + properties: + algorithmConfig: + description: The configuration with regard to the algorithms + used for efficient search. + properties: + bruteForceConfig: + description: |- + Configuration options for using brute force search, which simply implements the + standard linear search in the database for each query. + type: object + treeAhConfig: + description: |- + Configuration options for using the tree-AH algorithm (Shallow tree + Asymmetric Hashing). + Please refer to this paper for more details: https://arxiv.org/abs/1908.10396. + properties: + leafNodeEmbeddingCount: + description: Number of embeddings on each leaf node. + The default value is 1000 if not set. + type: integer + leafNodesToSearchPercent: + description: |- + The default percentage of leaf nodes that any query may be searched. Must be in + range 1-100, inclusive. The default value is 10 (means 10%) if not set. + type: integer + type: object + type: object + approximateNeighborsCount: + description: |- + The default number of neighbors to find via approximate search before exact reordering is + performed. Exact reordering is a procedure where results returned by an + approximate search algorithm are reordered via a more expensive distance computation. + Required if tree-AH algorithm is used. + type: integer + dimensions: + description: The number of dimensions of the input vectors. + type: integer + distanceMeasureType: + description: |- + The distance measure used in nearest neighbor search. The value must be one of the followings: + * SQUARED_L2_DISTANCE: Euclidean (L_2) Distance + * L1_DISTANCE: Manhattan (L_1) Distance + * COSINE_DISTANCE: Cosine Distance. Defined as 1 - cosine similarity. + * DOT_PRODUCT_DISTANCE: Dot Product Distance. Defined as a negative of the dot product. + type: string + featureNormType: + description: |- + Type of normalization to be carried out on each vector. The value must be one of the followings: + * UNIT_L2_NORM: Unit L2 normalization type + * NONE: No normalization type is specified. + type: string + shardSize: + description: |- + Immutable. Index data is split into equal parts to be processed. These are called "shards". + The shard size must be specified when creating an index. The value must be one of the followings: + * SHARD_SIZE_SMALL: Small (2GB) + * SHARD_SIZE_MEDIUM: Medium (20GB) + * SHARD_SIZE_LARGE: Large (50GB). + type: string + required: + - dimensions + type: object + contentsDeltaUri: + description: |- + Allows creating or replacing the contents of the Matching Engine Index. + When being updated, the existing content of the Index will be replaced by the data + from the latest contentsDeltaUri. + The string must be a valid Cloud Storage directory path. If this + field is set when calling IndexService.UpdateIndex, then no other + Index field can be also updated as part of the same call. + The expected structure and format of the files this URI points to is + described at https://cloud.google.com/vertex-ai/docs/matching-engine/using-matching-engine#input-data-format. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the index. eg us-central1. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + observedState: + description: The observed state of the underlying GCP resource. + properties: + createTime: + description: The timestamp of when the Index was created in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. + type: string + indexStats: + description: Stats of the index resource. + items: + properties: + shardsCount: + description: The number of shards in the Index. + type: integer + vectorsCount: + description: The number of vectors in the Index. + type: string + type: object + type: array + metadataSchemaUri: + description: Points to a YAML file stored on Google Cloud Storage + describing additional information about the Index, that is specific + to it. Unset if the Index does not have any additional information. + type: string + name: + description: The resource name of the Index. + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaimetadatastores.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIMetadataStore + plural: vertexaimetadatastores + shortNames: + - gcpvertexaimetadatastore + - gcpvertexaimetadatastores + singular: vertexaimetadatastore + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. Description of the MetadataStore. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for a + MetadataStore. If set, this MetadataStore and all sub-resources + of this MetadataStore will be secured by this key. + properties: + kmsKeyName: + description: |- + Immutable. Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the Metadata Store. eg us-central1. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the MetadataStore was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: State information of the MetadataStore. + items: + properties: + diskUtilizationBytes: + description: The disk utilization of the MetadataStore in bytes. + type: string + type: object + type: array + updateTime: + description: The timestamp of when the MetadataStore was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaitensorboards.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAITensorboard + plural: vertexaitensorboards + shortNames: + - gcpvertexaitensorboard + - gcpvertexaitensorboards + singular: vertexaitensorboard + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Description of this Tensorboard. + type: string + displayName: + description: User provided name of this Tensorboard. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for a + Tensorboard. If set, this Tensorboard and all sub-resources of this + Tensorboard will be secured by this key. + properties: + kmsKeyName: + description: |- + Immutable. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. + type: string + required: + - kmsKeyName + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the tensorboard. eg us-central1. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - projectRef + - region + type: object + status: + properties: + blobStoragePathPrefix: + description: Consumer project Cloud Storage path prefix used to store + blob data, which can either be a bucket or directory. Does not end + with a '/'. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the Tensorboard was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + name: + description: Name of the Tensorboard. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + runCount: + description: The number of Runs stored in this Tensorboard. + type: string + updateTime: + description: The timestamp of when the Tensorboard was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vpcaccessconnectors.vpcaccess.cnrm.cloud.google.com +spec: + group: vpcaccess.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VPCAccessConnector + plural: vpcaccessconnectors + shortNames: + - gcpvpcaccessconnector + - gcpvpcaccessconnectors + singular: vpcaccessconnector + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + ipCidrRange: + description: 'Immutable. The range of internal addresses that follows + RFC 4632 notation. Example: ''10.132.0.0/28''.' + type: string + location: + description: 'Location represents the geographical location of the + VPCAccessConnector. Specify a region name. Reference: GCP definition + of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + machineType: + description: Immutable. Machine type of VM Instance underlying connector. + Default is e2-micro. + type: string + maxInstances: + description: Immutable. Maximum value of instances in autoscaling + group underlying the connector. + type: integer + maxThroughput: + description: Immutable. Maximum throughput of the connector in Mbps, + must be greater than 'min_throughput'. Default is 300. + type: integer + minInstances: + description: Immutable. Minimum value of instances in autoscaling + group underlying the connector. + type: integer + minThroughput: + description: Immutable. Minimum throughput of the connector in Mbps. + Default and min is 200. + type: integer + networkRef: + description: Immutable. Name or self_link of the VPC network. Required + if 'ip_cidr_range' is set. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnet: + description: Immutable. The subnet in which to house the connector. + properties: + nameRef: + description: |- + Immutable. Subnet name (relative, not fully qualified). E.g. if the full subnet selfLink is + https://compute.googleapis.com/compute/v1/projects/{project}/regions/{region}/subnetworks/{subnetName} the correct input for this field would be {subnetName}" + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. Project in which the subnet exists. If + not set, this project is assumed to be the project for which + the connector create request was issued. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + connectedProjects: + description: List of projects using the connector. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The fully qualified name of this VPC connector. + type: string + state: + description: State of the VPC access connector. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: workflowsworkflows.workflows.cnrm.cloud.google.com +spec: + group: workflows.cnrm.cloud.google.com + names: + categories: + - gcp + kind: WorkflowsWorkflow + plural: workflowsworkflows + shortNames: + - gcpworkflowsworkflow + - gcpworkflowsworkflows + singular: workflowsworkflow + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cryptoKeyName: + description: |- + The KMS key used to encrypt workflow and execution data. + + Format: projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey}. + type: string + description: + description: Description of the workflow provided by the user. Must + be at most 1000 unicode characters long. + type: string + namePrefix: + description: Immutable. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the workflow. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccount: + description: |- + Name of the service account associated with the latest workflow version. This service + account represents the identity of the workflow and determines what permissions the workflow has. + Format: projects/{project}/serviceAccounts/{account} or {account}. + Using - as a wildcard for the {project} or not providing one at all will infer the project from the account. + The {account} value can be the email address or the unique_id of the service account. + If not provided, workflow will use the project's default service account. + Modifying this field for an existing workflow results in a new workflow revision. + type: string + sourceContents: + description: Workflow code to be executed. The size limit is 32KB. + type: string + required: + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the workflow was created in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + revisionId: + description: The revision of the workflow. A new one is generated + if the service account or source contents is changed. + type: string + state: + description: State of the workflow deployment. + type: string + updateTime: + description: The timestamp of when the workflow was last updated in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: workstationclusters.workstations.cnrm.cloud.google.com +spec: + group: workstations.cnrm.cloud.google.com + names: + categories: + - gcp + kind: WorkstationCluster + listKind: WorkstationClusterList + plural: workstationclusters + singular: workstationcluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: WorkstationCluster is the Schema for the WorkstationCluster API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: WorkstationClusterSpec defines the desired state of WorkstationCluster + properties: + annotations: + description: Optional. Client-specified annotations. + items: + properties: + key: + description: Key for the annotation. + type: string + value: + description: Value for the annotation. + type: string + type: object + type: array + displayName: + description: Optional. Human-readable name for this workstation cluster. + type: string + labels: + description: Optional. [Labels](https://cloud.google.com/workstations/docs/label-resources) + that are applied to the workstation cluster and that are also propagated + to the underlying Compute Engine resources. + items: + properties: + key: + description: Key for the label. + type: string + value: + description: Value for the label. + type: string + type: object + type: array + location: + description: The location of the cluster. + type: string + networkRef: + description: Immutable. Reference to the Compute Engine network in + which instances associated with this workstation cluster will be + created. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed Compute Network + resource. Should be in the format `projects//global/networks/`. + type: string + name: + description: The `name` field of a `ComputeNetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeNetwork` resource. + type: string + type: object + privateClusterConfig: + description: Optional. Configuration for private workstation cluster. + properties: + allowedProjects: + description: Optional. Additional projects that are allowed to + attach to the workstation cluster's service attachment. By default, + the workstation cluster's project and the VPC host project (if + different) are allowed. + items: + description: The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: The `projectID` field of a project, when not + managed by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional + but must be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + type: array + enablePrivateEndpoint: + description: Immutable. Whether Workstations endpoint is private. + type: boolean + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + resourceID: + description: Immutable. The WorkstationCluster name. If not given, + the metadata.name will be used. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + subnetworkRef: + description: Immutable. Reference to the Compute Engine subnetwork + in which instances associated with this workstation cluster will + be created. Must be part of the subnetwork specified for this workstation + cluster. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The ComputeSubnetwork selflink of form "projects/{{project}}/regions/{{region}}/subnetworks/{{name}}", + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `ComputeSubnetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeSubnetwork` resource. + type: string + type: object + required: + - networkRef + - projectRef + - subnetworkRef + type: object + status: + description: WorkstationClusterStatus defines the config connector machine + state of WorkstationCluster + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the WorkstationCluster resource + in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + clusterHostname: + description: Output only. Hostname for the workstation cluster. + This field will be populated only when private endpoint is enabled. + To access workstations in the workstation cluster, create a + new DNS zone mapping this domain name to an internal IP address + and a forwarding rule mapping that address to the service attachment. + type: string + controlPlaneIP: + description: Output only. The private IP address of the control + plane for this workstation cluster. Workstation VMs need access + to this IP address to work with the service, so make sure that + your firewall rules allow egress from the workstation VMs to + this address. + type: string + createTime: + description: Output only. Time when this workstation cluster was + created. + type: string + degraded: + description: Output only. Whether this workstation cluster is + in degraded mode, in which case it may require user action to + restore full functionality. Details can be found in [conditions][google.cloud.workstations.v1.WorkstationCluster.conditions]. + type: boolean + deleteTime: + description: Output only. Time when this workstation cluster was + soft-deleted. + type: string + etag: + description: Optional. Checksum computed by the server. May be + sent on update and delete requests to make sure that the client + has an up-to-date value before proceeding. + type: string + gcpConditions: + description: Output only. Status conditions describing the workstation + cluster's current state. + items: + properties: + code: + description: The status code, which should be an enum value + of [google.rpc.Code][google.rpc.Code]. + format: int32 + type: integer + message: + description: A developer-facing error message, which should + be in English. Any user-facing error message should be + localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] + field, or localized by the client. + type: string + type: object + type: array + reconciling: + description: Output only. Indicates whether this workstation cluster + is currently being updated to match its intended state. + type: boolean + serviceAttachmentUri: + description: Output only. Service attachment URI for the workstation + cluster. The service attachment is created when private endpoint + is enabled. To access workstations in the workstation cluster, + configure access to the managed service using [Private Service + Connect](https://cloud.google.com/vpc/docs/configure-private-service-connect-services). + type: string + uid: + description: Output only. A system-assigned unique identifier + for this workstation cluster. + type: string + updateTime: + description: Output only. Time when this workstation cluster was + most recently updated. + type: string + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: WorkstationCluster is the Schema for the WorkstationCluster API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: WorkstationClusterSpec defines the desired state of WorkstationCluster + properties: + annotations: + description: Optional. Client-specified annotations. + items: + properties: + key: + description: Key for the annotation. + type: string + value: + description: Value for the annotation. + type: string + type: object + type: array + displayName: + description: Optional. Human-readable name for this workstation cluster. + type: string + labels: + description: Optional. [Labels](https://cloud.google.com/workstations/docs/label-resources) + that are applied to the workstation cluster and that are also propagated + to the underlying Compute Engine resources. + items: + properties: + key: + description: Key for the label. + type: string + value: + description: Value for the label. + type: string + type: object + type: array + location: + description: The location of the cluster. + type: string + networkRef: + description: Immutable. Reference to the Compute Engine network in + which instances associated with this workstation cluster will be + created. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed Compute Network + resource. Should be in the format `projects//global/networks/`. + type: string + name: + description: The `name` field of a `ComputeNetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeNetwork` resource. + type: string + type: object + privateClusterConfig: + description: Optional. Configuration for private workstation cluster. + properties: + allowedProjects: + description: Optional. Additional projects that are allowed to + attach to the workstation cluster's service attachment. By default, + the workstation cluster's project and the VPC host project (if + different) are allowed. + items: + description: The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: The `projectID` field of a project, when not + managed by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional + but must be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + type: array + enablePrivateEndpoint: + description: Immutable. Whether Workstations endpoint is private. + type: boolean + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + resourceID: + description: Immutable. The WorkstationCluster name. If not given, + the metadata.name will be used. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + subnetworkRef: + description: Immutable. Reference to the Compute Engine subnetwork + in which instances associated with this workstation cluster will + be created. Must be part of the subnetwork specified for this workstation + cluster. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The ComputeSubnetwork selflink of form "projects/{{project}}/regions/{{region}}/subnetworks/{{name}}", + when not managed by Config Connector. + type: string + name: + description: The `name` field of a `ComputeSubnetwork` resource. + type: string + namespace: + description: The `namespace` field of a `ComputeSubnetwork` resource. + type: string + type: object + required: + - networkRef + - projectRef + - subnetworkRef + type: object + status: + description: WorkstationClusterStatus defines the config connector machine + state of WorkstationCluster + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the WorkstationCluster resource + in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + clusterHostname: + description: Output only. Hostname for the workstation cluster. + This field will be populated only when private endpoint is enabled. + To access workstations in the workstation cluster, create a + new DNS zone mapping this domain name to an internal IP address + and a forwarding rule mapping that address to the service attachment. + type: string + controlPlaneIP: + description: Output only. The private IP address of the control + plane for this workstation cluster. Workstation VMs need access + to this IP address to work with the service, so make sure that + your firewall rules allow egress from the workstation VMs to + this address. + type: string + createTime: + description: Output only. Time when this workstation cluster was + created. + type: string + degraded: + description: Output only. Whether this workstation cluster is + in degraded mode, in which case it may require user action to + restore full functionality. Details can be found in [conditions][google.cloud.workstations.v1.WorkstationCluster.conditions]. + type: boolean + deleteTime: + description: Output only. Time when this workstation cluster was + soft-deleted. + type: string + etag: + description: Optional. Checksum computed by the server. May be + sent on update and delete requests to make sure that the client + has an up-to-date value before proceeding. + type: string + gcpConditions: + description: Output only. Status conditions describing the workstation + cluster's current state. + items: + properties: + code: + description: The status code, which should be an enum value + of [google.rpc.Code][google.rpc.Code]. + format: int32 + type: integer + message: + description: A developer-facing error message, which should + be in English. Any user-facing error message should be + localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] + field, or localized by the client. + type: string + type: object + type: array + reconciling: + description: Output only. Indicates whether this workstation cluster + is currently being updated to match its intended state. + type: boolean + serviceAttachmentUri: + description: Output only. Service attachment URI for the workstation + cluster. The service attachment is created when private endpoint + is enabled. To access workstations in the workstation cluster, + configure access to the managed service using [Private Service + Connect](https://cloud.google.com/vpc/docs/configure-private-service-connect-services). + type: string + uid: + description: Output only. A system-assigned unique identifier + for this workstation cluster. + type: string + updateTime: + description: Output only. Time when this workstation cluster was + most recently updated. + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: workstationconfigs.workstations.cnrm.cloud.google.com +spec: + group: workstations.cnrm.cloud.google.com + names: + categories: + - gcp + kind: WorkstationConfig + listKind: WorkstationConfigList + plural: workstationconfigs + shortNames: + - gcpworkstationconfig + - gcpworkstationconfigs + singular: workstationconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: WorkstationConfig is the Schema for the WorkstationConfig API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: WorkstationConfigSpec defines the desired state of WorkstationConfig + properties: + annotations: + description: Optional. Client-specified annotations. + items: + properties: + key: + description: Key for the annotation. + type: string + value: + description: Value for the annotation. + type: string + type: object + type: array + container: + description: Optional. Container that runs upon startup for each workstation + using this workstation configuration. + properties: + args: + description: Optional. Arguments passed to the entrypoint. + items: + type: string + type: array + command: + description: Optional. If set, overrides the default ENTRYPOINT + specified by the image. + items: + type: string + type: array + env: + description: Optional. Environment variables passed to the container's + entrypoint. + items: + properties: + name: + description: Name is the name of the environment variable. + type: string + value: + description: Value is the value of the environment variable. + type: string + type: object + type: array + image: + description: |- + Optional. A Docker container image that defines a custom environment. + + Cloud Workstations provides a number of + [preconfigured + images](https://cloud.google.com/workstations/docs/preconfigured-base-images), + but you can create your own + [custom container + images](https://cloud.google.com/workstations/docs/custom-container-images). + If using a private image, the `host.gceInstance.serviceAccount` field + must be specified in the workstation configuration and must have + permission to pull the specified image. Otherwise, the image must be + publicly accessible. + type: string + runAsUser: + description: Optional. If set, overrides the USER specified in + the image with the given uid. + format: int32 + type: integer + workingDir: + description: Optional. If set, overrides the default DIR specified + by the image. + type: string + type: object + displayName: + description: Optional. Human-readable name for this workstation configuration. + type: string + encryptionKey: + description: |- + Immutable. Encrypts resources of this workstation configuration using a + customer-managed encryption key (CMEK). + + If specified, the boot disk of the Compute Engine instance and the + persistent disk are encrypted using this encryption key. If + this field is not set, the disks are encrypted using a generated + key. Customer-managed encryption keys do not protect disk metadata. + + If the customer-managed encryption key is rotated, when the workstation + instance is stopped, the system attempts to recreate the + persistent disk with the new version of the key. Be sure to keep + older versions of the key until the persistent disk is recreated. + Otherwise, data on the persistent disk might be lost. + + If the encryption key is revoked, the workstation session automatically + stops within 7 hours. + + Immutable after the workstation configuration is created. + properties: + kmsCryptoKeyRef: + description: Immutable. A reference to the Google Cloud KMS encryption + key. For example, `"projects/PROJECT_ID/locations/REGION/keyRings/KEY_RING/cryptoKeys/KEY_NAME"`. + The key must be in the same region as the workstation configuration. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed KMSCryptoKey. + Should be in the format `projects/[kms_project_id]/locations/[region]/keyRings/[key_ring_id]/cryptoKeys/[key]`. + type: string + name: + description: The `name` of a `KMSCryptoKey` resource. + type: string + namespace: + description: The `namespace` of a `KMSCryptoKey` resource. + type: string + type: object + serviceAccountRef: + description: Immutable. A reference to a service account to use + with the specified KMS key. We recommend that you use a separate + service account and follow KMS best practices. For more information, + see [Separation of duties](https://cloud.google.com/kms/docs/separation-of-duties) + and `gcloud kms keys add-iam-policy-binding` [`--member`](https://cloud.google.com/sdk/gcloud/reference/kms/keys/add-iam-policy-binding#--member). + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + host: + description: Optional. Runtime host for the workstation. + properties: + gceInstance: + description: Specifies a Compute Engine instance as the host. + properties: + bootDiskSizeGB: + description: Optional. The size of the boot disk for the VM + in gigabytes (GB). The minimum boot disk size is `30` GB. + Defaults to `50` GB. + format: int32 + type: integer + confidentialInstanceConfig: + description: Optional. A set of Compute Engine Confidential + VM instance options. + properties: + enableConfidentialCompute: + description: Optional. Whether the instance has confidential + compute enabled. + type: boolean + type: object + disablePublicIPAddresses: + description: Optional. When set to true, disables public IP + addresses for VMs. If you disable public IP addresses, you + must set up Private Google Access or Cloud NAT on your network. + If you use Private Google Access and you use `private.googleapis.com` + or `restricted.googleapis.com` for Container Registry and + Artifact Registry, make sure that you set up DNS records + for domains `*.gcr.io` and `*.pkg.dev`. Defaults to false + (VMs have public IP addresses). + type: boolean + enableNestedVirtualization: + description: |- + Optional. Whether to enable nested virtualization on Cloud Workstations + VMs created under this workstation configuration. + + Nested virtualization lets you run virtual machine (VM) instances + inside your workstation. Before enabling nested virtualization, + consider the following important considerations. Cloud Workstations + instances are subject to the [same restrictions as Compute Engine + instances](https://cloud.google.com/compute/docs/instances/nested-virtualization/overview#restrictions): + + * **Organization policy**: projects, folders, or + organizations may be restricted from creating nested VMs if the + **Disable VM nested virtualization** constraint is enforced in + the organization policy. For more information, see the + Compute Engine section, + [Checking whether nested virtualization is + allowed](https://cloud.google.com/compute/docs/instances/nested-virtualization/managing-constraint#checking_whether_nested_virtualization_is_allowed). + * **Performance**: nested VMs might experience a 10% or greater + decrease in performance for workloads that are CPU-bound and + possibly greater than a 10% decrease for workloads that are + input/output bound. + * **Machine Type**: nested virtualization can only be enabled on + workstation configurations that specify a + [machine_type][google.cloud.workstations.v1.WorkstationConfig.Host.GceInstance.machine_type] + in the N1 or N2 machine series. + * **GPUs**: nested virtualization may not be enabled on workstation + configurations with accelerators. + * **Operating System**: Because + [Container-Optimized + OS](https://cloud.google.com/compute/docs/images/os-details#container-optimized_os_cos) + does not support nested virtualization, when nested virtualization is + enabled, the underlying Compute Engine VM instances boot from an + [Ubuntu + LTS](https://cloud.google.com/compute/docs/images/os-details#ubuntu_lts) + image. + type: boolean + machineType: + description: Optional. The type of machine to use for VM instances—for + example, `"e2-standard-4"`. For more information about machine + types that Cloud Workstations supports, see the list of + [available machine types](https://cloud.google.com/workstations/docs/available-machine-types). + type: string + poolSize: + description: Optional. The number of VMs that the system should + keep idle so that new workstations can be started quickly + for new users. Defaults to `0` in the API. + format: int32 + type: integer + serviceAccountRef: + description: |- + Optional. A reference to the service account for Cloud + Workstations VMs created with this configuration. When specified, be + sure that the service account has `logginglogEntries.create` permission + on the project so it can write logs out to Cloud Logging. If using a + custom container image, the service account must have permissions to + pull the specified image. + + If you as the administrator want to be able to `ssh` into the + underlying VM, you need to set this value to a service account + for which you have the `iam.serviceAccounts.actAs` permission. + Conversely, if you don't want anyone to be able to `ssh` into the + underlying VM, use a service account where no one has that + permission. + + If not set, VMs run with a service account provided by the + Cloud Workstations service, and the image must be publicly + accessible. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `email` field of an `IAMServiceAccount` + resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + serviceAccountScopes: + description: Optional. Scopes to grant to the [service_account][google.cloud.workstations.v1.WorkstationConfig.Host.GceInstance.service_account]. + Various scopes are automatically added based on feature + usage. When specified, users of workstations under this + configuration must have `iam.serviceAccounts.actAs` on the + service account. + items: + type: string + type: array + shieldedInstanceConfig: + description: Optional. A set of Compute Engine Shielded instance + options. + properties: + enableIntegrityMonitoring: + description: Optional. Whether the instance has integrity + monitoring enabled. + type: boolean + enableSecureBoot: + description: Optional. Whether the instance has Secure + Boot enabled. + type: boolean + enableVTPM: + description: Optional. Whether the instance has the vTPM + enabled. + type: boolean + type: object + tags: + description: Optional. Network tags to add to the Compute + Engine VMs backing the workstations. This option applies + [network tags](https://cloud.google.com/vpc/docs/add-remove-network-tags) + to VMs created with this configuration. These network tags + enable the creation of [firewall rules](https://cloud.google.com/workstations/docs/configure-firewall-rules). + items: + type: string + type: array + type: object + type: object + idleTimeout: + description: |- + Optional. Number of seconds to wait before automatically stopping a + workstation after it last received user traffic. + + A value of `"0s"` indicates that Cloud Workstations VMs created with this + configuration should never time out due to idleness. + Provide + [duration](https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration) + terminated by `s` for seconds—for example, `"7200s"` (2 hours). + The default is `"1200s"` (20 minutes). + type: string + labels: + description: Optional. [Labels](https://cloud.google.com/workstations/docs/label-resources) + that are applied to the workstation configuration and that are also + propagated to the underlying Compute Engine resources. + items: + properties: + key: + description: Key for the label. + type: string + value: + description: Value for the label. + type: string + type: object + type: array + location: + description: The location of the WorkstationConfig. + type: string + parentRef: + description: Parent is a reference to the parent WorkstationCluster + for this WorkstationConfig. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: A reference to an externally managed WorkstationCluster + resource. Should be in the format "projects//locations//workstationClusters/". + type: string + name: + description: The name of a WorkstationCluster resource. + type: string + namespace: + description: The namespace of a WorkstationCluster resource. + type: string + type: object + persistentDirectories: + description: Optional. Directories to persist across workstation sessions. + items: + properties: + gcePD: + description: A PersistentDirectory backed by a Compute Engine + persistent disk. + properties: + diskType: + description: Optional. The [type of the persistent disk](https://cloud.google.com/compute/docs/disks#disk-types) + for the home directory. Defaults to `"pd-standard"`. + type: string + fsType: + description: Optional. Type of file system that the disk + should be formatted with. The workstation image must support + this file system type. Must be empty if [source_snapshot][google.cloud.workstations.v1.WorkstationConfig.PersistentDirectory.GceRegionalPersistentDisk.source_snapshot] + is set. Defaults to `"ext4"`. + type: string + reclaimPolicy: + description: Optional. Whether the persistent disk should + be deleted when the workstation is deleted. Valid values + are `DELETE` and `RETAIN`. Defaults to `DELETE`. + type: string + sizeGB: + description: |- + Optional. The GB capacity of a persistent home directory for each + workstation created with this configuration. Must be empty if + [source_snapshot][google.cloud.workstations.v1.WorkstationConfig.PersistentDirectory.GceRegionalPersistentDisk.source_snapshot] + is set. + + Valid values are `10`, `50`, `100`, `200`, `500`, or `1000`. + Defaults to `200`. If less than `200` GB, the + [disk_type][google.cloud.workstations.v1.WorkstationConfig.PersistentDirectory.GceRegionalPersistentDisk.disk_type] + must be + `"pd-balanced"` or `"pd-ssd"`. + format: int32 + type: integer + sourceSnapshot: + description: Optional. Name of the snapshot to use as the + source for the disk. If set, [size_gb][google.cloud.workstations.v1.WorkstationConfig.PersistentDirectory.GceRegionalPersistentDisk.size_gb] + and [fs_type][google.cloud.workstations.v1.WorkstationConfig.PersistentDirectory.GceRegionalPersistentDisk.fs_type] + must be empty. + type: string + type: object + mountPath: + description: Optional. Location of this directory in the running + workstation. + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + readinessChecks: + description: Optional. Readiness checks to perform when starting a + workstation using this workstation configuration. Mark a workstation + as running only after all specified readiness checks return 200 + status codes. + items: + properties: + path: + description: Optional. Path to which the request should be sent. + type: string + port: + description: Optional. Port to which the request should be sent. + format: int32 + type: integer + type: object + type: array + replicaZones: + description: |- + Optional. Immutable. Specifies the zones used to replicate the VM and disk + resources within the region. If set, exactly two zones within the + workstation cluster's region must be specified—for example, + `['us-central1-a', 'us-central1-f']`. If this field is empty, two default + zones within the region are used. + + Immutable after the workstation configuration is created. + items: + type: string + type: array + resourceID: + description: Immutable. The WorkstationConfig name. If not given, + the metadata.name will be used. + type: string + x-kubernetes-validations: + - message: ResourceID field is immutable + rule: self == oldSelf + runningTimeout: + description: |- + Optional. Number of seconds that a workstation can run until it is + automatically shut down. We recommend that workstations be shut down daily + to reduce costs and so that security updates can be applied upon restart. + The + [idle_timeout][google.cloud.workstations.v1.WorkstationConfig.idle_timeout] + and + [running_timeout][google.cloud.workstations.v1.WorkstationConfig.running_timeout] + fields are independent of each other. Note that the + [running_timeout][google.cloud.workstations.v1.WorkstationConfig.running_timeout] + field shuts down VMs after the specified time, regardless of whether or not + the VMs are idle. + + Provide duration terminated by `s` for seconds—for example, `"54000s"` + (15 hours). Defaults to `"43200s"` (12 hours). A value of `"0s"` indicates + that workstations using this configuration should never time out. If + [encryption_key][google.cloud.workstations.v1.WorkstationConfig.encryption_key] + is set, it must be greater than `"0s"` and less than + `"86400s"` (24 hours). + + Warning: A value of `"0s"` indicates that Cloud Workstations VMs created + with this configuration have no maximum running time. This is strongly + discouraged because you incur costs and will not pick up security updates. + type: string + required: + - parentRef + - projectRef + type: object + status: + description: WorkstationConfigStatus defines the config connector machine + state of WorkstationConfig + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the WorkstationConfig resource + in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + createTime: + description: Output only. Time when this workstation configuration + was created. + type: string + degraded: + description: Output only. Whether this resource is degraded, in + which case it may require user action to restore full functionality. + See also the [conditions][google.cloud.workstations.v1.WorkstationConfig.conditions] + field. + type: boolean + deleteTime: + description: Output only. Time when this workstation configuration + was soft-deleted. + type: string + etag: + description: Optional. Checksum computed by the server. May be + sent on update and delete requests to make sure that the client + has an up-to-date value before proceeding. + type: string + gcpConditions: + description: Output only. Status conditions describing the current + resource state. + items: + properties: + code: + description: The status code, which should be an enum value + of [google.rpc.Code][google.rpc.Code]. + format: int32 + type: integer + message: + description: A developer-facing error message, which should + be in English. Any user-facing error message should be + localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] + field, or localized by the client. + type: string + type: object + type: array + pooledInstances: + description: Output only. Number of instances currently available + in the pool for faster workstation startup. + format: int32 + type: integer + uid: + description: Output only. A system-assigned unique identifier + for this workstation configuration. + type: string + updateTime: + description: Output only. Time when this workstation configuration + was most recently updated. + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operator/channels/packages/configconnector/1.126.0-rc.1/namespaced/0-cnrm-system.yaml b/operator/channels/packages/configconnector/1.126.0-rc.1/namespaced/0-cnrm-system.yaml new file mode 100644 index 0000000000..fb54752168 --- /dev/null +++ b/operator/channels/packages/configconnector/1.126.0-rc.1/namespaced/0-cnrm-system.yaml @@ -0,0 +1,2826 @@ +apiVersion: v1 +kind: Namespace +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-resource-stats-recorder + namespace: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-unmanaged-detector + namespace: cnrm-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-manager + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-cnrm-system-role + namespace: cnrm-system +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-cnrm-system-role + namespace: cnrm-system +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/system: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + name: cnrm-admin +rules: +- apiGroups: + - accesscontextmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - alloydb.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apigateway.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apigee.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apikeys.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - appengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - artifactregistry.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - beyondcorp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigquery.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigqueryanalyticshub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigqueryconnection.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigquerydatapolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigquerydatatransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigqueryreservation.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - bigtable.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - billingbudgets.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - binaryauthorization.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - certificatemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudasset.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudbuild.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudfunctions.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudfunctions2.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudidentity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudids.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudiot.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudscheduler.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - cloudtasks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - compute.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - configcontroller.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - container.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - containeranalysis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - containerattached.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - datacatalog.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dataflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dataform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - datafusion.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dataproc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - datastore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - datastream.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - deploymentmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dialogflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dialogflowcx.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - discoveryengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dlp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - dns.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - documentai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - edgecontainer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - edgenetwork.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - essentialcontacts.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - eventarc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - filestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firebase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firebasedatabase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firebasehosting.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firebasestorage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - firestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - gkebackup.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - gkehub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - healthcare.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - iam.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - iap.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - identityplatform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - kms.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - logging.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - memcache.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - memorystore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - mlengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - monitoring.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networkconnectivity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networkmanagement.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networksecurity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - networkservices.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - notebooks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - orgpolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - osconfig.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - oslogin.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - privateca.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - privilegedaccessmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - pubsub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - pubsublite.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - recaptchaenterprise.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - redis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - resourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - run.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - secretmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - securesourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - securitycenter.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - servicedirectory.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - servicenetworking.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - serviceusage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - sourcerepo.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - spanner.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - sql.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - storage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - storagetransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tags.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tpu.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - vertexai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - vpcaccess.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - workflows.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - workstations.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-cluster-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - servicemappings + verbs: + - get + - list + - watch +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-ns-role +rules: +- apiGroups: + - "" + resources: + - events + - configmaps + - secrets + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-recorder-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-unmanaged-detector-cluster-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - list +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + creationTimestamp: null + labels: + cnrm.cloud.google.com/system: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: cnrm-viewer +rules: +- apiGroups: + - accesscontextmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - alloydb.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apigateway.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apigee.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apikeys.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - appengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - artifactregistry.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - beyondcorp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquery.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryanalyticshub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryconnection.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquerydatapolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquerydatatransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryreservation.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigtable.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - billingbudgets.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - binaryauthorization.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - certificatemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudasset.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudbuild.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudfunctions.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudfunctions2.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudidentity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudids.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudiot.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudscheduler.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudtasks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - compute.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - configcontroller.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - container.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - containeranalysis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - containerattached.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datacatalog.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dataflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dataform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datafusion.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dataproc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datastore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datastream.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - deploymentmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dialogflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dialogflowcx.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - discoveryengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dlp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dns.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - documentai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - edgecontainer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - edgenetwork.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - essentialcontacts.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - eventarc.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - filestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasedatabase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasehosting.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasestorage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firestore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - gkebackup.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - gkehub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - healthcare.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - iam.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - iap.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - identityplatform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - kms.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - logging.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - memcache.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - memorystore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - mlengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - monitoring.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networkconnectivity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networkmanagement.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networksecurity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - networkservices.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - notebooks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - orgpolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - osconfig.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - oslogin.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - privateca.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - privilegedaccessmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - pubsub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - pubsublite.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - recaptchaenterprise.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - redis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - resourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - run.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - secretmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - securesourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - securitycenter.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - servicedirectory.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - servicenetworking.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - serviceusage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - sourcerepo.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - spanner.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - sql.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - storage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - storagetransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - tags.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - tpu.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - vertexai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - vpcaccess.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - workflows.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - workstations.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-role +rules: +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - servicemappings + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-role-binding + namespace: cnrm-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cnrm-deletiondefender-cnrm-system-role +subjects: +- kind: ServiceAccount + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-role-binding + namespace: cnrm-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cnrm-webhook-cnrm-system-role +subjects: +- kind: ServiceAccount + name: cnrm-webhook-manager + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-admin-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-admin +subjects: +- kind: ServiceAccount + name: cnrm-unmanaged-detector + namespace: cnrm-system +- kind: ServiceAccount + name: cnrm-resource-stats-recorder + namespace: cnrm-system +- kind: ServiceAccount + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-deletiondefender-role +subjects: +- kind: ServiceAccount + name: cnrm-deletiondefender + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-recorder-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-recorder-role +subjects: +- kind: ServiceAccount + name: cnrm-resource-stats-recorder + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-unmanaged-detector-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-unmanaged-detector-cluster-role +subjects: +- kind: ServiceAccount + name: cnrm-unmanaged-detector + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-webhook-role +subjects: +- kind: ServiceAccount + name: cnrm-webhook-manager + namespace: cnrm-system +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender + namespace: cnrm-system +spec: + ports: + - name: deletiondefender + port: 443 + selector: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + prometheus.io/port: "48797" + prometheus.io/scrape: "true" + labels: + cnrm.cloud.google.com/monitored: "true" + cnrm.cloud.google.com/system: "true" + name: cnrm-resource-stats-recorder-service + namespace: cnrm-system +spec: + ports: + - name: metrics + port: 8888 + targetPort: 48797 + selector: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" + name: cnrm-resource-stats-recorder + namespace: cnrm-system +spec: + replicas: 1 + revisionHistoryLimit: 1 + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" + strategy: + type: Recreate + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-resource-stats-recorder + cnrm.cloud.google.com/system: "true" + spec: + containers: + - args: + - --prometheus-scrape-endpoint=:48797 + - --metric-interval=60 + command: + - /configconnector/recorder + env: + - name: CONFIG_CONNECTOR_VERSION + value: 1.126.0-rc.1 + image: gcr.io/gke-release/cnrm/recorder:1.126.0-rc.1 + imagePullPolicy: Always + name: recorder + ports: + - containerPort: 48797 + hostPort: 48797 + protocol: TCP + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 64Mi + requests: + cpu: 20m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + - command: + - /monitor + - --source=configconnector:http://localhost:48797?whitelisted=applied_resources_total&customResourceType=k8s_container&customLabels[container_name]&customLabels[project_id]&customLabels[location]&customLabels[cluster_name]&customLabels[namespace_name]=$(POD_NAMESPACE)&customLabels[pod_name]=$(POD_NAME) + - --stackdriver-prefix=kubernetes.io/internal/addons + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/gke-release/prometheus-to-sd:v0.11.12-gke.11 + name: prom-to-sd + securityContext: + allowPrivilegeEscalation: false + runAsNonRoot: true + enableServiceLinks: false + hostNetwork: true + serviceAccountName: cnrm-resource-stats-recorder + terminationGracePeriodSeconds: 10 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-webhook-manager + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook-manager + namespace: cnrm-system +spec: + revisionHistoryLimit: 1 + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-webhook-manager + cnrm.cloud.google.com/system: "true" + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-webhook-manager + cnrm.cloud.google.com/system: "true" + spec: + containers: + - command: + - /configconnector/webhook + env: + - name: GOMEMLIMIT + value: 110MiB + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/gke-release/cnrm/webhook:1.126.0-rc.1 + imagePullPolicy: Always + name: webhook + ports: + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 128Mi + requests: + cpu: 250m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + serviceAccountName: cnrm-webhook-manager + terminationGracePeriodSeconds: 10 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender + namespace: cnrm-system +spec: + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" + serviceName: cnrm-deletiondefender + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-deletiondefender + cnrm.cloud.google.com/system: "true" + spec: + containers: + - command: + - /configconnector/deletiondefender + image: gcr.io/gke-release/cnrm/deletiondefender:1.126.0-rc.1 + imagePullPolicy: Always + name: deletiondefender + ports: + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 1Gi + requests: + cpu: 250m + memory: 1Gi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + serviceAccountName: cnrm-deletiondefender + terminationGracePeriodSeconds: 10 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-unmanaged-detector + cnrm.cloud.google.com/system: "true" + name: cnrm-unmanaged-detector + namespace: cnrm-system +spec: + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-unmanaged-detector + cnrm.cloud.google.com/system: "true" + serviceName: unmanaged-detector + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-unmanaged-detector + cnrm.cloud.google.com/system: "true" + spec: + containers: + - command: + - /configconnector/unmanageddetector + image: gcr.io/gke-release/cnrm/unmanageddetector:1.126.0-rc.1 + imagePullPolicy: Always + name: unmanageddetector + ports: + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 1Gi + requests: + cpu: 250m + memory: 512Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + enableServiceLinks: false + serviceAccountName: cnrm-unmanaged-detector + terminationGracePeriodSeconds: 10 +--- +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + annotations: + autoscaling.alpha.kubernetes.io/metrics: '[{"type":"Resource","resource":{"name":"memory","targetAverageUtilization":70}}]' + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-webhook + namespace: cnrm-system +spec: + maxReplicas: 20 + minReplicas: 2 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: cnrm-webhook-manager + targetCPUUtilizationPercentage: 70 diff --git a/operator/channels/packages/configconnector/1.126.0-rc.1/namespaced/per-namespace-components.yaml b/operator/channels/packages/configconnector/1.126.0-rc.1/namespaced/per-namespace-components.yaml new file mode 100644 index 0000000000..68c1df040e --- /dev/null +++ b/operator/channels/packages/configconnector/1.126.0-rc.1/namespaced/per-namespace-components.yaml @@ -0,0 +1,191 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + iam.gke.io/gcp-service-account: cnrm-system-${NAMESPACE?}@${PROJECT_ID?}.iam.gserviceaccount.com + labels: + cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} + cnrm.cloud.google.com/system: "true" + name: cnrm-controller-manager-${NAMESPACE?} + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + finalizers: + - configconnector.cnrm.cloud.google.com/finalizer + labels: + cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} + cnrm.cloud.google.com/system: "true" + name: cnrm-admin-binding-${NAMESPACE?} + namespace: ${NAMESPACE?} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-admin +subjects: +- kind: ServiceAccount + name: cnrm-controller-manager-${NAMESPACE?} + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + finalizers: + - configconnector.cnrm.cloud.google.com/finalizer + labels: + cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-ns-binding-${NAMESPACE?} + namespace: ${NAMESPACE?} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-manager-ns-role +subjects: +- kind: ServiceAccount + name: cnrm-controller-manager-${NAMESPACE?} + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-ns-binding-${NAMESPACE?} + namespace: cnrm-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-manager-ns-role +subjects: +- kind: ServiceAccount + name: cnrm-controller-manager-${NAMESPACE?} + namespace: cnrm-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-cluster-binding-${NAMESPACE?} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cnrm-manager-cluster-role +subjects: +- kind: ServiceAccount + name: cnrm-controller-manager-${NAMESPACE?} + namespace: cnrm-system +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + prometheus.io/port: "8888" + prometheus.io/scrape: "true" + labels: + cnrm.cloud.google.com/monitored: "true" + cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-${NAMESPACE?} + namespace: cnrm-system +spec: + ports: + - name: controller-manager + port: 443 + - name: metrics + port: 8888 + selector: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} + cnrm.cloud.google.com/system: "true" +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} + cnrm.cloud.google.com/system: "true" + name: cnrm-controller-manager-${NAMESPACE?} + namespace: cnrm-system +spec: + selector: + matchLabels: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} + cnrm.cloud.google.com/system: "true" + serviceName: cnrm-manager-${NAMESPACE?} + template: + metadata: + annotations: + cnrm.cloud.google.com/version: 1.126.0-rc.1 + labels: + cnrm.cloud.google.com/component: cnrm-controller-manager + cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} + cnrm.cloud.google.com/system: "true" + spec: + containers: + - args: + - --scoped-namespace=${NAMESPACE?} + - --prometheus-scrape-endpoint=:8888 + command: + - /configconnector/manager + image: gcr.io/gke-release/cnrm/controller:1.126.0-rc.1 + imagePullPolicy: Always + name: manager + ports: + - containerPort: 23232 + readinessProbe: + httpGet: + path: /ready + port: 23232 + initialDelaySeconds: 7 + periodSeconds: 3 + resources: + limits: + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + runAsUser: 1000 + - command: + - /monitor + - --source=configconnector:http://localhost:8888?whitelisted=reconcile_requests_total,reconcile_request_duration_seconds,reconcile_workers_total,reconcile_occupied_workers_total,internal_errors_total&customResourceType=k8s_container&customLabels[container_name]&customLabels[project_id]&customLabels[location]&customLabels[cluster_name]&customLabels[namespace_name]=$(POD_NAMESPACE)&customLabels[pod_name]=$(POD_NAME) + - --stackdriver-prefix=kubernetes.io/internal/addons + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/gke-release/prometheus-to-sd:v0.11.12-gke.11 + name: prom-to-sd + securityContext: + allowPrivilegeEscalation: false + runAsNonRoot: true + enableServiceLinks: false + serviceAccountName: cnrm-controller-manager-${NAMESPACE?} + terminationGracePeriodSeconds: 10 diff --git a/operator/channels/stable b/operator/channels/stable index 950eec8b2a..b5e6dcbe65 100644 --- a/operator/channels/stable +++ b/operator/channels/stable @@ -1,2 +1,2 @@ manifests: - - version: 1.125.0 + - version: 1.126.0-rc.1 diff --git a/operator/config/autopilot/kustomization.yaml b/operator/config/autopilot/kustomization.yaml index 6c60ee7e20..5f15b43531 100644 --- a/operator/config/autopilot/kustomization.yaml +++ b/operator/config/autopilot/kustomization.yaml @@ -22,7 +22,7 @@ commonLabels: commonAnnotations: # Given our weekly release schedule, the version of the operator should remain the same of ConfigConnector Core, # if we have to release the operator independently with the KCC core, append extension e.g. 1.6.0-operator.x - cnrm.cloud.google.com/operator-version: "1.125.0" + cnrm.cloud.google.com/operator-version: "1.126.0-rc.1" bases: - ../crd diff --git a/operator/config/default/kustomization.yaml b/operator/config/default/kustomization.yaml index 908fe69866..41b9160c10 100644 --- a/operator/config/default/kustomization.yaml +++ b/operator/config/default/kustomization.yaml @@ -22,7 +22,7 @@ commonLabels: commonAnnotations: # Given our weekly release schedule, the version of the operator should remain the same of ConfigConnector Core, # if we have to release the operator independently with the KCC core, append extension e.g. 1.6.0-operator.x - cnrm.cloud.google.com/operator-version: "1.125.0" + cnrm.cloud.google.com/operator-version: "1.126.0-rc.1" bases: - ../crd diff --git a/operator/config/gke-addon/image_configmap.yaml b/operator/config/gke-addon/image_configmap.yaml index 7eba5fde0c..6fa4b51a66 100644 --- a/operator/config/gke-addon/image_configmap.yaml +++ b/operator/config/gke-addon/image_configmap.yaml @@ -1,10 +1,10 @@ apiVersion: v1 data: - cnrm.controller: gcr.io/gke-release/cnrm/controller:2fa0f72 - cnrm.deletiondefender: gcr.io/gke-release/cnrm/deletiondefender:2fa0f72 - cnrm.recorder: gcr.io/gke-release/cnrm/recorder:2fa0f72 - cnrm.unmanageddetector: gcr.io/gke-release/cnrm/unmanageddetector:2fa0f72 - cnrm.webhook: gcr.io/gke-release/cnrm/webhook:2fa0f72 + cnrm.controller: gcr.io/gke-release/cnrm/controller:1.126.0-rc.1 + cnrm.deletiondefender: gcr.io/gke-release/cnrm/deletiondefender:1.126.0-rc.1 + cnrm.recorder: gcr.io/gke-release/cnrm/recorder:1.126.0-rc.1 + cnrm.unmanageddetector: gcr.io/gke-release/cnrm/unmanageddetector:1.126.0-rc.1 + cnrm.webhook: gcr.io/gke-release/cnrm/webhook:1.126.0-rc.1 prom-to-sd: gcr.io/gke-release/prometheus-to-sd:v0.11.12-gke.11 kind: ConfigMap metadata: diff --git a/version/VERSION b/version/VERSION index 654331186d..7d6ebe4172 100644 --- a/version/VERSION +++ b/version/VERSION @@ -1 +1 @@ -1.124.0-rc.1 +1.126.0-rc.1